1.0.157.168	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	TH TO-S-2020-0331 Malicious Web Application Activity
1.0.192.0	21	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	TH TO-S-2020-0315 Malicious Web Application Activity
1.0.224.0	19	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	TH Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
1.1.1.1	24	BMP	None	2021-01-15 00:00:00	2021-04-15 00:00:00	None	CSCOacs_Failed_Attempts - 6hr Failed Logons (IP=1,AU)
1.1.189.0	24	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	TH TO-S-2020-0315 Malicious Web Application Activity
1.1.203.193	24	BMP	None	2021-06-08 00:00:00	2021-09-06 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6hr Failed Logons (IP=193,TH)
1.1.223.95	32	BMP	None	2021-01-26 00:00:00	2021-04-26 00:00:00	None	SQL injection - 6hr Web Attacks (IP=95,US)
1.10.136.0	21	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	TH Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
1.10.222.213	24	RW	None	2021-05-01 00:00:00	2021-08-01 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - Failed logons (IP=213,TH)
1.10.238.245	32	TLM	None	2021-06-10 00:00:00	2021-12-10 00:00:00	None	HIVE CASE #5606 TO-S-2021-1338
1.116.131.247	24	RR	None	2021-06-13 00:00:00	2021-09-11 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=247,CN)
1.116.133.76	24	CR	None	2021-05-06 00:00:00	2021-08-04 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6 hr web attack (IP=76,CN)
1.116.148.117	24	KH	None	2021-09-12 00:00:00	2021-12-11 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=117,CN)
1.116.202.20	24	AR	None	2021-07-18 00:00:00	2021-10-16 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6 Hr Web Attack (IP=20,CN)
1.116.205.196	32	wmp	None	2021-05-14 00:00:00	2021-08-14 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=196,CN)
1.116.223.165	24	RW	None	2021-04-29 00:00:00	2021-07-29 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Web attacks (IP=165,CN)
1.117.76.180	24	RW	None	2021-07-23 00:00:00	2021-10-21 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=180,CN)
1.117.83.150	24	BMP	None	2021-06-04 00:00:00	2021-09-03 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=150,CN) | updated by KD Block expiration extended with reason HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=150,CN)
1.117.93.44	24	SW	None	2021-09-06 00:00:00	2021-12-05 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - WebAttacks (IP=44, CN)
1.13.14.6	24	GLM	None	2021-04-04 00:00:00	2021-07-03 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=6,CN)
1.136.107.124	24	WR	None	2021-05-26 00:00:00	2021-08-24 00:00:00	None	SQL injection) - 6 hr web attacks
1.136.111.165	24	PS	None	2021-05-27 00:00:00	2021-08-25 00:00:00	None	SERVER-WEBAPP JBoss admin-console access - SourceFire (1:21517:6) (IP=165,AU)
1.14.193.122	24	RW	None	2021-08-02 00:00:00	2021-10-31 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=122,CN)
1.15.113.36	24	BMP	None	2021-06-23 00:00:00	2021-09-21 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt (1:51395:1) - SourceFire (IP=36,CN)
1.15.157.107	24	RB	None	2021-05-07 00:00:00	2021-08-05 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - 6hr web attack (IP=107,CN)
1.15.165.28	24	GLM	None	2021-04-05 00:00:00	2021-07-04 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=28,CN)
1.15.174.165	24	RB	None	2021-04-05 00:00:00	2021-07-04 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr web attacks (IP=165,CN)
1.15.175.155	24	BMP	None	2021-05-25 00:00:00	2021-08-23 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=155,CN)
1.15.177.56	24	RR	None	2021-04-01 00:00:00	2021-07-01 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt -SourceFire (IP=56,CN) | updated by BMP Block expiration extended with reason SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=56,CN)
1.15.230.87	24	RT	None	2021-07-10 00:00:00	2021-10-08 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - 6HR Web Attacks (IP=87,CN)
1.15.24.138	24	UA	None	2021-08-09 00:00:00	2021-11-07 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=138,CN)
1.15.251.206	32	srm	None	2021-04-07 00:00:00	2021-07-07 00:00:00	None	Firepower Suspicious Scan Activity (IP=206,CN)
1.15.54.65	24	FT	None	2021-03-30 00:00:00	2021-06-28 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=65,CN)
1.164.146.198	24	RW	None	2021-02-01 00:00:00	2021-05-01 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr web attacks (IP=198,TW)
1.164.242.163	24	BMP	None	2021-01-25 00:00:00	2021-04-25 00:00:00	None	SSH User Authentication Brute Force Attempt - 6hr Failed Logons (IP=163,TW)
1.165.7.62	24	RB	None	2021-04-26 00:00:00	2021-07-25 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - 6hr web attacks (IP=62,TW)
1.176.65.5	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	KR TO-S-2020-0298 Malicious Email Activity
1.179.167.218	24	RR	None	2021-05-31 00:00:00	2021-08-29 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - Failed Logons (IP=218,TH)
1.179.174.0	24	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	TH TO-S-2021-1007 Malware Activity
1.186.253.14	24	BMP	None	2020-12-22 00:00:00	2021-03-22 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6hr Failed Logons (IP=14,IN)
1.2.221.126	24	AR	None	2021-07-08 00:00:00	2021-10-06 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6 hr Failed Logons (IP=126,TH)
1.2.240.0	21	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	TH Hive Case 4187 TO-S-2021-0898 Malware Activity
1.20.161.120	24	RR	None	2021-01-19 00:00:00	2021-04-19 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - SourceFire (IP=120,TH)
1.20.192.0	19	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	TH TO-S-2021-0876 Hive Case 4166 Malware Activity
1.20.88.0	24	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	TH TO-S-2020-0838 Malware Activity
1.200.240.0	21	TLM	None	2021-07-29 00:00:00	2021-10-27 00:00:00	None	HIVE Case #5884 TO-S-2021-1435 (IP=0,TW)
1.202.47.138	32	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5629 TO-S-2021-1303 (IP=138,CN)
1.202.9.172	24	KD	None	2021-06-04 00:00:00	2021-09-03 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (1:42857:3)- Source Fire (IP=172,CN)
1.202.99.78	24	RW	None	2021-03-31 00:00:00	2021-06-30 00:00:00	None	SERVER-APACHE Apache Struts remote code execution attempt - Sourcefire (IP=78,CN)
1.214.40.18	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	KR TO-S-2020-0331 Malicious Web Application Activity
1.22.197.123	24	GM	None	2020-12-25 00:00:00	2021-03-25 00:00:00	None	Generic URI Injection wget Attempt - Web Attacks (IP=123,IN)
1.22.229.0	24	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	IN TO-S-2020-0298 Malicious Email Activity
1.224.51.22	24	BMP	None	2021-02-06 00:00:00	2021-05-06 00:00:00	None	FTP Login Failed - 6hr Failed Logons (IP=22,KR)
1.232.65.116	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	KR TO-S-2020-0303 Malicious Email Activity
1.236.152.160	24	RB	None	2021-03-09 00:00:00	2021-06-07 00:00:00	None	SERVER-WEBAPP LifeRay arbitrary Java object deserialization attempt - Sourcefire (IP=160,KR)
1.243.200.130	32	wmp	None	2020-08-20 00:00:00	2021-10-08 00:00:00	None	HIVE Case #3630 CTO-20-231 (IP=130,KR) | updated by dbc Block expiration extended with reason HIVE Case #4064 TO-S-2020-0859 (IP=130,KR)
1.246.222.63	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	KR TO-S-2020-0331 Malicious Email Activity
1.32.219.132	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	SG Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
1.33.193.220	24	RW	None	2021-06-17 00:00:00	2021-09-15 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - SourceFire (IP=220,JP)
1.34.122.44	24	RR	None	2020-11-24 00:00:00	2021-02-22 00:00:00	None	OS-OTHER Bash CGI environment variable injection attempt - SourceFire (IP=44,TW)
1.36.124.230	24	DT	None	2021-06-24 00:00:00	2021-09-22 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (1:42857:3) - Source Fire (IP=230,HK)
1.39.78.100	32	srm	None	2021-05-19 00:00:00	2021-08-17 00:00:00	None	Firepower Suspicious Scan Activity (IP=100,IN)
1.39.78.100	24	BMP	None	2021-06-10 00:00:00	2021-09-08 00:00:00	None	MULTIPLE UNRECOGNIZED TECHNIQUES; FORWARD TO DEV TEAM (IP=100,IN)
1.4.128.0	19	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,TH)
1.4.171.10	24	RR	None	2021-02-03 00:00:00	2021-05-04 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - SourceFire (IP=10,TH)
1.43.153.65	24	RW	None	2021-06-17 00:00:00	2021-09-15 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - SourceFire (IP=65,AU)
1.52.120.187	24	RW	None	2021-08-17 00:00:00	2021-11-15 00:00:00	None	SERVER-WEBAPP VMware View Planner logupload arbitrary file upload attempt - Web Attacks (IP=187,VN)
1.52.168.105	24	RR	None	2021-09-07 00:00:00	2021-12-06 00:00:00	None	SQL injection - Web Attacks (IP=105,VN)
1.52.192.170	24	RB	None	2021-05-10 00:00:00	2021-08-08 00:00:00	None	SERVER-WEBAPP NUUO NVRmini upgrade_handle.php command injection attempt - 6hr web attacks (IP=170,VN)
1.52.204.146	24	AR	None	2021-07-11 00:00:00	2021-10-09 00:00:00	None	SERVER-WEBAPP Facade Ignition remote code execution attempt (1:57872:1) - SourceFire (IP=146,VN)
1.53.11.32	24	KH	None	2021-07-16 00:00:00	2021-10-14 00:00:00	None	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt (1:41420:2) - SourceFire (IP=32,VN)
1.53.151.212	24	AR	None	2021-05-21 00:00:00	2021-08-20 00:00:00	None	POLICY-OTHER F5 iControl REST interface tm.util.bash invocation attempt (1:57336:1) - SourceFire Report (IP=212,VN) | updated by RR Block expiration extended with reason POLICY-OTHER F5 iControl REST interface tm.util.bash invocation attempt - SourceFir
1.53.151.212	24	RR	None	2021-05-22 00:00:00	2021-08-20 00:00:00	None	POLICY-OTHER F5 iControl REST interface tm.util.bash invocation attempt (1:57336:1) - SourceFire Report (IP=212,VN) | updated by RR Block expiration extended with reason POLICY-OTHER F5 iControl REST interface tm.util.bash invocation attempt - SourceFir
1.53.206.84	24	SW	None	2021-07-22 00:00:00	2021-10-20 00:00:00	None	SERVER-APACHE Apache Tomcat remote JSP file upload attempt (1:44531:3) - SourceFire (IP=84, VN)
1.53.218.195	24	DT	None	2021-06-18 00:00:00	2021-09-16 00:00:00	None	HTTP: SugarCRM REST Unserialize PHP Code Execution - Web Attacks (IP=195,VN)
1.53.27.189	24	SW	None	2021-09-02 00:00:00	2021-12-01 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - Failed Logons (IP=189,VN)
1.53.3.3	24	AR	None	2021-07-10 00:00:00	2021-10-08 00:00:00	None	SERVER-WEBAPP Facade Ignition remote code execution attempt - 6 Hr Web Attack (IP=3,VN)
1.55.254.245	24	KD	None	2021-06-03 00:00:00	2021-09-03 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt (1:19559:13) - Source Fire (IP=245,VN)
1.6.112.0	22	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	IN TO-S-2020-0331 Malware Activity
1.6.112.157	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	IN TO-S-2020-0331 Malicious Reconnaissance Activity
1.6.135.164	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firep0wer Suspicious Scan Activity (IP=164,IN)
1.7.140.0	22	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	IN Hive Case 4237 TO-S-2021-0910 Malware Activity
1.81.197.81	24	KH	None	2021-08-17 00:00:00	2021-11-15 00:00:00	None	Generic URI Injection wget Attempt -
1.84.0.93	24	GM	None	2020-12-19 00:00:00	2021-03-19 00:00:00	None	Generic URI Injection wget Attempt - FireEye CMS (IP=93,CN)
1.84.1.34	24	GM	None	2021-01-07 00:00:00	2021-04-07 00:00:00	None	Generic URI Injection wget Attempt - FireEye CMS (IP=34,CN)
1.84.7.137	24	GM	None	2020-12-27 00:00:00	2021-03-27 00:00:00	None	Generic URI Injection wget Attempt - FireEye CMS (IP=137,CN)
100.0.176.235	32	BMP	None	2021-04-02 00:00:00	2021-07-01 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=235,US)
100.14.64.143	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=143,US)
100.24.12.143	32	RW	None	2021-07-08 00:00:00	2021-10-06 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire (IP=143,US)
100.24.56.206	32	RT	None	2021-06-23 00:00:00	2021-09-21 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire Report (IP=206,US)
100.26.183.155	32	KD	None	2021-06-14 00:00:00	2021-09-13 00:00:00	None	SERVER-OTHER limitedRSAciphersuitelist-possible Bleichenbacher SSL attack attempt(1:45200:2) - Source fire (IP=155,US)
100.26.189.65	32	KH	None	2021-06-30 00:00:00	2021-09-28 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=65,US)
100.26.218.50	32	RT	None	2021-07-01 00:00:00	2021-09-29 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - Sourcefire Report (IP=,US)
100.26.23.185	32	ZH	None	2021-07-03 00:00:00	2021-10-01 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire Rpt (IP=185,US)
100.26.239.186	32	GM	None	2021-03-29 00:00:00	2021-06-29 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=186,US)
100.26.45.10	32	CR	None	2021-05-31 00:00:00	2021-08-29 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=10,US)
100.26.48.80	32	GM	None	2021-03-09 00:00:00	2021-06-07 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=80,US)
100.36.83.123	32	RW	None	2021-07-23 00:00:00	2021-10-21 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - Web Attacks (IP=123,US)
100.42.77.104	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
101.0.102.242	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	AU TO-S-2020-0535 Malicious Email Activity
101.0.108.18	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	AU Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
101.0.112.233	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	AU TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
101.0.119.44	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=44,AU)
101.0.32.92	24	GM	None	2020-10-14 00:00:00	2021-01-14 00:00:00	None	Generic URI Injection wget Attempt - FireEye CMS (IP=92,IN)
101.0.34.12	24	GM	None	2020-12-27 00:00:00	2021-03-27 00:00:00	None	Generic URI Injection wget Attempt - FireEye CMS (IP=12,IN)
101.0.34.202	32	srm	None	2021-05-17 00:00:00	2021-08-15 00:00:00	None	Firepower Suspicious Scan Activity (IP=202,IN)
101.0.41.127	24	KH	None	2021-07-22 00:00:00	2021-10-20 00:00:00	None	Generic URI Injection wget Attempt - FE IPS (IP=127,CN)
101.0.41.182	24	GM	None	2021-01-30 00:00:00	2021-04-30 00:00:00	None	Generic URI Injection wget Attempt - FireEye CMS (IP=182,IN)
101.0.49.220	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=220,IN)
101.0.49.70	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=70,IN)
101.0.50.70	32	wmp	None	2021-05-10 00:00:00	2021-08-10 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=70,IN)
101.0.54.15	32	srm	None	2021-04-22 00:00:00	2021-07-21 00:00:00	None	Firepower Suspicious Scan Activity (IP=15,IN)
101.0.54.71	32	wmp	None	2021-04-30 00:00:00	2021-07-30 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=71,IN)
101.108.0.0	20	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	TH TO-S-2020-0298 Malicious Email Activity
101.108.128.90	32	wmp	None	2021-05-05 00:00:00	2021-08-05 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=90,TH)
101.108.140.161	24	GM	None	2020-12-27 00:00:00	2021-03-27 00:00:00	None	Generic URI Injection wget Attempt - FireEye CMS (IP=161,TH)
101.108.160.0	19	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	TH Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
101.108.162.137	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	TH TO-S-2020-0303 Malicious Email Activity
101.108.46.181	32	TLM	None	2021-06-10 00:00:00	2021-12-10 00:00:00	None	HIVE CASE #5606 TO-S-2021-1338
101.108.48.46	24	RR	None	2021-06-14 00:00:00	2021-09-12 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - Failed Logons (IP=46,TH)
101.108.64.0	19	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	TH Hive Case 4237 TO-S-2021-0910 Malware Activity
101.108.96.0	19	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	TH Hive Case 4187 TO-S-2021-0898 Malware Activity
101.109.121.61	24	EE	None	2021-01-20 00:00:00	2021-04-21 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt (1:19559:13) - SourceFire (IP=61,TH) | updated by RB Block expiration extended with reason INDICATOR-SCAN SSH brute force login attempt - Sourcefire (IP=61,TH)
101.109.128.0	19	jkc	None	2021-04-21 00:00:00	2021-10-21 00:00:00	None	Case # 5273 IOC_TO-S-2021-1233 Malicious callback IP
101.109.177.238	32	RR	None	2020-10-19 00:00:00	2021-01-17 00:00:00	None	vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 21C00155 (IP=238,TH)
101.109.213.82	24	DT	None	2021-07-01 00:00:00	2021-09-29 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - Failed Logons (IP=82,TH) | updated by DT Block was inactive. Reactivated on 20210701 with reason INDICATOR-SCAN SSH brute force login attempt - Failed Logons (IP=82,TH)
101.109.22.107	24	BMP	None	2021-06-25 00:00:00	2021-09-23 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6hr Failed Logons (IP=107,TH)
101.109.29.86	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	TH TO-S-2020-0303 Malicious Email Activity
101.109.32.186	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	TH TO-S-2020-0331 Malicious Web Application Activity
101.109.80.35	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	TH TO-S-2020-0535 Malware Activity
101.109.83.245	32	NAB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HIVE Case #5136 TO-S-21-1197 TO-S-21-1197.01 (IP=245,TH)
101.127.231.242	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	TR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
101.128.64.0	22	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	ID Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
101.128.67.72	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=72,ID)
101.128.72.0	22	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	ID TO-S-2020-0298 Malicious Email Activity
101.128.77.7	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=7,ID)
101.132.109.138	24	ZH	None	2021-07-24 00:00:00	2021-10-22 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - Sourcefire Rpt (IP=138,CN)
101.132.124.25	24	KH	None	2021-07-22 00:00:00	2021-10-20 00:00:00	None	HP Universal CMDB Server Axis2 Default Credentials Remote Code Execution - FE IPS (IP=25,CN)
101.132.134.150	32	srm	None	2021-04-07 00:00:00	2021-07-07 00:00:00	None	Firepower Suspicious Scan Activity (IP=150,CN)
101.132.142.126	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=126,CN)
101.132.148.250	24	AR	None	2021-08-22 00:00:00	2021-11-20 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire Report (IP=250,CN)
101.132.155.177	24	KD	None	2021-06-15 00:00:00	2021-09-14 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - Source fire (IP=177,CN)
101.132.157.120	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=120,CN)
101.132.187.31	24	RT	None	2021-09-14 00:00:00	2021-12-13 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - 6HR WebAttack (IP=31,CN)
101.132.26.161	32	srm	None	2021-04-07 00:00:00	2021-07-07 00:00:00	None	Firepower Suspicious Scan Activity (IP=161,CN)
101.132.72.126	24	BMP	None	2021-03-27 00:00:00	2021-06-25 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - 6hr Web Attacks (IP=126,CN)
101.133.138.180	24	BMP	None	2021-09-15 00:00:00	2021-12-14 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - WebAttacks (IP=180,CN)
101.133.150.69	32	srm	None	2021-04-07 00:00:00	2021-07-07 00:00:00	None	Firepower Suspicious Scan Activity (IP=69,CN)
101.133.166.173	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=173,CN)
101.133.171.183	24	RR	None	2021-05-30 00:00:00	2021-08-28 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=183,CN)
101.133.172.73	24	RR	None	2021-03-29 00:00:00	2021-06-27 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=73,CN)
101.133.213.56	32	wmp	None	2021-02-17 00:00:00	2021-05-17 00:00:00	None	Firepower Suspicious Scan Activity (IP=56,CN)
101.133.229.36	24	RW	None	2021-04-18 00:00:00	2021-07-18 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web attacks (IP=36,CN)
101.16.183.179	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=179,CN)
101.16.98.170	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=170,CN)
101.198.176.62	24	FT	None	2021-03-20 00:00:00	2021-06-18 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=62,CN)
101.200.191.22	24	RT	None	2021-07-14 00:00:00	2021-10-12 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt (1:48837:6) - Sourcefire Report (IP=22,CN)
101.200.226.138	24	GLM	None	2021-04-05 00:00:00	2021-07-04 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=138,CN)
101.200.59.41	24	GM	None	2021-04-02 00:00:00	2021-07-02 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=41,CN)
101.200.72.191	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=191,CN)
101.201.232.235	24	BMP	None	2021-03-27 00:00:00	2021-08-12 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - 6hr Web Attacks (IP=235,CN) | updated by RR Block expiration extended with reason HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=235,CN)
101.201.30.129	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=129,CN)
101.201.48.57	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	HIVE Case #Firepower Firepower (IP=57,CN)
101.201.56.187	24	RB	None	2021-03-30 00:00:00	2021-06-28 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Sourcefire (IP=187,CN)
101.224.55.108	24	BMP	None	2021-01-19 00:00:00	2021-04-19 00:00:00	None	Attempted Generic PHP Webshell Drop - FireEye CMS (IP=108,CN)
101.228.102.233	24	RR	None	2020-10-22 00:00:00	2021-01-20 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - SourceFire (IP=233,CN)
101.23.203.64	24	RR	None	2021-01-07 00:00:00	2021-04-07 00:00:00	None	Generic URI Injection wget Attempt - IPS Events (IP=64,CN)
101.230.223.206	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=206,CN)
101.231.2.250	24	RR	None	2021-02-27 00:00:00	2021-06-16 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=250,CN) | updated by RB Block expiration extended with reason SERVER-WEBAPP vBulletin template rendering arbitrary PHP code execution attempt - 6hr web attack
101.255.122.146	24	RB	None	2021-05-23 00:00:00	2021-08-21 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=146,ID)
101.28.105.132	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=132,CN)
101.28.93.184	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=184,CN)
101.32.11.226	24	BMP	None	2021-08-07 00:00:00	2021-11-05 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire (IP=226,HK)
101.32.15.107	24	UA	None	2021-08-09 00:00:00	2021-11-07 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire (IP=107,HK)
101.32.190.157	24	EE	None	2021-04-03 00:00:00	2021-08-21 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=157,HK) | updated by RW Block expiration extended with reason HTTP: ThinkPHP CMS Getshell Vulnerability - web attacks (IP=157,HK) | updated by RR Block expiration ext
101.32.203.37	24	RW	None	2020-11-12 00:00:00	2021-02-12 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr web attacks (IP=37,CN)
101.32.205.58	24	DT	None	2021-07-22 00:00:00	2021-10-20 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Source Fire (IP=58,HK)
101.32.29.117	24	DT	None	2021-06-25 00:00:00	2021-09-23 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Source Fire (IP=117,HK)
101.32.40.111	24	RT	None	2021-09-20 00:00:00	2021-12-19 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire Report (IP=111,HK)
101.32.41.130	24	RT	None	2021-07-14 00:00:00	2021-10-12 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire Report (IP=130,HK)
101.32.45.93	24	RT	None	2021-07-14 00:00:00	2021-10-12 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire Report (IP=93,HK)
101.32.82.6	24	RT	None	2021-09-19 00:00:00	2021-12-18 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire Report (IP=6,IN)
101.33.118.231	24	BMP	None	2020-12-04 00:00:00	2021-03-04 00:00:00	None	SSH User Authentication Brute Force Attempt - 6hr Failed Logons (IP=231,CN)
101.33.120.87	24	AR	None	2021-07-06 00:00:00	2021-10-04 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire (IP=87,HK)
101.33.122.243	24	RR	None	2021-01-19 00:00:00	2021-04-19 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt (1:19559:13) - SourceFire (IP=243,HK)
101.33.45.207	24	BMP	None	2021-06-26 00:00:00	2021-09-24 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire (IP=207,SG)
101.33.68.98	24	RT	None	2021-07-14 00:00:00	2021-10-12 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire Report (IP=98,KR)
101.33.75.149	24	RT	None	2021-06-29 00:00:00	2021-09-27 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire Report (IP=149,KR)
101.33.76.45	24	KH	None	2021-08-06 00:00:00	2021-11-04 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire (IP=45,KR)
101.35.115.176	32	RT	None	2021-09-25 00:00:00	2021-12-24 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 21C01949 (IP=176,US)
101.36.109.176	32	wmp	None	2021-06-02 00:00:00	2021-09-02 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=176,HK)
101.36.126.11	32	wmp	None	2020-10-22 00:00:00	2021-01-20 00:00:00	None	HIVE Case #4172 CTO-20-295 (IP=11,CN)
101.36.181.186	24	RB	None	2020-10-30 00:00:00	2021-01-28 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability 6hr web attacks (IP=186,CN)
101.37.148.111	24	BMP	None	2021-04-02 00:00:00	2021-07-01 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=111,CN)
101.37.168.189	24	BMP	None	2021-03-27 00:00:00	2021-06-25 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=189,CN)
101.37.76.202	24	GM	None	2021-03-20 00:00:00	2021-06-18 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=202,CN)
101.37.83.109	24	RB	None	2021-04-13 00:00:00	2021-07-12 00:00:00	None	SERVER-APACHE Apache Struts remote code execution attempt - Sourcefire (IP=109,CN)
101.50.108.35	24	KH	None	2021-06-30 00:00:00	2021-09-28 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt (1:19559:13) - SourceFire (IP=35,PK)
101.50.75.39	24	RR	None	2021-04-23 00:00:00	2021-07-23 00:00:00	None	SERVER-WEBAPP Liferay arbitrary Java object deserialization attempt - Web Attacks (IP=39,PK)
101.51.144.253	32	BMP	None	2020-05-27 00:00:00	2021-01-03 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C02929 (IP=253,TH) | updated by FT Block was inactive. Reactivated on 20201004 with reason HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability - TT# 21C00019
101.51.164.43	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	TH TO-S-2020-0303 Malicious Email Activity
101.51.214.231	24	RW	None	2021-02-19 00:00:00	2021-05-19 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6 hr failed logons (IP=231,TH)
101.51.252.208	24	BMP	None	2021-01-14 00:00:00	2021-04-14 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6hr Failed Logons (IP=208,TH)
101.51.32.0	19	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	TH Hive Case 4237 TO-S-2021-0910 Malware Activity
101.53.140.0	22	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	IN Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
101.53.146.80	32	NAB	None	2020-10-30 00:00:00	2021-01-28 00:00:00	None	HIVE Case #4238 COLS-NA-TIP-20-0344 (IP=80,IN)
101.53.249.174	24	ZH	None	2021-08-29 00:00:00	2021-11-27 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6hr Failed logons (IP=174,PK)
101.7.7.160	24	EE	None	2021-01-26 00:00:00	2021-04-26 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire (IP=160,CN)
101.71.125.178	24	BMP	None	2021-04-01 00:00:00	2021-06-30 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=178,CN)
101.75.174.201	32	wmp	None	2021-05-07 00:00:00	2021-08-07 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=201,CN)
101.78.250.46	24	RW	None	2021-04-23 00:00:00	2021-08-24 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Sourcefire (IP=146,IN) | updated by SW Block expiration extended with reason INDICATOR-SCAN PHP backdoor scan
101.86.134.4	24	FT	None	2021-03-20 00:00:00	2021-06-18 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=4,CN)
101.89.132.114	24	FT	None	2021-03-03 00:00:00	2021-06-02 00:00:00	None	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt - Web Attacks (IP=114,CN)
101.89.210.119	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=119,CN)
101.91.116.22	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=22,CN)
101.91.119.172	24	RR	None	2020-12-07 00:00:00	2021-03-07 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=172,CN)
101.95.183.138	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	HIVE Case #Firepower Firepower (IP=138,CN)
101.95.187.194	32	srm	None	2021-04-07 00:00:00	2021-07-07 00:00:00	None	Firepower Suspicious Scan Activity (IP=194,CN)
101.98.236.7	24	UA	None	2021-05-27 00:00:00	2021-08-25 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - 6hr Web Attacks (IP=7,NZ)
101.99.12.77	32	jkc	None	2021-04-21 00:00:00	2021-10-21 00:00:00	None	Case # 5273 IOC_TO-S-2021-1233 Malicious callback IP
101.99.15.161	24	RW	None	2021-04-28 00:00:00	2021-07-28 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6 hr failed logons (IP=161,VN)
101.99.81.45	24	BMP	None	2021-06-23 00:00:00	2021-09-21 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=45,MY)
102.112.32.132	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
102.119.184.5	24	CR	None	2021-04-27 00:00:00	2021-07-26 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=5,MU)
102.119.185.241	24	RR	None	2021-04-01 00:00:00	2021-06-30 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt -SourceFire (IP=241,MS)
102.119.188.10	24	BMP	None	2021-03-25 00:00:00	2021-06-23 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=10,MU)
102.130.115.0	24	kmw	None	2020-01-02 00:00:00	2021-01-02 00:00:00	None	ZA TO-S-2020-0228 Malicious Email Activity
102.133.229.187	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	ZA Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
102.133.231.6	24	GM	None	2021-03-29 00:00:00	2021-06-29 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=6,ZA)
102.134.176.0	20	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	ZA TO-S-2020-0298 Malicious Email Activity
102.141.196.0	22	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	SO TO-S-2020-0298 Malicious Email Activity
102.141.32.0	19	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	CG TO-S-2020-0838 Malware Activity
102.141.64.0	19	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	ZA TO-S-2021-0876 Hive Case 4166 Malicious Web Application Activity
102.152.154.47	32	wmp	None	2021-04-23 00:00:00	2021-07-23 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=47,TN)
102.157.180.93	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	TN TO-S-2020-0331 Malware Activity
102.158.173.176	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	US TO-S-2020-0303 Malicious Email Activity
102.164.192.0	19	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	ZA Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
102.165.124.0	22	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	NG TO-S-2020-0331 Malicious Web Application Activity
102.165.30.9	24	FT	None	2020-11-06 00:00:00	2021-02-06 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=9,ZA)
102.176.48.0	20	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	GH Hive Case 4237 TO-S-2021-0910 Malware Activity
102.177.104.0	21	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	ZA Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
102.181.164.216	24	RR	None	2021-06-19 00:00:00	2021-09-17 00:00:00	None	SERVER-WEBAPP VMware vRealize Operations Manager SSRF attempt - SourceFire (IP=216,SD)
102.182.55.93	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	ZA Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
102.182.75.121	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	US TO-S-2020-0303 Malicious Email Activity
102.184.16.0	20	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	EG Hive Case 4237 TO-S-2021-0910 Malware Activity
102.189.128.0	20	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,EG)
102.189.36.0	22	TLM	None	2021-06-17 00:00:00	2021-12-17 00:00:00	None	HIVE Case #5644 TO-S-2021-1352 (IP=0,EG)
102.190.160.0	20	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,EG)
102.23.224.0	19	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	ZA Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
102.26.162.195	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=195,TN)
102.26.2.126	32	TLM	None	2021-07-29 00:00:00	2021-10-27 00:00:00	None	HIVE Case #5884 TO-S-2021-1435 (IP=126,TN)
102.40.96.0	20	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,EG)
102.41.80.0	20	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,EG)
102.43.112.0	20	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,EG)
102.44.0.0	22	TLM	None	2021-06-10 00:00:00	2021-12-10 00:00:00	None	HIVE CASE #5606 TO-S-2021-1338
102.44.208.0	20	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,EG)
102.45.16.0	20	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,EG)
102.45.160.0	20	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,EG)
102.46.208.0	20	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,EG)
102.47.64.0	20	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,EG)
102.64.153.4	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	TG TO-S-2020-0493 Malware Activity
102.66.131.114	24	DT	None	2021-07-09 00:00:00	2021-10-07 00:00:00	None	SQL injection - Web Attacks (IP=114,ZA)
102.68.76.0	22	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	KE Hive Case 4237 TO-S-2021-0910 Malware Activity
102.69.224.0	21	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,KE)
102.89.2.0	24	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=0,NG)
103.1.92.0	22	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	NP Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
103.10.208.0	22	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=0,IN)
103.10.29.79	24	GM	None	2021-02-14 00:00:00	2021-05-14 00:00:00	None	SERVER-WEBAPP Citrix ADC and Gateway information disclosure attempt - Web Attacks (IP=79,NP)
103.10.31.72	24	BB	None	2021-08-19 00:00:00	2021-11-17 00:00:00	None	SQL injection - Web Attacks (IP=72,NP)
103.10.59.0	24	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5629 TO-S-2021-1303 (IP=0,ID)
103.10.86.198	24	RR	None	2020-12-12 00:00:00	2021-03-12 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Web Attacks (IP=198,CN)
103.101.16.142	24	FT	None	2021-03-14 00:00:00	2021-06-14 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=142,MM)
103.101.229.186	32	wmp	None	2021-02-19 00:00:00	2021-05-19 00:00:00	None	Firepower Suspicious Scan Activity (IP=186,ID)
103.101.229.189	24	RR	None	2021-03-02 00:00:00	2021-05-31 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - SourceFire (IP=189,ID)
103.101.233.0	24	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=0,IN)
103.102.112.0	22	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,ID)
103.102.145.34	32	srm	None	2021-01-29 00:00:00	2021-04-29 00:00:00	None	Firepwer Suspicious Scan Activity (IP=34,IN)
103.102.152.158	24	EE	None	2021-03-27 00:00:00	2021-06-25 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=158,ID)
103.102.153.205	24	GM	None	2021-03-24 00:00:00	2021-06-24 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=205,ID)
103.103.212.0	22	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	IN Hive Case 4237 TO-S-2021-0910 Malware Activity
103.103.220.0	22	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	CN TO-S-2020-0315 Malicious Web Application Activity
103.104.192.0	24	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	PK Hive Case 4237 TO-S-2021-0910 Malware Activity
103.104.213.0	24	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	PK Hive Case 4237 TO-S-2021-0910 Malware Activity
103.105.226.0	24	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	IN Hive Case 4237 TO-S-2021-0910 Malware Activity
103.105.40.0	24	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=0,IN)
103.105.53.0	24	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	ID Hive Case 4237 TO-S-2021-0910 Malware Activity
103.105.64.0	22	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	ID TO-S-2020-0298 Malicious Email Activity
103.106.29.148	24	GM	None	2020-12-27 00:00:00	2021-03-27 00:00:00	None	Generic URI Injection wget Attempt - FireEye CMS (IP=148,IN)
103.106.76.0	22	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	ID TO-S-2020-0303 Malicious Email Activity
103.106.82.194	24	RR	None	2020-10-28 00:00:00	2021-01-26 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=194,ID)
103.107.113.0	24	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=0,IN)
103.107.114.0	24	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	IN TO-S-2021-0876 Hive Case 4166 Malware Activity
103.107.199.10	32	GM	None	2021-01-07 00:00:00	2021-04-07 00:00:00	None	Unauthorized Access-Probe//UDP: Host Sweep - TT # 21C00389 (IP=10,GS)
103.108.140.0	24	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	BD TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
103.108.194.0	23	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	CN Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
103.108.228.231	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	AU TO-S-2020-0698 Malware Activity
103.108.236.13	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	JP TO-S-2020-0459 Malware Activity
103.108.94.50	24	RB	None	2021-01-09 00:00:00	2021-04-09 00:00:00	None	SERVER-WEBAPP Citrix ADC and Gateway information disclosure attempt - 6hr web attack (IP=50,NZ)
103.109.12.130	24	RW	None	2021-02-03 00:00:00	2021-05-03 00:00:00	None	POLICY-OTHER SAP NetWeaver AS LM Configuration Wizard access detected - Sourcefire (IP=130,IN)
103.109.160.0	22	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	ID TO-S-2021-0876 Hive Case 4166 Malware Activity
103.11.67.137	32	UA	None	2021-08-09 00:00:00	2021-11-07 00:00:00	None	HTTP SQL Injection Attempt - 6hr Web Attacks (IP=137,US)
103.110.84.0	22	dbc	None	2020-09-17 00:00:00	2021-09-17 00:00:00	None	VN TO-S-2020-0805 Malicious Email Activity
103.111.108.0	22	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	IN Hive Case 4187 TO-S-2021-0898 Malware Activity
103.111.116.0	24	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	BD TO-S-2021-0876 Hive Case 4166 Malicious Web Application Activity
103.111.28.0	22	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	ID TO-S-2020-0298 Malicious Email Activity
103.111.74.26	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	MY TO-S-2021-0876 Hive Case 4166 Malware Activity
103.111.80.0	22	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	ID TO-S-2021-1007 Malware Activity
103.111.83.0	24	dbc	None	2020-09-17 00:00:00	2021-09-17 00:00:00	None	ID TO-S-2020-0805 Malware Activity
103.112.252.0	22	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	IN TO-S-2020-0331 Malicious Web Application Activity
103.112.9.0	24	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	IN Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
103.113.0.0	24	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	IN TO-S-2020-0303 Malicious Email Activity
103.113.143.232	24	KH	None	2021-09-04 00:00:00	2021-12-03 00:00:00	None	Generic URI Injection wget Attempt - FE IPS (IP=232,IN)
103.113.180.0	23	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	MY TO-S-2020-0303 Malicious Web Application Activity
103.113.2.0	24	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	IN TO-S-2020-0303 Malicious Email Activity
103.113.228.0	22	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	IN TO-S-2020-0303 Malicious Web Application Activity
103.114.208.38	24	RW	None	2021-04-09 00:00:00	2021-07-09 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - web attacks (IP=38,IN)
103.115.120.249	24	RW	None	2021-01-19 00:00:00	2021-04-19 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=249,CN)
103.115.144.252	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	HK TO-S-2021-1007 Malware Activity
103.115.24.0	22	TLM	None	2021-06-10 00:00:00	2021-12-10 00:00:00	None	HIVE CASE #5606 TO-S-2021-1338
103.115.26.91	32	dbc	None	2020-05-27 00:00:00	2021-05-27 00:00:00	None	Unafilliated TO-S-2020-0559.01 Malicious Email Activity
103.115.26.91	32	dbc	None	2020-05-22 00:00:00	2021-05-22 00:00:00	None	Unafilliated TO-S-2020-0559 Malicious Email Activity
103.116.16.4	32	NAB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HIVE Case #5136 TO-S-21-1197 TO-S-21-1197.01 (IP=4,US)
103.116.27.132	24	GLM	None	2021-04-04 00:00:00	2021-08-22 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=132,IN) | updated by RR Block expiration extended with reason HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=132,IN)
103.116.58.199	24	RR	None	2020-12-29 00:00:00	2021-03-29 00:00:00	None	SERVER-WEBAPP JBoss JMXInvokerServlet access attempt - Web Attacks (IP=199,VN)
103.116.84.0	22	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	IN TO-S-2020-0331 Malicious Web Application Activity
103.117.132.0	24	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	CN Hive Case 4237 TO-S-2021-0910 Malicious Reconnaissance Activity
103.117.138.95	32	BMP	None	2020-10-11 00:00:00	2021-01-11 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 21C00086 (IP=95,HK)
103.117.212.0	24	dbc	None	2020-09-01 00:00:00	2021-09-01 00:00:00	None	IN HIVE Case #3744 TO-S-2020-0772 Malicious Email Activity
103.117.232.0	22	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	IN Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
103.117.32.0	22	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	IN TO-S-2020-0298 Malicious Email Activity
103.118.168.0	22	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	IN TO-S-2020-0303 Malicious Email Activity
103.119.167.0	32	wmp	None	2021-01-27 00:00:00	2021-04-27 00:00:00	None	Suspicious Scan Activity (IP=0,IN)
103.119.228.0	22	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	ID Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
103.119.58.5	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=5,IN)
103.119.64.0	22	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	ID TO-S-2020-0303 Malicious Email Activity
103.119.67.182	24	RR	None	2021-08-18 00:00:00	2021-11-16 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - SourceFire (IP=182,ID)
103.12.160.0	22	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	KH TO-S-2020-0298 Malicious Email Activity
103.12.198.91	24	BMP	None	2021-01-15 00:00:00	2021-04-15 00:00:00	None	FTP Login Failed - 6hr Failed Logons (IP=91,PK)
103.12.211.0	24	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	IN TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
103.12.88.43	32	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5629 TO-S-2021-1303 (IP=43,PH)
103.120.135.144	32	srm	None	2021-01-29 00:00:00	2021-04-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=144,KH)
103.120.224.0	22	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,CN)
103.120.232.0	24	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	ID TO-S-2021-1007 Malware Activity
103.121.122.0	24	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	ID TO-S-2020-0698 Malicious Email Activity
103.121.16.0	22	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,ID)
103.121.198.0	24	TLM	None	2021-06-10 00:00:00	2021-12-10 00:00:00	None	HIVE CASE #5606 TO-S-2021-1338
103.121.232.0	23	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	IN TO-S-2020-0298 Malicious Email Activity
103.121.60.0	24	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	BD Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
103.121.89.37	24	FT	None	2021-04-08 00:00:00	2021-07-07 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr web attacks (IP=37,VN)
103.122.105.165	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	ID TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
103.122.109.146	24	BMP	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=146,ID)
103.122.246.24	24	GM	None	2021-01-12 00:00:00	2021-04-12 00:00:00	None	SERVER-WEBAPP vBulletin pre-authenticated command injection attempt - Sourcefire (IP=24,AU)
103.122.84.0	24	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	IN TO-S-2020-0303 Malicious Email Activity
103.123.161.0	24	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	CN TO-S-2020-0298 Malicious Email Activity
103.123.171.0	24	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	BD TO-S-2021-1007 Unknown Malicious Activity
103.123.27.0	24	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	IN Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
103.124.144.0	22	NAB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HIVE Case #5136 TO-S-21-1197 TO-S-21-1197.01 (IP=0,ID)
103.124.81.31	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=31,IN)
103.124.94.33	24	EE	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attack (IP=33,VN)
103.125.178.161	24	DT	None	2021-01-24 00:00:00	2021-04-24 00:00:00	None	FTP Login Failed - 6hr Failed Logons (IP=161,PK)
103.125.235.23	32	wmp	None	2021-03-11 00:00:00	2021-06-11 00:00:00	None	ArcSight High Attacker (IP=23,JP)
103.125.27.34	24	KD	None	2021-07-13 00:00:00	2021-10-11 00:00:00	None	SQL injection- Web Attacks (IP=34,NP)
103.126.28.0	24	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	ID TO-S-2020-0303 Malicious Email Activity
103.126.30.0	24	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	ID TO-S-2020-0303 Malicious Email Activity
103.126.4.0	23	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	AF TO-S-2020-0331 Malicious Web Application Activity
103.127.147.0	24	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	IN TO-S-2020-0303 Malicious Email Activity
103.127.78.134	24	GM	None	2021-01-26 00:00:00	2021-04-26 00:00:00	None	Generic URI Injection wget Attempt - FireEye CMS (IP=134,IN)
103.129.196.171	24	RR	None	2020-10-22 00:00:00	2021-01-20 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=171,US)
103.129.212.0	22	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	BD TO-S-2020-0331 Malicious Web Application Activity
103.129.97.0	24	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	IN TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
103.129.98.47	32	NAB	None	2020-10-28 00:00:00	2021-01-26 00:00:00	None	HIVE Case #4192 COLS-NA-TIP-20-0322 (IP=47,IN)
103.129.99.25	32	NAB	None	2020-11-16 00:00:00	2021-02-14 00:00:00	None	HIVE Case #4316 COLS-NA-TIP-20-0354 (IP=25,IN)
103.13.28.19	24	GM	None	2020-11-27 00:00:00	2021-02-27 00:00:00	None	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt - Sourcefire (IP=19,TH)
103.13.50.0	24	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	HK Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
103.13.97.0	24	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	IN Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
103.13.97.0	24	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	IN Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
103.130.153.0	24	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,MY)
103.130.166.233	24	RT	None	2021-07-07 00:00:00	2021-10-05 00:00:00	None	OS-OTHER Bash CGI environment variable injection attempt (1:31978:5) - SourceFire Report (IP=233,ID)
103.130.172.0	24	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	US TO-S-2020-0303 Malicious Email Activity
103.130.191.0	24	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	IN Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
103.130.212.0	22	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	VN Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
103.130.216.170	24	GM	None	2021-03-24 00:00:00	2021-06-24 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=170,VN)
103.131.24.0	23	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	IN TO-S-2020-0331 Malicious Web Application Activity
103.131.51.0	23	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	ID TO-S-2020-0838 Malicious Email Activity
103.131.98.66	24	DT	None	2021-03-25 00:00:00	2021-06-23 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=66,ID)
103.132.207.21	24	RB	None	2021-03-18 00:00:00	2021-06-16 00:00:00	None	SERVER-WEBAPP JBoss JMXInvokerServlet access attempt - Sourcefire (IP=21,IN)
103.133.106.223	24	KD	None	2021-06-14 00:00:00	2021-09-13 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=223,VN)
103.133.139.28	24	RW	None	2020-11-19 00:00:00	2021-02-19 00:00:00	None	Hello Peppa Scan - Fireeye IPS (IP=28,CN)
103.134.133.0	24	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	IN Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
103.134.135.245	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=245,IN)
103.134.204.0	22	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,MM)
103.134.85.77	24	BMP	None	2021-03-27 00:00:00	2021-06-25 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=77,ID)
103.135.104.144	24	FT	None	2021-03-21 00:00:00	2021-06-19 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=144,HK)
103.135.38.0	23	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	IN TO-S-2020-0298 Malicious Email Activity
103.135.74.136	24	BMP	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=136,ID)
103.136.82.50	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=50,IN)
103.137.14.54	32	BMP	None	2020-12-11 00:00:00	2021-03-11 00:00:00	None	Unauthorized Access-Probe - TT# 21C00280 (IP=54,AU)
103.137.184.114	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	Unaffiliated TO-S-2020-0535 Malicious Email Activity
103.137.248.0	24	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	IN TO-S-2020-0750 Malicious Email Activity
103.137.72.0	22	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,BD)
103.138.108.0	23	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	US TO-S-2020-0303 Malicious Email Activity
103.138.117.0	24	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	ID Hive Case 4237 TO-S-2021-0910 Malware Activity
103.138.150.0	24	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,BD)
103.138.165.74	24	BMP	None	2021-03-23 00:00:00	2021-06-21 00:00:00	None	Nuclei Vulnerability Scanner - FireEye (IP=74,BD)
103.138.185.0	24	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	IN TO-S-2020-0303 Malicious Email Activity
103.138.22.0	24	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	IN TO-S-2020-0303 Malicious Email Activity
103.138.64.0	22	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	MY TO-S-2020-0315 Malware Activity
103.139.102.0	24	TLM	None	2021-06-14 00:00:00	2021-12-14 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=0,VN)
103.139.2.0	23	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	CN Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
103.139.219.0	24	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	IN TO-S-2020-0298 Malicious Email Activity
103.139.66.0	23	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	IN TO-S-2020-0298 Malicious Email Activity
103.139.69.0	24	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5629 TO-S-2021-1303 (IP=0,IN)
103.139.89.205	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=205,IN)
103.14.96.0	23	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	IN TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
103.140.104.0	23	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	ID TO-S-2020-0838 Malware Activity
103.141.0.0	23	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	HK TO-S-2020-0331 Malware Activity
103.141.188.0	24	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	ID Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
103.142.24.0	22	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	VN TO-S-2020-0459 Malware Activity
103.143.1.2	24	RR	None	2021-06-11 00:00:00	2021-09-09 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - Web Attacks (IP=2,BG)
103.143.147.2	24	GM	None	2020-10-14 00:00:00	2021-01-14 00:00:00	None	Generic URI Injection wget Attempt - FireEye CMS (IP=2,NL)
103.143.193.226	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=226,ID)
103.143.208.0	23	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	VN TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
103.143.9.0	24	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5629 TO-S-2021-1303 (IP=0,IN)
103.144.240.126	32	srm	None	2021-04-07 00:00:00	2021-07-07 00:00:00	None	Firepower Suspicious Scan Activity (IP=126,CN)
103.145.13.118	32	DT	None	2021-03-14 00:00:00	2021-06-14 00:00:00	None	Unauthorized Access-Probe//UDP: Host Sweep - TT# 21C00675 (IP=118,NL)
103.145.13.126	32	GM	None	2020-10-14 00:00:00	2021-01-14 00:00:00	None	Unauthorized Access-Probe - TT 21C00124 (IP=126,NL)
103.145.13.127	32	RR	None	2020-10-14 00:00:00	2021-01-14 00:00:00	None	Unauthorized Access-Probe/UDP: Host Sweep - TR#21C00125 (IP=127,NL)
103.145.13.129	32	RW	None	2020-11-18 00:00:00	2021-02-18 00:00:00	None	Unauthorized Access-Probe // UDP: Host Sweep - TT# 21C00236 (IP=129,US)
103.145.13.147	32	RB	None	2021-03-01 00:00:00	2021-06-01 00:00:00	None	Unauthorized Access-Probe / UDP: Host Sweep TT# 21C00540 (IP=147,NL)
103.145.13.222	32	CR	None	2021-05-31 00:00:00	2021-08-29 00:00:00	None	Unauthorized Access-Probe / UDP: Host Sweep - 21C01174 (IP=222,NL)
103.145.13.222	32	CR	None	2021-05-31 00:00:00	2021-08-29 00:00:00	None	Unauthorized Access-Probe / UDP: Host Sweep - 21C01174 (IP=222,NL) Unauthorized Access-Probe / UDP: Host Sweep - 21C01174 (IP=222,NL)
103.145.13.228	32	RR	None	2020-11-20 00:00:00	2021-02-19 00:00:00	None	Unauthorized Access-Probe / UDP: Host Sweep - TT# 21C00240 (IP=228,NL)
103.145.13.235	32	GM	None	2021-04-23 00:00:00	2021-07-23 00:00:00	None	Unauthorized Access-Probe / UDP: Host Sweep - IR# 21C01059 (IP=235,NL)
103.145.13.235	32	GM	None	2021-04-23 00:00:00	2021-07-23 00:00:00	None	Unauthorized Access-Probe / UDP: Host Sweep - IR# 21C01059 (IP=235,NL) Unauthorized Access-Probe / UDP: Host Sweep - IR# 21C01059 (IP=235,NL)
103.145.13.247	24	UA	None	2021-07-11 00:00:00	2021-10-09 00:00:00	None	Unauthorized Access-Probe - TT# 21C01424 (247,NL)
103.145.13.37	24	FT	None	2021-03-30 00:00:00	2021-06-28 00:00:00	None	Unauthorized Access-Probe - TT# 21C00905 (IP=37,NL)
103.145.13.55	32	BMP	None	2021-02-02 00:00:00	2021-05-02 00:00:00	None	Unauthorized Access-Probe / UDP Host Sweep - TT# 21C00458 (IP=52,NL)
103.145.13.59	32	RW	None	2021-01-28 00:00:00	2021-04-28 00:00:00	None	Unauthorized Access-Probe - TT# 21C00454 (IP=59,NL)
103.145.13.60	32	DT	None	2021-02-03 00:00:00	2021-05-03 00:00:00	None	Unauthorized Access-Probe / UDP Host Sweep - TT# 21C00466 (IP=60,NL)
103.145.13.69	32	RW	None	2021-02-28 00:00:00	2021-05-28 00:00:00	None	Unauthorized Access-Probe / UDP: Host Sweep - TT# 21C00536 (IP=69,NL)
103.145.13.74	32	FT	None	2021-03-01 00:00:00	2021-06-01 00:00:00	None	Unauthorized Access-Probe / UDP: Host Sweep TT# 21C00541 (IP=74,NL)
103.145.13.75	32	RB	None	2021-03-01 00:00:00	2021-06-01 00:00:00	None	Unauthorized Access-Probe / UDP: Host Sweep TT# 21C00539 (IP=75,NL)
103.145.13.77	32	RW	None	2021-03-07 00:00:00	2021-06-07 00:00:00	None	Unauthorized Access-Probe / UDP: Host Sweep - TT# 21C00561 (IP=77,US)
103.145.13.77	32	RW	None	2021-03-07 00:00:00	2021-06-07 00:00:00	None	Unauthorized Access-Probe / UDP: Host Sweep - TT# 21C00561 (IP=77,US)
103.145.13.78	32	RR	None	2021-03-04 00:00:00	2021-06-02 00:00:00	None	Unauthorized Access-Probe - TT# 21C00552 (IP=78,NL)
103.145.13.85	32	FT	None	2020-10-03 00:00:00	2021-01-03 00:00:00	None	Unauthorized Access-Probe/UDP: Host Sweep - TT# 21C00017 (IP=85,NL)
103.145.13.97	32	RW	None	2020-12-10 00:00:00	2021-03-10 00:00:00	None	USAMITCMED_IPS Signature: Unauthorized Access-Probe // UDP: Host Sweep - TT# 21C00276 (IP=97,NL)
103.145.172.58	24	RW	None	2021-01-26 00:00:00	2021-04-26 00:00:00	None	Authentication Failed - 6hr failed logons (IP=58,IN)
103.145.252.0	22	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	VN Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
103.145.254.0	23	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	VN Hive Case 4187 TO-S-2021-0898 Malicious Web Application Activity
103.145.38.0	24	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,CN)
103.145.4.241	24	RR	None	2020-11-21 00:00:00	2021-02-19 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - SourceFire (IP=241,VN)
103.145.86.29	24	RR	None	2020-11-09 00:00:00	2021-02-07 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - SourceFire (IP=29,CN)
103.146.63.0	24	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	ID Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
103.147.12.0	24	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	CN TO-S-2020-0838 Malicious Email Activity
103.147.136.0	23	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	IN Hive Case 4187 TO-S-2021-0898 Malware Activity
103.147.185.85	32	wmp	None	2021-05-27 00:00:00	2021-08-27 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=85,VN)
103.147.50.107	32	wmp	None	2021-05-14 00:00:00	2021-08-14 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=107,ID)
103.148.50.0	23	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	BD TO-S-2020-0838 Malware Activity
103.15.104.15	24	RR	None	2020-12-29 00:00:00	2021-03-29 00:00:00	None	HTTP: SQL Injection Attempt Detected - Web Attacks (IP=15,MY)
103.15.51.103	24	BMP	None	2021-05-14 00:00:00	2021-08-12 00:00:00	None	SERVER-WEBAPP Liferay arbitrary Java object deserialization attempt - 6hr Web Attacks (IP=103,VN)
103.15.80.0	22	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	IN TO-S-2020-0298 Malicious Email Activity
103.150.187.53	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	US TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
103.150.19.146	24	KH	None	2021-09-12 00:00:00	2021-12-11 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6hr Failed Logons (IP=146,BD)
103.151.123.125	24	RB	None	2021-08-19 00:00:00	2021-11-17 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - 6hr web attacks (IP=125,VN)
103.151.188.0	23	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5629 TO-S-2021-1303 (IP=0,IN)
103.151.217.0	24	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	CN Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
103.152.244.242	24	AR	None	2021-08-30 00:00:00	2021-11-28 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt – 6hr Failed Logons (IP=242,ID)
103.152.79.117	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	IN TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
103.153.104.0	23	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	IN TO-S-2021-0876 Hive Case 4166 Malware Activity
103.153.174.0	24	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5629 TO-S-2021-1303 (IP=0,BD)
103.153.182.0	23	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	IN TO-S-2020-0838 Malicious Email Activity
103.153.73.185	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=185,VN)
103.154.184.200	32	srm	None	2021-05-14 00:00:00	2021-08-12 00:00:00	None	Firepower Suspicious Scan Activity (IP=200,IN)
103.154.184.200	24	RB	None	2021-05-14 00:00:00	2021-09-04 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - 6hr web attacks (IP=200,IN) | updated by RR Block expiration extended with reason SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=200,IN)
103.154.47.78	24	RB	None	2021-05-23 00:00:00	2021-08-21 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - 6hr web attacks (IP=78,NP)
103.154.52.26	24	RR	None	2021-05-19 00:00:00	2021-08-17 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - SourceFire (IP=26,ID)
103.155.92.0	24	TLM	None	2021-07-29 00:00:00	2021-10-27 00:00:00	None	HIVE Case #5884 TO-S-2021-1435 (IP=0,MY)
103.156.88.4	24	BB	None	2021-08-19 00:00:00	2021-11-17 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - Failed Logon (IP=4,ID)
103.157.26.0	23	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	ID TO-S-2021-1007 Malicious Email Activity
103.16.228.0	24	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	HK Hive Case 4187 TO-S-2021-0898 Malicious Web Application Activity
103.161.118.207	24	RB	None	2021-05-15 00:00:00	2021-08-13 00:00:00	None	SERVER-WEBAPP Terramaster TOS command injection attempt - 6hr web attacks (IP=207,VN)
103.167.166.135	24	BB	None	2021-08-10 00:00:00	2021-11-08 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - SourceFire (IP=135,ID)
103.167.232.128	24	ZH	None	2021-08-26 00:00:00	2021-11-24 00:00:00	None	SERVER-WEBAPP Microsoft Exchange Server server side request forgery attempt - 6hr Web Attacks (IP=128,NP)
103.17.116.0	22	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	HK TO-S-2020-0331 Malware Activity
103.17.244.0	22	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	ID TO-S-2020-0298 Malicious Email Activity
103.17.8.0	22	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	TW TO-S-2020-0698 Malicious Email Activity
103.17.8.51	32	dbc	None	2020-05-13 00:00:00	2021-05-13 00:00:00	None	Unaffiliated TO-S-2020-0503 Malicious Email Activity
103.18.108.80	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	AU TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
103.18.109.67	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	AU TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
103.18.109.67	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	AU TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
103.18.109.67	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	AU TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
103.18.117.123	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=123,ID)
103.18.170.31	24	RR	None	2021-05-22 00:00:00	2021-08-20 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - SourceFire (IP=31,IN)
103.18.69.186	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=186,IN)
103.18.69.186	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=186,IN)
103.19.1.203	32	dbc	None	2020-03-24 00:00:00	2021-03-24 00:00:00	None	JP TO-S-2020-0369 Malicious Email Activity
103.19.9.162	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	SG TO-S-2020-0298 Malicious Email Activity
103.192.78.83	24	EE	None	2021-02-07 00:00:00	2021-05-07 00:00:00	None	Artica Web Proxy SQL Injection Vulnerability - 6 HR Web Attack (IP=83,NP)
103.194.172.0	22	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5637 TO-S-2021-1321 (IP=0,ID)
103.194.242.158	24	EE	None	2021-01-20 00:00:00	2021-09-07 00:00:00	None	Hello Peppa Scan - CMS IP Events (IP=158,IN) | updated by RR Block was inactive. Reactivated on 20210528 with reason HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=158,IN) | updated by AR Block expiration extended with reas
103.194.88.0	24	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	IN Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
103.194.90.0	24	dbc	None	2020-09-17 00:00:00	2021-09-17 00:00:00	None	IN TO-S-2020-0805 Malware Activity
103.195.203.26	32	dbc	None	2020-05-27 00:00:00	2021-05-27 00:00:00	None	Unafilliated TO-S-2020-0559.01 Malicious Email Activity
103.195.203.26	32	dbc	None	2020-05-22 00:00:00	2021-05-22 00:00:00	None	Unafilliated TO-S-2020-0559 Malicious Email Activity
103.195.31.199	24	KH	None	2021-07-26 00:00:00	2021-10-24 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - Web Attacks (IP=199,ID)
103.195.91.180	32	dbc	None	2020-09-17 00:00:00	2021-09-17 00:00:00	None	ID TO-S-2020-0805 Malicious Email Activity
103.196.8.0	22	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	IN TO-S-2020-0298 Malicious Email Activity
103.197.57.20	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	MY TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
103.198.8.0	24	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,NP)
103.198.96.24	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=24,IN)
103.199.108.30	24	RW	None	2020-11-27 00:00:00	2021-02-25 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=30,BD)
103.20.200.137	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	AU TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
103.20.248.188	24	FT	None	2021-03-15 00:00:00	2021-06-15 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=188,US)
103.20.3.177	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=177,PK)
103.20.3.32	32	srm	None	2021-01-29 00:00:00	2021-04-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=32,PK)
103.20.3.57	32	srm	None	2021-01-29 00:00:00	2021-04-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=57,PK)
103.20.90.0	23	dbc	None	2020-09-17 00:00:00	2021-09-17 00:00:00	None	ID TO-S-2020-0805 Malicious Email Activity
103.200.105.69	24	RW	None	2021-05-20 00:00:00	2021-08-19 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - Sourcefire (IP=69,IN)
103.200.23.0	24	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	VN Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
103.201.134.34	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=34,IN)
103.201.135.130	24	RR	None	2021-02-26 00:00:00	2021-05-27 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt (1:19559:13) - SourceFire (IP=130,IN)
103.201.140.0	22	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	IN TO-S-2020-0298 Malicious Email Activity
103.201.149.32	24	BMP	None	2021-02-11 00:00:00	2021-05-11 00:00:00	None	FTP Login Failed - 6hr Failed Logons (IP=32,IN)
103.203.208.0	22	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	IN TO-S-2020-0298 Malicious Email Activity
103.203.224.0	22	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	IN TO-S-2020-0331 Malicious Web Application Activity
103.203.228.105	24	RR	None	2020-11-08 00:00:00	2021-02-06 00:00:00	None	POLICY-OTHER Adobe ColdFusion admin interface access attempt - SourceFire (IP=105,IN)
103.203.72.107	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=107,IN)
103.203.72.184	32	wmp	None	2021-05-28 00:00:00	2021-08-28 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=184,IN)
103.204.210.0	24	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	BD TO-S-2021-0941 Hive Case 4361 Malicious Web Application Activity
103.204.231.0	24	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	IN TO-S-2020-0298 Malicious Email Activity
103.204.76.0	22	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	HK TO-S-2020-0315 Malware Activity
103.205.64.0	24	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	IN Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
103.205.66.88	24	BMP	None	2021-04-02 00:00:00	2021-07-01 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=88,IN)
103.206.112.0	22	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	IN TO-S-2020-0303 Malicious Email Activity
103.206.116.0	22	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,IN)
103.206.224.0	22	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	IN TO-S-2020-0331 Malicious Web Application Activity
103.206.230.198	24	AR	None	2021-05-29 00:00:00	2021-08-27 00:00:00	None	POLICY-OTHER SAP NetWeaver AS LM Configuration Wizard access detected (1:54573:2) - SourceFire Report (IP= 198,BD)
103.206.230.198	32	wmp	None	2021-04-19 00:00:00	2021-07-19 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=198,BD)
103.207.98.50	24	RB	None	2021-02-24 00:00:00	2021-05-25 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6hr failed logons (IP=50,ID)
103.208.21.73	24	RR	None	2021-05-01 00:00:00	2021-07-30 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - SourceFire (IP=73,IN)
103.208.221.184	24	EE	None	2021-02-15 00:00:00	2021-05-15 00:00:00	None	SERVER-WEBAPP Cisco Ultra Services Framework command injection attempt - 6 HR Web Attacks (IP=184,JP)
103.209.144.198	32	NAB	None	2020-11-12 00:00:00	2021-02-10 00:00:00	None	HIVE Case #4296 COLS-NA-TIP-20-0347 (IP=198,IN)
103.209.176.0	22	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	IN TO-S-2020-0298 Malicious Email Activity
103.209.204.0	22	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	IN TO-S-2020-0298 Malicious Email Activity
103.21.148.157	24	GM	None	2021-03-11 00:00:00	2021-06-11 00:00:00	None	SERVER-WEBAPP Oracle WebLogic Server command injection attempt - Web Attacks (IP=157,VN)
103.21.180.0	24	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	MY Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
103.21.58.0	23	NAB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HIVE Case #5136 TO-S-21-1197 TO-S-21-1197.01 (IP=0,IN)
103.210.27.72	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	AU Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
103.210.44.0	22	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	IN TO-S-2021-0989 Hive Case # 4493 Malware Activity
103.211.15.12	24	RR	None	2020-12-25 00:00:00	2021-03-25 00:00:00	None	FTP Login Failed - Failed Logons (IP=12,IN)
103.211.179.72	24	RW	None	2020-12-21 00:00:00	2021-03-21 00:00:00	None	Authentication Failure - 6hr failed logons (IP=72,IN)
103.211.216.0	22	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	SC TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
103.212.120.43	32	wmp	None	2021-06-29 00:00:00	2021-09-29 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=43,IN)
103.212.128.0	22	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	IN TO-S-2020-0303 Malicious Email Activity
103.212.211.44	24	RT	None	2021-05-27 00:00:00	2021-08-25 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6 HR Web Attack (IP=44,ID)
103.212.211.44	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=44,ID)
103.212.211.44	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=44,ID)
103.212.225.121	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	AU TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
103.213.244.0	22	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	HK TO-S-2020-0331 Malicious Web Application Activity
103.213.250.159	32	BB	None	2021-08-11 00:00:00	2021-11-09 00:00:00	None	Attempted Access - Inbound Brute Force - IR# 21C01532 (IP=159,US)
103.213.31.27	24	GM	None	2021-04-22 00:00:00	2021-07-21 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Web Attacks (IP=27,NP)
103.214.0.0	22	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	BD Hive Case 4237 TO-S-2021-0910 Malicious Reconnaissance Activity
103.214.113.16	32	BMP	None	2020-10-06 00:00:00	2021-01-06 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 21C00042 (IP=16,ID)
103.214.128.0	24	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	IN Hive Case 4237 TO-S-2021-0910 Malware Activity
103.214.143.18	24	GM	None	2021-02-21 00:00:00	2021-05-22 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - 6hr Web Attacks (IP=18,CN)
103.214.146.150	24	RR	None	2021-04-01 00:00:00	2021-06-30 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=150,HK)
103.214.159.74	24	RB	None	2021-04-01 00:00:00	2021-06-30 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - Sourcefire (IP=74,BD)
103.214.76.0	22	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	NP TO-S-2021-1007 Malware Activity
103.215.156.0	22	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	IN TO-S-2020-0535 Malicious Email Activity
103.215.176.0	24	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	ID TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
103.215.200.0	22	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	IN TO-S-2020-0298 Malicious Email Activity
103.215.210.178	24	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=178,AF)
103.215.24.0	22	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	ID Hive Case 4237 TO-S-2021-0910 Malware Activity
103.216.160.111	32	wmp	None	2021-04-21 00:00:00	2021-07-21 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=111,AF)
103.216.188.0	24	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=0,ID)
103.217.116.159	32	wmp	None	2021-04-30 00:00:00	2021-07-30 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=159,IN)
103.217.117.40	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=40,IN)
103.217.117.8	24	DT	None	2021-06-24 00:00:00	2021-09-22 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Web Attacks (IP=8,IN)
103.217.121.0	22	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=0,IN)
103.217.121.145	24	GM	None	2020-12-27 00:00:00	2021-03-27 00:00:00	None	Generic URI Injection wget Attempt - FireEye CMS (IP=145,IN)
103.217.123.203	24	GM	None	2020-12-25 00:00:00	2021-03-25 00:00:00	None	Generic URI Injection wget Attempt - FireEye CMS (IP=203,IN)
103.217.157.208	24	BMP	None	2021-01-21 00:00:00	2021-04-21 00:00:00	None	Apache Struts 2 ConversionErrorInterceptor OGNL Script Injection - FireEye CMS (IP=208,MM)
103.217.216.0	22	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	ID TO-S-2020-0331 Malicious Web Application Activity
103.217.72.0	23	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	IN TO-S-2020-0298 Malicious Email Activity
103.217.77.122	32	dbc	None	2020-05-22 00:00:00	2021-05-27 00:00:00	None	Unafilliated TO-S-2020-0559 Malicious Email Activity | updated by dbc Block expiration extended with reason Unafilliated TO-S-2020-0559.01 Malicious Email Activity
103.218.2.169	32	dbc	None	2020-05-27 00:00:00	2021-05-27 00:00:00	None	Unafilliated TO-S-2020-0559.01 Malicious Email Activity
103.218.2.169	32	dbc	None	2020-05-22 00:00:00	2021-05-22 00:00:00	None	Unafilliated TO-S-2020-0559 Malicious Email Activity
103.218.241.0	24	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	HK Hive Case 4187 TO-S-2021-0898 Malicious Web Application Activity
103.218.243.167	32	wmp	None	2020-10-22 00:00:00	2021-01-20 00:00:00	None	HIVE Case #4172 CTO-20-295 (IP=167,HK)
103.219.132.0	22	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	IN TO-S-2020-0331 Malicious Reconnaissance Activity
103.219.140.0	22	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	IN TO-S-2020-0303 Malicious Email Activity
103.219.152.225	32	wmp	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=225,NL)
103.219.152.74	24	RW	None	2021-04-17 00:00:00	2021-07-17 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt - Sourcefire (IP=74,NL)
103.219.28.0	22	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	CN Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
103.219.60.0	24	dbc	None	2020-03-24 00:00:00	2021-03-24 00:00:00	None	IN TO-S-2020-0369 Malicious Email Activity
103.219.61.3	24	GM	None	2021-04-22 00:00:00	2021-07-21 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=3,IN)
103.219.61.3	32	wmp	None	2021-04-22 00:00:00	2021-07-22 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=3,IN)
103.219.76.2	24	RR	None	2018-08-30 05:00:00	2021-08-26 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt (IP=2,ID) | updated by EE Block was inactive. Reactivated on 20210404 with reason HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attack (IP=2,ID) | updated by RR Block expira
103.22.180.0	23	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,TH)
103.220.28.0	22	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	IN TO-S-2020-0298 Malicious Email Activity
103.220.47.0	24	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	ID TO-S-2021-1007 Malicious Email Activity
103.222.188.0	22	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,CN)
103.223.10.163	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=163,IN)
103.223.13.135	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=135,IN)
103.223.13.75	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=75,IN)
103.223.8.35	24	FT	None	2020-10-05 00:00:00	2021-01-05 00:00:00	None	SERVER-WEBAPP Fortinet FortiOS SSL VPN web portal directory traversal attempt - SourceFire (IP=35,IN)
103.223.9.147	24	GM	None	2020-10-25 00:00:00	2021-01-25 00:00:00	None	Generic URI Injection wget Attempt - FireEye CMS (IP=147,IN)
103.224.100.0	24	jkc	None	2021-04-21 00:00:00	2021-10-21 00:00:00	None	Case # 5273 IOC_TO-S-2021-1233 Malicious callback IP
103.224.153.5	24	DT	None	2021-04-24 00:00:00	2021-07-24 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr FAILED lOGONS (IP=5,IN)
103.224.182.209	32	wmp	None	2020-09-03 00:00:00	2021-10-21 00:00:00	None	HIVE Case #3770 TO-S-2020-0779 COLS-NA-TIP-20-0280 (IP=209,AU) | updated by dbc Block expiration extended with reason AU TO-S-2021-0876 Hive Case 4166 Malicious Web Application Activity
103.224.182.238	32	wmp	None	2020-08-20 00:00:00	2021-10-08 00:00:00	None	HIVE Case #3601 COLS-NA-TIP-20-0260 (IP=238,AU) | updated by wmp Block expiration extended with reason HIVE Case #3853 TO-S-2020-0804 COLS-NA-TIP-20-0291 (IP=238,AU) | updated by dbc Block expiration extended with reason HIVE Case #4064 TO-S-2020-0859
103.224.182.240	32	wmp	None	2020-09-03 00:00:00	2021-10-21 00:00:00	None	HIVE Case #3770 TO-S-2020-0779 COLS-NA-TIP-20-0280 (IP=240,AU) | updated by dbc Block expiration extended with reason AU TO-S-2021-0876 Hive Case 4166 Malicious Web Application Activity
103.224.182.242	32	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	AU TO-S-2020-0315 Malicious Email Activity
103.224.182.244	32	wmp	None	2020-08-26 00:00:00	2021-10-21 00:00:00	None	HIVE Case #3650 COLS-NA-TIP-20-0271 (IP=244,AU) | updated by dbc Block expiration extended with reason AU TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
103.224.182.245	32	tjh	None	2016-03-31 05:00:00	2021-06-06 00:00:00	None	AU TO-S-2016-0450 | updated by NAB Block was inactive. Reactivated on 20210308 with reason HIVE Case #5021 TO-S-2021-1116 COLS-NA-TIP-21-0047 (IP=245,AU)
103.224.182.251	32	NAB	None	2020-10-30 00:00:00	2021-11-03 00:00:00	None	HIVE Case #4238 COLS-NA-TIP-20-0344 (IP=251,AU) | updated by dbc Block expiration extended with reason AU Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
103.224.182.252	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	AU Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
103.224.182.253	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	AU TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
103.224.184.0	22	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	IN TO-S-2020-0331 Malicious Web Application Activity
103.224.212.219	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	AU Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
103.224.212.221	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	AU Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
103.224.243.146	32	dbc	None	2020-06-10 00:00:00	2021-06-10 00:00:00	None	Unaffiliated TO-S-2020-0601 Malicious Email Activity
103.224.33.226	32	wmp	None	2021-02-11 00:00:00	2021-05-11 00:00:00	None	Firepower Suspicious Scan Activity (IP=226,IN)
103.226.90.186	24	EE	None	2021-04-13 00:00:00	2021-07-12 00:00:00	None	SQL injection - Web Attack (IP=186,IN)
103.226.91.134	24	EE	None	2021-04-13 00:00:00	2021-07-12 00:00:00	None	SQL injection - Web Attack (IP=134,IN)
103.227.118.250	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=250,IN)
103.227.176.21	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	SG TO-S-2020-0459 Malware Activity
103.227.176.22	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	SG TO-S-2020-0459 Malware Activity
103.227.176.27	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=27,SG)
103.227.176.6	32	dbc	None	2020-09-23 00:00:00	2021-09-23 00:00:00	None	SG TO-S-2020-0826 Hive Case 3950 Malicious Email Activity
103.227.177.122	32	NAB	None	2021-04-20 00:00:00	2021-07-19 00:00:00	None	HIVE Case #5278 TO-S-21-1235 SHARKSEER-TIP-21-3093 (IP=122,SG)
103.227.68.0	22	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	IN TO-S-2021-1007 Malware Activity
103.228.252.35	24	RT	None	2021-05-27 00:00:00	2021-08-25 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6 HR Web Attack (IP=35,DO)
103.228.56.0	22	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	MY TO-S-2020-0459 Malware Activity
103.229.127.206	32	FT	None	2020-10-08 00:00:00	2021-01-06 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability - TT# 21C00057 (IP=206,HK)
103.229.72.207	32	RR	None	2020-02-23 00:00:00	2021-01-15 00:00:00	None	SQL union select - possible sql injection attempt - GET parameter - SourceFire (IP=207,ID) | updated by RB Block was inactive. Reactivated on 20201015 with reason HTTP: PHP File Inclusion Vulnerability - TT# 21C00130 (IP=207,ID)
103.23.132.0	22	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	KH TO-S-2020-0298 Malicious Email Activity
103.23.20.0	22	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,ID)
103.23.200.0	22	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	ID TO-S-2020-0331 Malicious Web Application Activity
103.23.236.0	22	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	IN TO-S-2020-0298 Malicious Email Activity
103.230.107.38	24	EE	None	2021-03-10 00:00:00	2021-06-10 00:00:00	None	Artica Web Proxy SQL Injection Vulnerability - 6 HR Web Attack (IP=38,BD)
103.230.236.0	22	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	CN TO-S-2020-0331 Malicious Web Application Activity
103.230.250.61	24	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=61,NL)
103.231.32.0	22	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	IN TO-S-2020-0303 Malicious Email Activity
103.231.90.34	24	GM	None	2021-02-02 00:00:00	2021-05-02 00:00:00	None	SERVER-WEBAPP JBoss admin-console access - Web Attacks (IP=34,NZ)
103.231.91.34	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	NZ TO-S-2020-0493 Malware Activity
103.231.94.1	24	BMP	None	2021-01-28 00:00:00	2021-04-28 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6hr Failed Logons (IP=1,MM)
103.232.154.1	24	RB	None	2021-05-16 00:00:00	2021-08-14 00:00:00	None	SQL injection - 6hr web attacks (IP=154,NP)
103.232.154.11	24	RB	None	2021-05-17 00:00:00	2021-08-15 00:00:00	None	SQL injection - 6hr web attacks (IP=11,NP)
103.232.154.11	24	RB	None	2021-05-17 00:00:00	2021-08-15 00:00:00	None	SQL injection - 6hr web attacks (IP=11,NP) SQL injection - 6hr web attacks (IP=11,NP)
103.232.154.19	24	RW	None	2021-05-15 00:00:00	2021-08-13 00:00:00	None	SQL injection - Web Attacks (IP=19,NP)
103.232.154.35	24	RW	None	2021-05-16 00:00:00	2021-08-14 00:00:00	None	SQL injection - Web Attacks (IP=35,NP)
103.232.154.35	24	RW	None	2021-05-16 00:00:00	2021-08-14 00:00:00	None	SQL injection - Web Attacks (IP=35,NP) SQL injection - Web Attacks (IP=35,NP)
103.232.154.45	24	RW	None	2021-06-01 00:00:00	2021-08-30 00:00:00	None	POLICY-OTHER SAP NetWeaver AS LM Configuration Wizard access detected (1:54573:2) - Sourcefire (IP=45,NP)
103.232.154.45	24	RW	None	2021-06-01 00:00:00	2021-08-30 00:00:00	None	POLICY-OTHER SAP NetWeaver AS LM Configuration Wizard access detected (1:54573:2) - Sourcefire (IP=45,NP) POLICY-OTHER SAP NetWeaver AS LM Configuration Wizard access detected (1:54573:2) - Sourcefire (IP=45,NP)
103.232.154.45	24	RW	None	2021-06-01 00:00:00	2021-08-30 00:00:00	None	POLICY-OTHER SAP NetWeaver AS LM Configuration Wizard access detected (1:54573:2) - Sourcefire (IP=45,NP)
103.232.154.6	24	RR	None	2021-01-19 00:00:00	2021-04-19 00:00:00	None	OS-OTHER Bash CGI environment variable injection attempt Web Attacks (IP=6,NP)
103.232.239.215	24	RB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	SQL injection - 6hr failed logons (IP=215,IN)
103.233.0.0	22	TLM	None	2021-06-10 00:00:00	2021-12-10 00:00:00	None	HIVE CASE #5606 TO-S-2021-1338
103.233.118.0	24	TLM	None	2021-06-10 00:00:00	2021-12-10 00:00:00	None	HIVE CASE #5606 TO-S-2021-1338
103.233.122.0	23	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	IN TO-S-2020-0303 Malicious Email Activity
103.233.58.6	24	srm	None	2021-07-19 00:00:00	2021-10-17 00:00:00	None	HIVE Case #Forcepoint Bot Networks Forcepoint (IP=6,NP)
103.233.64.0	22	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	IN TO-S-2020-0315 Malicious Web Application Activity
103.234.100.0	22	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	MY TO-S-2020-0493 Malware Activity
103.234.162.0	24	dbc	None	2020-06-10 00:00:00	2021-06-10 00:00:00	None	IN TO-S-2020-0601 Malware Activity
103.234.162.216	24	JKC	None	2020-04-13 00:00:00	2021-04-13 00:00:00	None	CTR-20-0629 MALWARE CAMPAIGN HIVE CASE #2512 (IP=216, IN)
103.234.226.111	32	srm	None	2021-01-29 00:00:00	2021-04-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=111,TW)
103.234.226.22	32	srm	None	2021-01-29 00:00:00	2021-04-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=22,TW)
103.234.94.0	24	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=0,IN)
103.235.104.73	32	NAB	None	2020-10-30 00:00:00	2021-01-28 00:00:00	None	HIVE Case #4238 COLS-NA-TIP-20-0344 (IP=73,IN)
103.235.66.0	23	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	ID Hive Case 4187 TO-S-2021-0898 Malware Activity
103.236.177.217	32	NAB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HIVE Case #5136 TO-S-21-1197 TO-S-21-1197.01 (IP=217,PH)
103.237.161.243	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	AU TO-S-2020-0331 Malicious Web Application Activity
103.237.175.0	24	TLM	None	2021-07-29 00:00:00	2021-10-27 00:00:00	None	HIVE Case #5884 TO-S-2021-1435 (IP=0,IN)
103.237.35.42	24	DT	None	2021-09-01 00:00:00	2021-11-30 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - Web Attacks (IP=42,ID)
103.237.36.150	24	KH	None	2021-09-12 00:00:00	2021-12-11 00:00:00	None	Nuclei Vulnerability Scanner - FE IPS (IP=150,BD)
103.238.104.41	24	GM	None	2021-03-03 00:00:00	2021-06-27 00:00:00	None	SQL use of sleep function in HTTP header - likely SQL injection attempt - Web Attacks (IP=41,IN) | updated by RR Block expiration extended with reason HTTP: Blind SQL Injection - Timing - Web Attacks (IP=41,IN) | updated by RR Block expiration extende
103.238.228.3	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=3,IN)
103.238.228.4	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=4,IN)
103.240.160.0	22	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	IN TO-S-2020-0298 Malicious Email Activity
103.241.0.151	32	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	AU TO-S-2020-0315 Malicious Email Activity
103.241.226.25	24	RW	None	2021-03-31 00:00:00	2021-06-30 00:00:00	None	SERVER-WEBAPP Mantis Bug Tracker password reset attempt - Sourcefire (IP=25,IN)
103.241.234.0	24	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5629 TO-S-2021-1303 (IP=0,IN)
103.241.24.165	32	dbc	None	2020-06-08 00:00:00	2021-06-08 00:00:00	None	Unafiliated TO-S-2020-0592 Malicious Email Activity
103.242.104.42	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	ID TO-S-2021-0989 Hive Case # 4493 Unknown Malicious Activity
103.242.119.65	32	NAB	None	2020-10-30 00:00:00	2021-01-28 00:00:00	None	HIVE Case #4238 COLS-NA-TIP-20-0344 (IP=65,IN)
103.242.12.0	22	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	KH TO-S-2020-0315 Malicious Web Application Activity
103.242.56.0	22	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	KH TO-S-2020-0303 Malicious Email Activity
103.243.128.53	24	BMP	None	2020-10-12 00:00:00	2021-01-12 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - 6hr Web Attacks (IP=53,HK)
103.243.128.99	24	BMP	None	2020-10-12 00:00:00	2021-01-12 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=99,HK)
103.243.131.63	24	RW	None	2020-11-09 00:00:00	2021-02-09 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr web attacks (IP=63,HK)
103.243.142.55	24	BMP	None	2021-03-13 00:00:00	2021-06-11 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=55,BD)
103.243.175.226	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=226,SG)
103.243.182.196	24	RR	None	2020-12-14 00:00:00	2021-03-14 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt (1:37078:4) - SourceFire (IP=196,HK)
103.243.182.196	24	RB	None	2020-12-13 00:00:00	2021-12-13 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Sourcefire (IP=196,HK)
103.244.0.0	22	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	HK TO-S-2020-0331 Malicious Web Application Activity
103.244.142.0	24	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	BD Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
103.244.245.0	24	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	ID TO-S-2020-0535 Malicious Email Activity
103.245.193.0	24	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	PK TO-S-2020-0750 Malicious Email Activity
103.245.204.0	22	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	BD TO-S-2020-0331 Malicious Web Application Activity
103.245.209.187	32	NAB	None	2020-10-30 00:00:00	2021-01-28 00:00:00	None	HIVE Case #4238 COLS-NA-TIP-20-0344 (IP=187,HK)
103.245.50.0	24	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	IN Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
103.245.8.0	22	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	IN TO-S-2020-0298 Malicious Email Activity
103.246.38.0	24	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	HK TO-S-2020-0303 Malicious Email Activity
103.247.196.0	23	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	ID TO-S-2021-0989 Hive Case # 4493 Malware Activity
103.248.116.0	22	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	IN TO-S-2020-0298 Malicious Email Activity
103.248.175.0	24	TLM	None	2021-06-17 00:00:00	2021-12-17 00:00:00	None	HIVE Case #5644 TO-S-2021-1352 (IP=0,IN)
103.248.209.132	24	RR	None	2021-03-06 00:00:00	2021-06-04 00:00:00	None	SERVER-WEBAPP LifeRay arbitrary Java object deserialization attempt - SourceFire (IP=132,IN)
103.248.40.0	22	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	KH TO-S-2020-0298 Malicious Email Activity
103.249.180.0	23	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	IN TO-S-2020-0298 Malicious Email Activity
103.249.192.0	22	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	CN Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
103.249.233.0	24	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	IN TO-S-2021-0989 Hive Case # 4493 Unknown Malicious Activity
103.249.70.0	24	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	RO Hive Case 4187 TO-S-2021-0898 Malicious Web Application Activity
103.249.98.65	24	FT	None	2021-03-27 00:00:00	2021-06-25 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=65,IN)
103.25.138.0	24	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5637 TO-S-2021-1321 (IP=0,PK)
103.25.152.0	22	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	IN TO-S-2021-0989 Hive Case # 4493 Malware Activity
103.25.166.0	23	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	ID TO-S-2020-0331 Malicious Web Application Activity
103.25.196.0	23	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,ID)
103.25.203.96	32	dbc	None	2020-05-13 00:00:00	2021-05-13 00:00:00	None	Unaffiliated TO-S-2020-0503 Malicious Email Activity
103.25.210.218	24	DT	None	2021-07-26 00:00:00	2021-10-24 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - Web Attacks (IP=218,ID)
103.250.136.209	24	RR	None	2020-12-13 00:00:00	2021-03-13 00:00:00	None	SERVER-WEBAPP Citrix ADC and Gateway information disclosure attempt - Web Attacks (IP=209,IN)
103.250.22.104	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	AU TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
103.250.232.162	32	dbc	None	2020-06-10 00:00:00	2021-06-10 00:00:00	None	Unaffiliated TO-S-2020-0601 Malicious Email Activity
103.250.52.0	22	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	HK Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
103.251.24.0	24	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,IN)
103.252.17.146	24	BMP	None	2021-02-11 00:00:00	2021-05-11 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=146,HK)
103.252.248.0	22	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	CN TO-S-2020-0303 Malicious Email Activity
103.252.33.46	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	PH TO-S-2020-0750 Malicious Email Activity
103.253.24.0	22	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	SG TO-S-2020-0315 Malware Activity
103.253.27.223	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	SG TO-S-2020-0298 Malicious Email Activity
103.253.42.0	24	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	HK Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
103.253.43.0	24	NAB	None	2021-04-05 00:00:00	2021-07-04 00:00:00	None	HIVE Case #5201 TO-S-21-1209 (IP=0,HK)
103.253.72.0	22	dbc	None	2020-09-23 00:00:00	2021-09-23 00:00:00	None	TH TO-S-2020-0826 Hive Case 3950 Malicious Email Activity
103.254.126.0	23	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	ID TO-S-2020-0331 Malicious Web Application Activity
103.254.139.238	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	AU Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
103.254.96.0	22	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	IN TO-S-2020-0331 Malicious Web Application Activity
103.255.237.75	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	Unaffiliated TO-S-2020-0535 Malicious Email Activity
103.26.20.0	22	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	TH Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
103.26.204.191	32	dbc	None	2020-05-13 00:00:00	2021-05-13 00:00:00	None	Unaffiliated TO-S-2020-0503 unknown activity
103.26.85.230	24	BB	None	2021-08-01 00:00:00	2021-10-30 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt (1:19559:13) - SourceFire (IP=230,PK)
103.27.200.165	24	RW	None	2021-05-14 00:00:00	2021-08-14 00:00:00	None	SSH2 Failed Login Attempt - Failed Logons (IP=165,TH)
103.27.236.57	32	RR	None	2020-10-21 00:00:00	2021-01-21 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - TT# 21C00176 (IP=57,VN)
103.27.238.134	32	dbc	None	2020-06-08 00:00:00	2021-06-08 00:00:00	None	Unafiliated TO-S-2020-0592 Malicious Email Activity
103.27.35.164	32	NAB	None	2021-04-05 00:00:00	2021-07-04 00:00:00	None	HIVE Case #5201 TO-S-21-1209 (IP=164,AU)
103.27.74.0	24	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,MY)
103.27.86.219	24	RR	None	2021-06-14 00:00:00	2021-09-12 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=219,IN)
103.28.0.0	22	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	KH TO-S-2020-0303 Malicious Email Activity
103.28.12.0	24	NAB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HIVE Case #5136 TO-S-21-1197 TO-S-21-1197.01 (IP=0,ID)
103.28.224.0	22	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	ID TO-S-2020-0331 Malicious Web Application Activity
103.28.47.0	24	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	HK Hive Case 4187 TO-S-2021-0898 Malicious Web Application Activity
103.29.117.0	24	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=0,IN)
103.29.84.38	32	jkc	None	2021-04-21 00:00:00	2021-10-21 00:00:00	None	Case # 5273 IOC_TO-S-2021-1233 Malicious callback IP
103.3.222.160	24	DT	None	2021-03-13 00:00:00	2021-06-13 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6hr Failed Logons (IP=160,ID)
103.3.225.0	24	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	BD Hive Case 4237 TO-S-2021-0910 Malware Activity
103.3.46.0	24	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	ID TO-S-2020-0698 Malicious Email Activity
103.30.0.0	22	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5637 TO-S-2021-1321 (IP=0,ID)
103.30.145.87	24	DT	None	2021-03-14 00:00:00	2021-06-14 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=87,ID)
103.30.17.44	32	NAB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HIVE Case #5136 TO-S-21-1197 TO-S-21-1197.01 (IP=44,US)
103.30.92.0	22	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	ID TO-S-2020-0298 Malicious Email Activity
103.31.224.0	24	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	ID TO-S-2020-0750 Malicious Email Activity
103.31.44.0	22	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	ID TO-S-2020-0303 Malicious Email Activity
103.31.82.25	24	FT	None	2021-03-20 00:00:00	2021-06-18 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=25,PK)
103.35.108.0	22	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	BD TO-S-2020-0303 Malicious Email Activity
103.35.116.0	22	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	CN TO-S-2020-0698 Malicious Reconnaissance Activity
103.36.124.0	22	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	IN TO-S-2020-0303 Malicious Email Activity
103.36.19.29	32	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	PH TO-S-2020-0838 Malware Activity
103.36.92.60	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	SG TO-S-2020-0459 Malware Activity
103.38.12.0	24	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	IN TO-S-2021-0876 Hive Case 4166 Malware Activity
103.38.196.0	22	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	NP TO-S-2020-0331 Malware Activity
103.38.20.0	22	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	MY Hive Case 4237 TO-S-2021-0910 Malicious Reconnaissance Activity
103.38.83.14	24	RW	None	2020-12-27 00:00:00	2021-03-27 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr web attacks (IP=14,HK)
103.39.208.0	20	dbc	None	2020-06-08 00:00:00	2021-06-08 00:00:00	None	CN TO-S-2020-0592 Malware Activity
103.39.9.0	24	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	IN Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
103.4.116.0	22	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	BD TO-S-2020-0303 Malicious Email Activity
103.4.92.0	22	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	PK TO-S-2021-0876 Hive Case 4166 Malware Activity
103.40.109.52	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	AU TO-S-2020-0331 Malicious Web Application Activity
103.40.138.52	24	BB	None	2021-07-31 00:00:00	2021-10-29 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=52,TH)
103.40.172.173	24	RB	None	2021-05-22 00:00:00	2021-08-26 00:00:00	None	SERVER-WEBAPP Zeroshell Linux Router command injection attempt (1:54794:2) - SourceFire (IP=173,HK) | updated by BB Block expiration extended with reason SERVER-WEBAPP Zeroshell Linux Router command injection attempt - WebAttacks (IP=173,HK) SERVER-WEB
103.40.172.173	24	RR	None	2021-05-23 00:00:00	2021-08-26 00:00:00	None	SERVER-WEBAPP Zeroshell Linux Router command injection attempt (1:54794:2) - SourceFire (IP=173,HK) | updated by BB Block expiration extended with reason SERVER-WEBAPP Zeroshell Linux Router command injection attempt - WebAttacks (IP=173,HK) SERVER-WEB
103.40.172.173	24	RR	None	2021-05-20 00:00:00	2021-08-26 00:00:00	None	SERVER-WEBAPP Zeroshell Linux Router command injection attempt (1:54794:2) - SourceFire (IP=173,HK) | updated by BB Block expiration extended with reason SERVER-WEBAPP Zeroshell Linux Router command injection attempt - WebAttacks (IP=173,HK) SERVER-WEB
103.40.172.173	24	BB	None	2021-05-20 00:00:00	2021-08-26 00:00:00	None	SERVER-WEBAPP Zeroshell Linux Router command injection attempt (1:54794:2) - SourceFire (IP=173,HK) | updated by BB Block expiration extended with reason SERVER-WEBAPP Zeroshell Linux Router command injection attempt - WebAttacks (IP=173,HK) SERVER-WEB
103.40.172.173	24	RR	None	2021-05-28 00:00:00	2021-08-26 00:00:00	None	SERVER-WEBAPP Zeroshell Linux Router command injection attempt (1:54794:2) - SourceFire (IP=173,HK) | updated by BB Block expiration extended with reason SERVER-WEBAPP Zeroshell Linux Router command injection attempt - WebAttacks (IP=173,HK) SERVER-WEB
103.40.172.189	24	RB	None	2021-05-22 00:00:00	2021-08-20 00:00:00	None	SERVER-WEBAPP Zeroshell Linux Router command injection attempt - Sourcefire (IP=189,HK)
103.40.172.189	24	RR	None	2021-05-23 00:00:00	2021-08-21 00:00:00	None	SERVER-WEBAPP Zeroshell Linux Router command injection attempt - SourceFire (IP=189,HK)
103.40.247.92	24	RR	None	2021-04-26 00:00:00	2021-07-25 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=92,CN)
103.40.28.220	24	FT	None	2020-10-03 00:00:00	2021-01-04 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=220,CN) | updated by FT Block expiration extended with reason SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt (1:37078:4) - SourceFire (IP=220,CN)
103.41.144.0	22	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	IN TO-S-2020-0303 Malicious Email Activity
103.41.25.2	32	wmp	None	2021-05-21 00:00:00	2021-08-21 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=2,IN)
103.41.36.0	22	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	IN TO-S-2020-0750 Malicious Email Activity
103.42.88.0	22	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	IN TO-S-2021-0941 Hive Case 4361 Malware Activity
103.43.144.26	24	KH	None	2021-07-26 00:00:00	2021-10-24 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - Web Attacks (IP=26,PG)
103.43.147.91	24	KH	None	2021-07-26 00:00:00	2021-10-24 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - Web Attacks (IP=91,PG)
103.43.44.0	22	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,ID)
103.43.65.13	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=13,IN)
103.43.68.0	22	dbc	None	2020-06-10 00:00:00	2021-06-10 00:00:00	None	HK TO-S-2020-0601 Malicious Web Application Activity
103.44.136.0	22	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	IN TO-S-2020-0298 Malicious Email Activity
103.44.149.0	24	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	ID TO-S-2020-0750 Malicious Email Activity
103.44.245.166	24	GM	None	2020-11-27 00:00:00	2021-02-27 00:00:00	None	SERVER-WEBAPP ZyXEL P660HN ADSL Router viewlog.asp command injection attempt - Sourcefire (IP=166,CN)
103.45.103.80	24	DT	None	2021-01-07 00:00:00	2021-04-07 00:00:00	None	HTTP: SQL Injection Attempt Detected - 6hr Web attacks (IP=80,CN)
103.45.110.153	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=153,CN)
103.45.130.217	24	BB	None	2021-05-20 00:00:00	2021-08-19 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - WebAttacks (IP=217, CN)
103.45.144.0	22	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	CN TO-S-2020-0698 Malicious Reconnaissance Activity
103.45.176.68	24	RB	None	2021-04-05 00:00:00	2021-07-04 00:00:00	None	SERVER-WEBAPP vBulletin pre-authenticated command injection attempt - 6hr web attacks (IP=68,CN)
103.45.186.176	24	RB	None	2020-10-07 00:00:00	2021-01-05 00:00:00	None	Hello Peppa Scan - 6hr web attacks (IP=176,CN)
103.45.98.105	24	RR	None	2020-10-12 00:00:00	2021-01-10 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - SourceFire (IP=105,CN)
103.46.241.0	24	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	IN Hive Case 4187 TO-S-2021-0898 Malware Activity
103.47.104.251	24	GM	None	2020-11-12 00:00:00	2021-02-12 00:00:00	None	Generic URI Injection wget Attempt - FireEye CMS (IP=251,IN)
103.47.168.0	22	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	IN TO-S-2020-0303 Malicious Email Activity
103.47.17.0	24	TLM	None	2021-06-10 00:00:00	2021-12-10 00:00:00	None	HIVE CASE #5606 TO-S-2021-1338
103.47.192.172	24	BMP	None	2021-08-07 00:00:00	2021-11-05 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt (1:28556:3) - SourceFire (IP=172,VN)
103.47.194.31	24	DT	None	2021-03-30 00:00:00	2021-06-28 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=31,VN)
103.47.216.0	22	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	IN TO-S-2020-0331 Malicious Web Application Activity
103.47.64.145	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=145,IN)
103.47.92.0	22	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	IN TO-S-2020-0331 Malicious Web Application Activity
103.48.180.0	22	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	IN Hive Case 4237 TO-S-2021-0910 Malware Activity
103.48.192.0	22	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	VN TO-S-2021-1007 Malicious Email Activity
103.48.44.0	22	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	IN TO-S-2020-0331 Malicious Web Application Activity
103.49.212.0	22	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	CN Hive Case 4237 TO-S-2021-0910 Malware Activity
103.50.153.187	24	DT	None	2021-03-02 00:00:00	2021-06-02 00:00:00	None	Malicious IP - Hive Case 4970 (IP=187,IN)
103.50.164.0	22	jkc	None	2021-04-21 00:00:00	2021-10-21 00:00:00	None	Case # 5273 IOC_TO-S-2021-1233 Malicious callback IP
103.50.4.0	22	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	IN TO-S-2020-0303 Malicious Email Activity
103.51.20.0	24	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	IN Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
103.51.217.0	24	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5629 TO-S-2021-1303 (IP=0,IN)
103.52.216.52	24	PS	None	2021-06-03 00:00:00	2021-09-01 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - SourceFire (1:42785:4) (IP=52,CA)
103.52.216.52	24	PS	None	2021-06-03 00:00:00	2021-09-01 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - SourceFire (1:42785:4) (IP=52,CA)
103.52.250.147	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=147,IN)
103.53.16.0	22	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	AF TO-S-2020-0303 Malicious Email Activity
103.53.40.0	22	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	IN Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
103.54.141.0	24	TLM	None	2021-07-29 00:00:00	2021-10-27 00:00:00	None	HIVE Case #5884 TO-S-2021-1435 (IP=0,IN)
103.54.200.0	22	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	IN TO-S-2020-0298 Malicious Email Activity
103.54.216.0	22	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	ID TO-S-2020-0303 Malicious Email Activity
103.54.28.0	22	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	IN TO-S-2020-0331 Malicious Web Application Activity
103.54.30.2	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	IN TO-S-2020-0331 Malicious Web Application Activity
103.54.43.199	24	GM	None	2020-10-14 00:00:00	2021-01-14 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Sourcefire (IP=19
103.55.144.0	22	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	BD TO-S-2020-0331 Malicious Web Application Activity
103.55.24.147	32	dbc	None	2020-06-08 00:00:00	2021-06-08 00:00:00	None	Unafiliated TO-S-2020-0592 Malicious Email Activity
103.55.33.0	24	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5629 TO-S-2021-1303 (IP=0,ID)
103.55.36.116	24	RW	None	2021-03-31 00:00:00	2021-06-30 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability - 6hr web attacks (IP=116,ID)
103.55.37.0	24	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	ID TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
103.55.48.7	24	RB	None	2021-03-29 00:00:00	2021-06-27 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - Sourcefire (IP=7,TL)
103.55.64.0	22	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	IN Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
103.56.156.0	22	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	VN TO-S-2020-0838 Malicious Email Activity
103.56.237.0	24	wmp	None	2020-09-01 00:00:00	2021-09-17 00:00:00	None	HIVE Case #3708 TO-S-2020-0766 (IP=0,IN) | updated by dbc Block expiration extended with reason IN TO-S-2020-0805 Malicious Web Application Activity
103.56.40.0	22	dbc	None	2020-09-17 00:00:00	2021-09-17 00:00:00	None	IN TO-S-2020-0805 Malicious Email Activity
103.56.84.0	22	TLM	None	2021-06-10 00:00:00	2021-12-10 00:00:00	None	HIVE CASE #5606 TO-S-2021-1338
103.57.87.43	24	KH	None	2021-07-12 00:00:00	2021-10-10 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt (1:19559:13) - SourceFire (IP=43,IN)
103.58.148.0	24	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	TH Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
103.58.248.0	22	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	IN TO-S-2020-0303 Malicious Email Activity
103.58.72.0	22	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=0,BD)
103.59.100.0	22	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	CN TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
103.59.134.0	24	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	IN Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
103.59.140.67	24	FT	None	2021-03-27 00:00:00	2021-06-25 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=,IN)
103.6.204.0	23	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,ID)
103.6.206.0	23	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	ID TO-S-2020-0838 Malicious Email Activity
103.6.52.0	23	NAB	None	2021-04-05 00:00:00	2021-07-04 00:00:00	None	HIVE Case #5201 TO-S-21-1209 (IP=0,ID)
103.60.13.2	32	ABC	None	2017-12-22 06:00:00	2021-09-15 00:00:00	None	Generic ArcSight scan attempt (IP=2,US) | updated by ABC with reason Generic ArcSight scan attempt (IP=2,US) | updated by CW Block was inactive. Reactivated on 20191026 with reason Generic ArcSight scan attempt (IP=2,US) | updated by dbc Block was in
103.60.166.173	24	DT	None	2020-10-21 00:00:00	2021-01-21 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Sourcefire (IP=173,CN)
103.60.166.173	24	DT	None	2020-10-21 00:00:00	2021-01-19 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=173,CN)
103.60.172.0	22	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	BD TO-S-2020-0303 Malicious Email Activity
103.61.100.0	22	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	IN TO-S-2020-0298 Malicious Email Activity
103.62.140.0	22	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	BD TO-S-2020-0331 Malicious Web Application Activity
103.64.15.0	24	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	ID Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
103.65.192.0	22	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	IN TO-S-2020-0298 Malicious Email Activity
103.66.209.202	32	wmp	None	2021-03-01 00:00:00	2021-06-01 00:00:00	None	Firepower Suspicious Scan Activity (IP=202,IN)
103.66.216.0	22	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	CN Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
103.66.232.0	22	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	IN TO-S-2020-0750 Malicious Email Activity
103.66.59.177	24	RR	None	2021-01-28 00:00:00	2021-04-29 00:00:00	None	Hello Peppa Scan - IPS Events (IP=177,HK)
103.66.77.198	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=198,IN)
103.68.180.0	22	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	HK TO-S-2020-0298 Malicious Email Activity
103.68.62.108	24	RW	None	2021-03-31 00:00:00	2021-06-30 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Sourcefire (IP=108,HK)
103.69.110.0	23	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	PK TO-S-2020-0331 Malicious Web Application Activity
103.69.224.209	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=209,IN)
103.7.24.0	22	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	KH TO-S-2020-0298 Malicious Email Activity
103.70.144.0	22	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	IN TO-S-2020-0298 Malicious Email Activity
103.70.160.0	22	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	IN TO-S-2020-0298 Malicious Email Activity
103.70.198.0	24	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=0,IN)
103.70.198.232	24	RR	None	2020-11-15 00:00:00	2021-02-13 00:00:00	None	SERVER-WEBAPP JBoss JMXInvokerServlet access attempt - Web Attacks (IP=232,IN )
103.70.206.0	24	TLM	None	2021-07-29 00:00:00	2021-10-27 00:00:00	None	HIVE Case #5884 TO-S-2021-1435 (IP=0,IN)
103.70.244.254	24	GM	None	2021-03-11 00:00:00	2021-06-11 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=254,TH)
103.71.23.34	24	BMP	None	2020-10-17 00:00:00	2021-01-15 00:00:00	None	FTP Login Failed - 6hr Failed Logons (IP=34,IN)
103.71.255.6	24	RW	None	2021-02-27 00:00:00	2021-05-27 00:00:00	None	SERVER-WEBAPP JBoss web console access attempt - Sourcefire (IP=6,ID)
103.71.46.0	23	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5637 TO-S-2021-1321 (IP=0,BD)
103.71.59.106	32	wmp	None	2021-06-15 00:00:00	2021-09-15 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=106,AF)
103.72.100.0	24	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	IN TO-S-2021-0876 Hive Case 4166 Malware Activity
103.72.145.0	24	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	HK Hive Case 4187 TO-S-2021-0898 Malicious Web Application Activity
103.72.147.0	24	dbc	None	2020-08-26 00:00:00	2021-08-26 00:00:00	None	HK TO-S-2020-0758 Malicious Web Application Activity
103.72.168.0	22	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	IN Hive Case 4237 TO-S-2021-0910 Malware Activity
103.72.168.254	24	GM	None	2020-10-14 00:00:00	2021-01-14 00:00:00	None	FTP Login Failed - Failed Logons (IP=254,IN)
103.72.176.98	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	IN TO-S-2020-0303 Malware Activity
103.72.216.0	22	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	IN TO-S-2020-0298 Malicious Email Activity
103.72.221.125	32	wmp	None	2021-05-10 00:00:00	2021-08-10 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=125,IN)
103.73.160.0	22	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	HK TO-S-2020-0331 Malicious Web Application Activity
103.73.32.0	22	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	IN TO-S-2020-0331 Malicious Web Application Activity
103.73.64.0	22	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	HK TO-S-2020-0315 Malware Activity
103.73.67.0	24	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	HK TO-S-2020-0298 Malicious Email Activity
103.74.108.0	22	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	IN TO-S-2020-0298 Malicious Email Activity
103.74.116.0	22	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	VN Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
103.74.172.0	22	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	HK Hive Case 4187 TO-S-2021-0898 Malicious Web Application Activity
103.74.192.0	22	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	HK TO-S-2020-0331 Malicious Web Application Activity
103.74.54.0	23	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	IN Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
103.74.68.122	24	EE	None	2021-04-06 00:00:00	2021-07-05 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt (1:19559:13) - Sourcefire (IP=122,IN)
103.75.116.0	22	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	HK TO-S-2021-1007 Malicious Web Application Activity
103.75.118.80	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	JP TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
103.75.150.79	24	RB	None	2021-03-30 00:00:00	2021-06-28 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Sourcefire (IP=79,ID)
103.75.158.0	24	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	IN TO-S-2021-0989 Hive Case # 4493 Malicious Web Application Activity
103.75.164.0	22	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	IN TO-S-2020-0331 Malicious Web Application Activity
103.75.166.159	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	IN TO-S-2020-0331 Malicious Web Application Activity
103.75.184.0	22	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	VN Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
103.75.32.0	22	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	IN TO-S-2020-0298 Malicious Email Activity
103.76.12.0	22	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	ID TO-S-2020-0331 Malicious Web Application Activity
103.76.136.0	22	TLM	None	2021-06-17 00:00:00	2021-12-17 00:00:00	None	HIVE Case #5644 TO-S-2021-1352 (IP=0,IN)
103.76.188.0	22	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	IN TO-S-2020-0303 Malicious Email Activity
103.76.208.146	24	KH	None	2021-07-29 00:00:00	2021-10-27 00:00:00	None	Citrix ADC and Citrix Gateway CVE-2019-19781 Code Execution Attempt - FE IPS (IP=146,IN)
103.76.211.212	24	GM	None	2020-10-05 00:00:00	2021-01-05 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=212,IN)
103.76.26.91	24	RB	None	2021-03-24 00:00:00	2021-06-22 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr web attack (IP=91,ID)
103.76.87.94	32	NAB	None	2020-10-28 00:00:00	2021-01-26 00:00:00	None	HIVE Case #4192 COLS-NA-TIP-20-0322 (IP=94,CN)
103.77.156.0	22	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	ID TO-S-2020-0298 Malicious Email Activity
103.77.160.0	22	dbc	None	2020-10-22 00:00:00	2021-10-22 00:00:00	None	VN TO-S-2021-0901 Malicious Email Activity
103.77.37.184	24	GM	None	2021-03-03 00:00:00	2021-06-03 00:00:00	None	Generic URI Injection wget Attempt - FireEye CMS (IP=184,IN)
103.77.44.0	22	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	IN Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
103.77.76.0	22	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	ID TO-S-2020-0298 Malicious Email Activity
103.78.12.0	22	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	IN TO-S-2020-0303 Malicious Email Activity
103.78.160.0	24	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	BD Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
103.78.180.0	22	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	IN TO-S-2020-0303 Malicious Email Activity
103.78.242.0	24	dbc	None	2020-08-26 00:00:00	2021-08-26 00:00:00	None	MY TO-S-2020-0758 Malicious Email Activity
103.78.254.186	24	EE	None	2021-03-10 00:00:00	2021-06-10 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - 6 HR Web Attack (IP=186,BD)
103.79.112.0	22	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	IN TO-S-2020-0298 Malicious Email Activity
103.79.140.0	22	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	VN Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
103.79.156.0	23	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	IN TO-S-2020-0298 Malicious Email Activity
103.79.164.0	22	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	IN TO-S-2020-0331 Malicious Web Application Activity
103.79.169.155	32	dbc	None	2020-05-22 00:00:00	2021-05-27 00:00:00	None	Unafilliated TO-S-2020-0559 Malicious Email Activity | updated by dbc Block expiration extended with reason Unafilliated TO-S-2020-0559.01 Malicious Email Activity
103.79.176.0	22	dbc	None	2020-04-30 00:00:00	2021-04-30 00:00:00	None	HK TO-S-2020-0331.01 Malicious Email Activity
103.79.35.0	24	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	IN Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
103.79.53.0	24	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	CN TO-S-2020-0838 Malicious Email Activity
103.79.54.25	24	DT	None	2021-02-15 00:00:00	2021-05-15 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=25,CN)
103.8.12.100	32	RW	None	2020-10-11 00:00:00	2021-01-11 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C00093 (IP=100,ID)
103.8.162.96	24	BMP	None	2020-10-11 00:00:00	2021-01-11 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - 6hr Web Attacks (IP=96,MY)
103.8.249.129	24	EE	None	2021-04-15 00:00:00	2021-07-15 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attack (IP=129,IN) | updated by RB Block expiration extended with reason SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Sourcefire (IP=129,IN)
103.8.249.157	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=157,IN)
103.8.49.92	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	JP TO-S-2020-0493 Malware Activity
103.80.25.18	24	DT	None	2021-01-11 00:00:00	2021-04-11 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=18,CN)
103.81.105.230	24	RW	None	2021-04-18 00:00:00	2021-07-18 00:00:00	None	SQL injection - Web attacks (IP=230,BD)
103.81.115.0	24	TLM	None	2021-07-29 00:00:00	2021-10-27 00:00:00	None	HIVE Case #5884 TO-S-2021-1435 (IP=0,MM)
103.81.115.43	32	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5629 TO-S-2021-1303 (IP=43,MM)
103.81.139.0	24	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	IN TO-S-2020-0298 Malicious Email Activity
103.81.169.192	24	GM	None	2021-03-20 00:00:00	2021-06-18 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=192,CN)
103.81.213.95	24	GM	None	2021-01-07 00:00:00	2021-04-07 00:00:00	None	File /etc/passwd Access Attempt Detect - FireEye CMS (IP=95,IN)
103.82.144.197	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=197,IN)
103.82.184.64	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=64,IN)
103.82.210.0	23	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	IN Hive Case 4237 TO-S-2021-0910 Malware Activity
103.82.32.0	22	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	VN TO-S-2020-0315 Malware Activity
103.82.55.16	32	BMP	None	2020-10-11 00:00:00	2021-01-11 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759)- TT# 21C00092 (IP=16,CN)
103.82.78.182	24	RB	None	2021-05-23 00:00:00	2021-08-21 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - Sourcefire (IP=182,IN)
103.82.98.151	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=151,IN)
103.83.108.0	22	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	IN TO-S-2021-0941 Hive Case 4361 Malware Activity
103.83.174.0	24	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	ID TO-S-2021-0876 Hive Case 4166 Malicious Web Application Activity
103.83.36.101	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	US TO-S-2020-0493 Malware Activity
103.83.4.0	23	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	ID Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
103.83.81.0	24	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,IN)
103.83.93.0	24	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	ID TO-S-2021-0941 Hive Case 4361 Malware Activity
103.84.108.0	22	dbc	None	2020-06-08 00:00:00	2021-06-08 00:00:00	None	HK TO-S-2020-0592 Malware Activity
103.84.164.0	23	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	IN TO-S-2020-0298 Malicious Email Activity
103.84.235.0	24	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	ID TO-S-2021-0876 Hive Case 4166 Malware Activity
103.84.240.246	24	RR	None	2021-01-07 00:00:00	2021-04-07 00:00:00	None	Generic URI Injection wget Attempt - IPS Events (IP=246,IN)
103.84.241.248	24	GM	None	2021-01-28 00:00:00	2021-04-28 00:00:00	None	Generic URI Injection wget Attempt - FireEye CMS (IP=248,IN)
103.84.93.19	24	EE	None	2021-04-04 00:00:00	2021-07-03 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attack (IP=19,CN)
103.85.10.72	24	BMP	None	2020-10-15 00:00:00	2021-01-13 00:00:00	None	FTP Login Failed - 6hr Failed Login (IP=72,IN)
103.85.8.0	24	TLM	None	2021-06-10 00:00:00	2021-12-10 00:00:00	None	HIVE CASE #5606 TO-S-2021-1338
103.85.84.0	23	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	CN Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
103.86.177.0	24	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=0,IN)
103.86.180.113	24	UA	None	2021-06-22 00:00:00	2021-09-22 00:00:00	None	SERVER-WEBAPP JBoss JMX console access attempt (IP=113,IN)
103.86.180.113	24	UA	None	2021-06-22 00:00:00	2021-09-22 00:00:00	None	SERVER-WEBAPP JBoss JMX console access attempt - Source Fire (IP=113,IN)
103.86.180.115	24	RW	None	2021-02-28 00:00:00	2021-05-28 00:00:00	None	SERVER-WEBAPP JBoss JMXInvokerServlet access attempt - web attacks (IP=115,IN)
103.87.104.0	24	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	IN Hive Case 4237 TO-S-2021-0910 Malware Activity
103.87.168.0	22	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	IN TO-S-2020-0331 Malicious Web Application Activity
103.87.173.0	24	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5629 TO-S-2021-1303 (IP=0,IN)
103.87.214.93	32	wmp	None	2021-06-02 00:00:00	2021-09-02 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=93,BD)
103.87.24.204	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=204,IN)
103.87.47.0	24	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	IN Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
103.87.69.0	24	dbc	None	2020-09-23 00:00:00	2021-09-23 00:00:00	None	MN TO-S-2020-0826 Hive Case 3950 Malicious Email Activity
103.87.8.143	24	GM	None	2021-01-02 00:00:00	2021-04-02 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Sourcefire (IP=143,HK)
103.88.122.74	24	BMP	None	2021-03-27 00:00:00	2021-06-25 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=74,VN)
103.88.132.0	22	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=0,IN)
103.89.0.0	22	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	ID TO-S-2020-0303 Malicious Email Activity
103.89.24.33	24	BMP	None	2020-10-24 00:00:00	2021-01-21 00:00:00	None	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt - SourceFire (IP=33,BD)
103.89.56.0	22	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	IN TO-S-2020-0298 Malicious Email Activity
103.9.124.0	22	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5637 TO-S-2021-1321 (IP=0,ID)
103.9.227.5	24	BMP	None	2021-06-17 00:00:00	2021-09-15 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6hr Failed Logon (IP=5,ID)
103.9.231.118	24	RB	None	2021-03-29 00:00:00	2021-06-27 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr web attacks (IP=118,WS)
103.9.78.19	32	wmp	None	2020-10-22 00:00:00	2021-01-20 00:00:00	None	HIVE Case #4172 CTO-20-295 (IP=19,VN)
103.90.203.0	24	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	HK Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
103.90.204.0	22	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	IN TO-S-2020-0303 Malicious Email Activity
103.90.22.0	24	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	VN TO-S-2020-0698 Malware Activity
103.90.220.0	22	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	VN TO-S-2021-1007 Unknown Malicious Activity
103.90.228.0	22	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,VN)
103.90.251.57	24	RW	None	2021-09-30 00:00:00	2021-12-29 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - Web Attacks (IP=57,ID)
103.90.46.0	24	TLM	None	2021-06-10 00:00:00	2021-12-10 00:00:00	None	HIVE CASE #5606 TO-S-2021-1338
103.90.73.70	24	KD	None	2021-06-16 00:00:00	2021-09-15 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt (1:19559:13)- Source fire (IP=70,IN)
103.91.123.92	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=92,IN)
103.91.127.149	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=149,IN)
103.91.17.213	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	HIVE Case #Firepower Firepower (IP=213,IN)
103.91.245.11	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=11,IN)
103.91.245.13	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=13,IN)
103.91.245.16	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=16,IN)
103.91.245.23	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=23,IN)
103.91.245.25	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=25,IN)
103.91.245.27	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=27,IN)
103.91.245.28	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=28,IN)
103.91.245.3	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=3,IN)
103.91.245.30	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=30,IN)
103.91.245.32	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=32,IN)
103.91.245.41	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=41,IN)
103.91.245.44	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=44,IN)
103.91.245.46	32	srm	None	2021-02-02 00:00:00	2021-05-03 00:00:00	None	Firepwer Suspicious Scan Activity (IP=46,IN)
103.91.245.47	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=47,IN)
103.91.245.49	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=49,IN)
103.91.245.54	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=54,IN)
103.91.245.62	32	wmp	None	2021-02-10 00:00:00	2021-05-10 00:00:00	None	Firepower Suspicious Scan Activity (IP=62,IN)
103.91.62.0	24	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	IN TO-S-2020-0303 Malicious Email Activity
103.91.76.0	22	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	IN TO-S-2020-0303 Malicious Email Activity
103.92.28.0	22	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	VN TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
103.93.16.0	23	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	IN TO-S-2020-0298 Malicious Email Activity
103.93.175.94	24	GM	None	2021-01-12 00:00:00	2021-04-12 00:00:00	None	SERVER-WEBAPP JBoss JMX console access attempt - Sourcefire (IP=94,IN)
103.94.120.0	22	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	ID TO-S-2020-0331 Malicious Web Application Activity
103.94.135.0	24	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	BD TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
103.94.171.0	24	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5629 TO-S-2021-1303 (IP=0,ID)
103.94.181.81	32	FT	None	2020-10-04 00:00:00	2021-01-04 00:00:00	None	HTTP: Apache Struts 2 Remote Code Execution (CVE-2017-5638) - TT# 21C00028 (IP=81,CN)
103.95.110.178	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	AU TO-S-2020-0298 Malicious Email Activity
103.95.234.0	24	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	IN TO-S-2020-0298 Malicious Email Activity
103.95.48.0	24	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,IN)
103.96.43.138	24	RR	None	2021-03-29 00:00:00	2021-06-27 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=138,IN)
103.96.48.0	22	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	IN TO-S-2020-0298 Malicious Email Activity
103.96.72.0	22	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	HK TO-S-2020-0298 Malicious Email Activity
103.98.17.0	24	NAB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HIVE Case #5136 TO-S-21-1197 TO-S-21-1197.01 (IP=0,TW)
103.99.207.219	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=219,IN)
104.123.20.6	32	wmp	None	2020-07-17 00:00:00	2021-08-24 00:00:00	None	HIVE Case #3353 TO-S-2020-0682 COLS-NA-TIP-20-0223 (IP=6,NL) | updated by wmp Block expiration extended with reason HIVE Case #3374 COLS-NA-TIP-20-0228 (IP=6,NL) | updated by wmp Block expiration extended with reason HIVE Case #3601 COLS-NA-TIP-20-026
104.128.78.3	32	RR	None	2021-09-23 00:00:00	2021-12-22 00:00:00	None	Attempted Access - Inbound Brute Force - TT# 21C01935(IP=3,US)
104.129.0.124	32	wmp	None	2020-06-22 00:00:00	2021-08-24 00:00:00	None	HIVE Case #3071 COLS-NA-TIP-20-0188 (IP=124,US) | updated by dbc Block expiration extended with reason US TO-S-2020-0750 Malicious Email Activity
104.129.0.125	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	US TO-S-2020-0698 Malicious Email Activity
104.129.194.85	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=85,US)
104.129.196.198	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=198,US)
104.129.196.209	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=209,US)
104.129.204.134	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=134,US)
104.129.206.85	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=85,US)
104.129.25.8	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
104.129.25.9	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
104.130.211.29	32	NAB	None	2021-01-27 00:00:00	2021-04-27 00:00:00	None	HIVE Case #NA FP Security (IP=29,US)
104.130.80.227	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
104.131.0.18	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	US TO-S-2020-0493 Malware Activity
104.131.0.47	32	GM	None	2020-10-05 00:00:00	2021-01-05 00:00:00	None	HTTP: PHP File Upload Vulnerability Detected - Web Attacks (IP=47,US)
104.131.1.0	24	KH	None	2021-08-04 00:00:00	2021-11-02 00:00:00	None	Self Report/ ColdFusion Error/Bulk IP Block - TT# 21C01516 (IP=0,US)
104.131.103.37	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malware Activity
104.131.108.54	32	EE	None	2021-04-02 00:00:00	2021-07-01 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire(IP=54,US)
104.131.11.42	32	BMP	None	2021-03-30 00:00:00	2021-06-28 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=42,US)
104.131.111.129	32	CR	None	2021-05-13 00:00:00	2021-08-11 00:00:00	None	MULTIPLE UNRECOGNIZED TECHNIQUES; FORWARD TO DEV TEAM (IP=129,US)
104.131.111.135	32	BMP	None	2021-04-30 00:00:00	2021-07-29 00:00:00	None	SQL injection - 6hr Web Attacks (IP=135,US)
104.131.111.171	32	BMP	None	2021-04-30 00:00:00	2021-07-29 00:00:00	None	SQL injection - 6hr Web Attacks (IP=171,US)
104.131.111.181	32	BMP	None	2021-04-30 00:00:00	2021-07-30 00:00:00	None	SQL injection - 6hr Web Attacks (IP=181,US) | updated by RB Block expiration extended with reason File /etc/passwd Access Attempt Detect - FireEye IPS Events (IP=181,US)
104.131.111.231	32	BMP	None	2021-04-30 00:00:00	2021-07-29 00:00:00	None	SERVER-WEBAPP Apache Tomcat FileStore directory traversal attempt - 6hr Web Attacks (IP=231,US)
104.131.111.240	32	BMP	None	2021-04-30 00:00:00	2021-07-29 00:00:00	None	SQL injection - 6hr Web Attacks (IP=240,US)
104.131.111.65	32	wmp	None	2021-05-07 00:00:00	2021-08-07 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=65,US)
104.131.111.68	32	wmp	None	2021-05-07 00:00:00	2021-08-07 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=68,US)
104.131.111.8	32	RW	None	2021-05-07 00:00:00	2021-08-07 00:00:00	None	SQL injection - Web attacks (IP=8,US)
104.131.111.98	32	wmp	None	2021-05-07 00:00:00	2021-08-07 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=98,US)
104.131.112.115	32	BMP	None	2021-04-30 00:00:00	2021-07-29 00:00:00	None	SQL injection - 6hr Web Attacks (IP=115,US)
104.131.112.138	32	BMP	None	2021-04-30 00:00:00	2021-07-29 00:00:00	None	SQL injection - 6hr Web Attacks (IP=138,US)
104.131.112.142	32	BMP	None	2021-04-30 00:00:00	2021-07-29 00:00:00	None	SQL injection - 6hr Web Attacks (IP=142,US)
104.131.112.182	32	BMP	None	2021-04-30 00:00:00	2021-07-29 00:00:00	None	SQL injection - 6hr Web Attacks (IP=182,US)
104.131.112.227	32	BMP	None	2021-04-30 00:00:00	2021-07-29 00:00:00	None	SQL injection - 6hr Web Attacks (IP=227,US)
104.131.112.249	32	RW	None	2021-05-07 00:00:00	2021-08-07 00:00:00	None	SQL injection - Web attacks (IP=249,US)
104.131.112.40	32	BMP	None	2021-04-30 00:00:00	2021-07-29 00:00:00	None	SQL injection - 6hr Web Attacks (IP=40,US)
104.131.112.72	32	BMP	None	2021-04-30 00:00:00	2021-07-29 00:00:00	None	SQL injection - 6hr Web Attacks (IP=72,US)
104.131.113.108	32	RW	None	2021-05-07 00:00:00	2021-08-07 00:00:00	None	SQL injection - Web attacks (IP=108,US)
104.131.113.142	32	BMP	None	2021-04-30 00:00:00	2021-07-29 00:00:00	None	SQL injection - 6hr Web Attacks (IP=142,US)
104.131.113.157	32	BMP	None	2021-04-30 00:00:00	2021-07-29 00:00:00	None	SQL injection - 6hr Web Attacks (IP=157,US)
104.131.113.161	32	BMP	None	2021-04-30 00:00:00	2021-07-29 00:00:00	None	SQL injection - 6hr Web Attacks (IP=161,US)
104.131.113.17	32	BMP	None	2021-04-30 00:00:00	2021-07-29 00:00:00	None	Artica Web Proxy SQL Injection Vulnerability - 6hr Web Attacks (IP=17,US)
104.131.113.186	32	BMP	None	2021-04-30 00:00:00	2021-07-29 00:00:00	None	HTTP: Joomla SQL Injection Vulnerability (CVE-2017-8917) - 6hr Web Attacks (IP=186,US)
104.131.113.35	32	BMP	None	2021-04-30 00:00:00	2021-07-29 00:00:00	None	SQL injection - 6hr Web Attacks (IP=35,US)
104.131.113.43	32	BMP	None	2021-04-30 00:00:00	2021-07-29 00:00:00	None	Adobe ColdFusion Administrator Access Restriction - 6hr Web Attacks (IP=43,US)
104.131.113.96	32	BMP	None	2021-04-30 00:00:00	2021-07-29 00:00:00	None	SQL injection - 6hr Web Attacks (IP=96,US)
104.131.114.165	32	FT	None	2021-04-14 00:00:00	2021-07-13 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr web attacks (IP=165,US)
104.131.114.195	32	BMP	None	2021-04-30 00:00:00	2021-07-29 00:00:00	None	SQL injection - 6hr Web Attacks (IP=195,US)
104.131.114.232	32	BMP	None	2021-04-30 00:00:00	2021-07-29 00:00:00	None	Adobe ColdFusion Administrator Access Restriction - 6hr Web Attacks (IP=232,US)
104.131.114.88	32	BMP	None	2021-04-30 00:00:00	2021-07-29 00:00:00	None	SQL injection - 6hr Web Attacks (IP=88,US)
104.131.114.97	32	BMP	None	2021-04-30 00:00:00	2021-07-29 00:00:00	None	SQL injection - 6hr Web Attacks (IP=97,US)
104.131.115.125	32	BMP	None	2021-04-30 00:00:00	2021-07-29 00:00:00	None	SQL injection - 6hr Web Attacks (IP=125,US)
104.131.115.139	32	BMP	None	2021-04-30 00:00:00	2021-07-29 00:00:00	None	SQL injection - 6hr Web Attacks (IP=139,US)
104.131.115.152	32	wmp	None	2021-05-07 00:00:00	2021-08-07 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=152,US)
104.131.115.191	32	BMP	None	2021-04-30 00:00:00	2021-07-29 00:00:00	None	SQL injection - 6hr Web Attacks (IP=191,US)
104.131.115.20	32	BMP	None	2021-04-30 00:00:00	2021-07-29 00:00:00	None	SQL injection - 6hr Web Attacks (IP=20,US)
104.131.115.233	32	RR	None	2021-02-26 00:00:00	2021-05-27 00:00:00	None	OS-OTHER Bash CGI environment variable injection attempt - Web Attacks (IP=233,US)
104.131.115.33	32	RR	None	2021-02-26 00:00:00	2021-05-27 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=33,US)
104.131.115.44	32	BMP	None	2021-04-30 00:00:00	2021-07-29 00:00:00	None	Adobe ColdFusion Administrator Access Restriction - 6hr Web Attacks (IP=44,US)
104.131.116.149	32	BMP	None	2021-04-30 00:00:00	2021-07-29 00:00:00	None	SQL injection - 6hr Web Attacks (IP=149,US)
104.131.116.28	32	RW	None	2021-05-07 00:00:00	2021-08-07 00:00:00	None	SQL injection - Web attacks (IP=28,US)
104.131.117.143	32	RW	None	2021-05-07 00:00:00	2021-08-07 00:00:00	None	SQL injection - Web attacks (IP=143,US)
104.131.118.131	32	wmp	None	2021-05-07 00:00:00	2021-08-07 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=131,US)
104.131.118.31	32	wmp	None	2021-05-07 00:00:00	2021-08-07 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=31,US)
104.131.118.44	32	RW	None	2021-05-07 00:00:00	2021-08-07 00:00:00	None	SQL injection - Web attacks (IP=44,US)
104.131.118.71	32	wmp	None	2021-05-07 00:00:00	2021-08-07 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=71,US)
104.131.119.242	32	RW	None	2021-05-07 00:00:00	2021-08-07 00:00:00	None	SQL injection - Web attacks (IP=242,US)
104.131.120.22	32	RW	None	2021-05-07 00:00:00	2021-08-07 00:00:00	None	SQL injection - Web attacks (IP=22,US)
104.131.120.234	32	RR	None	2021-02-26 00:00:00	2021-05-27 00:00:00	None	OS-OTHER Bash CGI environment variable injection attempt - Web Attacks (IP=234,US)
104.131.120.39	32	RW	None	2021-05-07 00:00:00	2021-08-07 00:00:00	None	SQL injection - Web attacks (IP=39,US)
104.131.120.41	32	RR	None	2021-02-26 00:00:00	2021-05-27 00:00:00	None	SERVER-WEBAPP Citrix ADC and Gateway information disclosure attempt - Web Attacks (IP=41,US)
104.131.120.84	32	wmp	None	2021-05-07 00:00:00	2021-08-07 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=84,US)
104.131.129.79	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
104.131.13.32	32	RB	None	2021-03-29 00:00:00	2021-06-27 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=32,US)
104.131.13.68	32	RB	None	2021-04-12 00:00:00	2021-07-11 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Sourcefire (IP=68,US)
104.131.14.162	32	RW	None	2021-06-17 00:00:00	2021-09-15 00:00:00	None	SERVER-WEBAPP WordPress get_post authentication bypass attempt - SourceFire (IP=162,US)
104.131.15.191	32	RW	None	2021-04-02 00:00:00	2021-07-02 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Sourcefire (IP=191,US)
104.131.164.101	32	EE	None	2021-04-20 00:00:00	2021-07-19 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attack (IP=101,US)
104.131.166.216	32	GM	None	2021-04-02 00:00:00	2021-07-02 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=216,US)
104.131.171.181	32	RR	None	2021-03-23 00:00:00	2021-06-21 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) -SourceFire (IP=181,US)
104.131.175.170	32	CR	None	2021-05-06 00:00:00	2021-08-06 00:00:00	None	SQL injection (IP=170,US)
104.131.177.84	32	DT	None	2021-03-30 00:00:00	2021-06-28 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=84,US)
104.131.186.32	32	RR	None	2021-03-09 00:00:00	2021-06-07 00:00:00	None	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00589 (IP=32,US)
104.131.212.234	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	US TO-S-2020-0493 Malware Activity
104.131.215.9	32	GM	None	2020-11-10 00:00:00	2021-02-10 00:00:00	None	FOX-SRT - IOC - XServer/Agent - Possible XServer Start SOCKS5 Proxy mode (ProxyTransmit) - Sourcefire (IP=9,US)
104.131.33.4	32	RB	None	2021-03-29 00:00:00	2021-06-27 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=4,US)
104.131.38.81	32	RR	None	2020-10-12 00:00:00	2021-01-10 00:00:00	None	SERVER-WEBAPP RevSlider information disclosure attempt - Web Attacks (IP=81,US)
104.131.40.51	32	AR	None	2021-08-22 00:00:00	2021-11-20 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6Hr Web Attack (IP=51,US)
104.131.41.185	32	CR	None	2020-04-30 00:00:00	2021-10-21 00:00:00	None	associated with known threat actors (IP=185,US) | updated by dbc Block was inactive. Reactivated on 20201021 with reason US TO-S-2021-0876 Hive Case 4166 Malware Activity
104.131.43.102	32	BMP	None	2021-03-23 00:00:00	2021-06-21 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - 6hr Web Attacks (IP=12,US)
104.131.44.150	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malware Activity
104.131.53.32	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
104.131.54.44	32	RW	None	2021-03-10 00:00:00	2021-06-28 00:00:00	None	HTTP: SQL Injection - Exploit II - 6hr web attacks (IP=44,US) | updated by RB Block expiration extended with reason SERVER-WEBAPP Atvise denial of service attempt - 6hr web attacks (IP=44,US) | updated by BMP Block expiration extended with reason Arti
104.131.6.4	32	BMP	None	2021-04-02 00:00:00	2021-07-01 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=4,US)
104.131.62.14	32	CR	None	2021-01-06 00:00:00	2021-04-06 00:00:00	None	Masscan TCP Port Scanner - IPS Events (IP=14,US)
104.131.7.177	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
104.131.78.60	32	BMP	None	2021-03-13 00:00:00	2021-06-30 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=60,US) | updated by BMP Block expiration extended with reason HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=60,US)
104.131.82.165	32	BMP	None	2021-03-27 00:00:00	2021-06-25 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=165,US)
104.131.94.215	32	RR	None	2020-12-17 00:00:00	2021-03-18 00:00:00	None	Nuclei Vulnerability Scanner - IPS Events (IP=215,US)
104.140.188.10	32	GM	None	2019-06-29 00:00:00	2021-08-16 00:00:00	None	APP-DETECT failed FTP login attempt - Failed Logons (IP=10,US) | updated by EE Block was inactive. Reactivated on 20210206 with reason INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire (IP=10,US) | updated b
104.140.188.14	32	RW	None	2019-11-23 00:00:00	2021-08-24 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=14,US) | updated by CR Block was inactive. Reactivated on 20210511 with reason INDICATOR-SCAN DNS version.bind string information disclosure attempt_Sourcefire (IP=14,US) | updated by SW Block expiration ext
104.140.188.2	32	RW	None	2021-03-10 00:00:00	2021-09-07 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=2,US) | updated by AR Block was inactive. Reactivated on 20210609 with reason INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sour
104.140.188.22	32	GM	None	2019-12-07 00:00:00	2021-08-11 00:00:00	None	APP-DETECT failed FTP login attempt - Failed Logons (IP=22,US) | updated by CR Block was inactive. Reactivated on 20210511 with reason INDICATOR-SCAN DNS version.bind string information disclosure attempt_Sourcefire (IP=22,US)
104.140.188.26	32	EE	None	2021-02-07 00:00:00	2021-08-11 00:00:00	None	INDICATOR-SCAN DNS version.bind string (1:42785:4) - SourceFire (IP=26,US) | updated by CR Block was inactive. Reactivated on 20210511 with reason INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=26,US)
104.140.188.30	32	BMP	None	2021-05-14 00:00:00	2021-08-12 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire (IP=30,US)
104.140.188.34	32	EE	None	2021-01-22 00:00:00	2021-08-16 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire (IP=34,US) | updated by UA Block was inactive. Reactivated on 20210518 with reason INDICATOR-SCAN DNS version.bind string information disclosure attempt - So
104.140.188.38	32	EE	None	2021-03-10 00:00:00	2021-06-10 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire (IP=38,US)
104.140.188.42	32	BMP	None	2021-03-16 00:00:00	2021-08-20 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire (IP=42,US) | updated by SW Block expiration extended with reason INDICATOR-SCAN DNS version.bind string information disclosure attempt - SourceFire (IP=42,TH
104.140.188.54	32	EE	None	2021-01-21 00:00:00	2021-08-11 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SoureFire (IP=54,US) | updated by CR Block was inactive. Reactivated on 20210511 with reason INDICATOR-SCAN DNS version.bind string information disclosure attempt_Source
104.140.188.58	32	CR	None	2021-05-11 00:00:00	2021-08-11 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt_Sourcefire (IP=58,US)
104.140.188.6	32	EE	None	2021-02-27 00:00:00	2021-08-16 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - SourceFire (IP=6,US) | updated by UA Block expiration extended with reason INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=6,US
104.140.20.14	32	WR	None	2021-07-12 00:00:00	2021-10-10 00:00:00	None	Unauthorized Access-Probe - TT# 21C01388 (IP=14,US)
104.143.147.99	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	US TO-S-2021-0949 Hive Case 4363 Malicious Email Activity
104.143.64.238	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=238,US)
104.144.160.192	24	EE	None	2021-04-02 00:00:00	2021-07-01 00:00:00	None	SQL injection - Web Attacks (IP=192,CA)
104.145.233.190	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	US TO-S-2020-0750 Malicious Email Activity
104.148.105.2	32	RW	None	2019-07-13 00:00:00	2021-04-23 00:00:00	None	HTTP: Joomla HTTP Header Unauthenticated Remote Code Execution - RCC Block (IP=2, US) | updated by dbc Block was inactive. Reactivated on 20200423 with reason US TO-S-2020-0459 Malware Activity
104.148.105.3	32	RW	None	2019-07-20 00:00:00	2021-04-23 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Sourcefire (IP=3,US) | updated by dbc Block was inactive. Reactivated on 20200423 with reason US TO-S-2020-0459 Malware Activity
104.148.87.122	32	RB	None	2019-07-13 00:00:00	2021-04-23 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt_12 hr web attacks (IP=122 US) | updated by dbc Block was inactive. Reactivated on 20200423 with reason US TO-S-2020-0459 Malware Activity
104.149.134.118	32	RW	None	2021-03-10 00:00:00	2021-06-08 00:00:00	None	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00667 (IP=118,US)
104.149.216.190	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
104.152.109.129	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
104.152.110.26	32	NAB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HIVE Case #5136 TO-S-21-1197 TO-S-21-1197.01 (IP=26,US)
104.152.168.28	32	TLM	None	2021-06-17 00:00:00	2021-12-17 00:00:00	None	HIVE Case #5644 TO-S-2021-1352 (IP=28,CA)
104.152.52.18	32	AR	None	2021-05-29 00:00:00	2021-08-27 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire Report (IP=18,US)
104.152.52.22	32	RR	None	2019-01-02 06:00:00	2021-08-27 00:00:00	None	Unauthorized Access-Probe - TT# 19C00768 (IP=22,US) | updated by CR Block was inactive. Reactivated on 20201230 with reason INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=22,US) | updated by AR Block was inactiv
104.152.52.22	32	AR	None	2021-05-29 00:00:00	2021-08-27 00:00:00	None	Unauthorized Access-Probe - TT# 19C00768 (IP=22,US) | updated by CR Block was inactive. Reactivated on 20201230 with reason INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=22,US) | updated by AR Block was inactiv
104.152.52.23	32	ZH	None	2021-06-27 00:00:00	2021-09-25 00:00:00	None	Unauthorized Access-Probe 19C00844 (IP=23,US) | updated by CR Block was inactive. Reactivated on 20201230 with reason INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=23,US) | updated by ZH Block was inactive. Reac
104.152.52.23	32	GM	None	2019-01-10 06:00:00	2021-09-25 00:00:00	None	Unauthorized Access-Probe 19C00844 (IP=23,US) | updated by CR Block was inactive. Reactivated on 20201230 with reason INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=23,US) | updated by ZH Block was inactive. Reac
104.152.52.24	32	WR	None	2021-06-26 00:00:00	2021-09-24 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (IP=24,US) | updated by WR Block was inactive. Reactivated on 20210626 with reason INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4)
104.152.52.24	32	RB	None	2018-12-02 06:00:00	2021-09-24 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (IP=24,US) | updated by WR Block was inactive. Reactivated on 20210626 with reason INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4)
104.152.52.26	32	GLM	None	2019-01-02 06:00:00	2021-02-14 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (IP=26,US) | updated by dbc Block was inactive. Reactivated on 20200214 with reason US TO-S-2020-0298 Malicious Email Activity
104.152.52.27	32	ZH	None	2021-06-27 00:00:00	2021-09-25 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (IP=27,US) | updated by BMP Block was inactive. Reactivated on 20200406 with reason Known Attack Tool User Agent V2 - TT# 20C02388 (IP=27,US) | updated by ZH Block was inactive. Re
104.152.52.27	32	GLM	None	2019-01-14 06:00:00	2021-09-25 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (IP=27,US) | updated by BMP Block was inactive. Reactivated on 20200406 with reason Known Attack Tool User Agent V2 - TT# 20C02388 (IP=27,US) | updated by ZH Block was inactive. Re
104.152.52.30	32	KD	None	2021-05-28 00:00:00	2021-08-27 00:00:00	None	Unauthorized Access-Probe - TT# 19C00743 (IP=30,US) | updated by KD Block was inactive. Reactivated on 20210528 with reason INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=30,US) INDICATOR-SCAN DNS version.bind stri
104.152.52.30	32	RR	None	2019-01-01 06:00:00	2021-08-27 00:00:00	None	Unauthorized Access-Probe - TT# 19C00743 (IP=30,US) | updated by KD Block was inactive. Reactivated on 20210528 with reason INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=30,US) INDICATOR-SCAN DNS version.bind stri
104.152.52.31	32	GLM	None	2019-01-14 06:00:00	2021-04-01 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (IP=31,US) | updated by BP Block was inactive. Reactivated on 20191126 with reason INDICATOR-SCAN DNS version.bind string information disclosure attempt (IP=31,US) | updated by CR
104.152.52.31	32	dbc	None	2020-02-14 00:00:00	2021-04-01 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (IP=31,US) | updated by BP Block was inactive. Reactivated on 20191126 with reason INDICATOR-SCAN DNS version.bind string information disclosure attempt (IP=31,US) | updated by CR
104.152.52.32	32	GM	None	2020-03-22 00:00:00	2021-10-07 00:00:00	None	Known Attack Tool User Agent - TT# 20C02197 (IP=32,US) | updated by RT Block was inactive. Reactivated on 20210709 with reason INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire Report (IP=32,US) INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire Report (IP=32,US)
104.152.52.32	32	RT	None	2021-07-09 00:00:00	2021-10-07 00:00:00	None	Known Attack Tool User Agent - TT# 20C02197 (IP=32,US) | updated by RT Block was inactive. Reactivated on 20210709 with reason INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire Report (IP=32,US) INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire Report (IP=32,US)
104.152.52.33	32	RT	None	2021-07-09 00:00:00	2021-10-07 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (IP=33,US) | updated by FT Block was inactive. Reactivated on 20210114 with reason INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire (IP= | updated by RT Block was inactive. Reactivated on 20210709 with reason INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire Report (IP=33,US) INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire Report (IP=33,US)
104.152.52.33	32	GLM	None	2019-01-02 06:00:00	2021-10-07 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (IP=33,US) | updated by FT Block was inactive. Reactivated on 20210114 with reason INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire (IP= | updated by RT Block was inactive. Reactivated on 20210709 with reason INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire Report (IP=33,US) INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire Report (IP=33,US)
104.152.52.34	32	GM	None	2019-01-27 00:00:00	2021-10-19 00:00:00	None	Unauthorized Access-Probe 19C00992 (IP=34,US) | updated by GM Block was inactive. Reactivated on 20200323 with reason Known Attack Tool User Agent / HTTP: Masscan Scanner Traffic Detected - TT# 20C02199 (IP=34,US) | updated by RT Block was inactive. Reactivated on 20210721 with reason INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire Report (IP=34,US) INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire Report (IP=34,US)
104.152.52.34	32	RT	None	2021-07-21 00:00:00	2021-10-19 00:00:00	None	Unauthorized Access-Probe 19C00992 (IP=34,US) | updated by GM Block was inactive. Reactivated on 20200323 with reason Known Attack Tool User Agent / HTTP: Masscan Scanner Traffic Detected - TT# 20C02199 (IP=34,US) | updated by RT Block was inactive. Reactivated on 20210721 with reason INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire Report (IP=34,US) INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire Report (IP=34,US)
104.152.52.34	32	RT	None	2021-07-21 00:00:00	2021-10-19 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire Report (IP=34,US)
104.152.52.37	32	AR	None	2021-05-29 00:00:00	2021-08-27 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - sourcefire (IP=37,US) | updated by AR Block was inactive. Reactivated on 20210529 with reason INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - So
104.152.52.37	32	FT	None	2020-08-03 00:00:00	2021-08-27 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - sourcefire (IP=37,US) | updated by AR Block was inactive. Reactivated on 20210529 with reason INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - So
104.152.52.37	32	FT	None	2020-08-03 00:00:00	2021-08-27 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - sourcefire (IP=37,US) | updated by AR Block was inactive. Reactivated on 20210529 with reason INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - So
104.152.52.38	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	US TO-S-2020-0298 Malicious Email Activity
104.152.52.39	32	CR	None	2019-01-03 06:00:00	2021-10-19 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (IP=39,US) | updated by EE Block was inactive. Reactivated on 20210315 with reason INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire (IP=39 | updated by RT Block was inactive. Reactivated on 20210721 with reason INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire Report (IP=39,US) INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire Report (IP=39,US)
104.152.52.39	32	EE	None	2021-03-15 00:00:00	2021-10-19 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (IP=39,US) | updated by EE Block was inactive. Reactivated on 20210315 with reason INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire (IP=39 | updated by RT Block was inactive. Reactivated on 20210721 with reason INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire Report (IP=39,US) INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire Report (IP=39,US)
104.152.52.39	32	RT	None	2021-07-21 00:00:00	2021-10-19 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (IP=39,US) | updated by EE Block was inactive. Reactivated on 20210315 with reason INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire (IP=39 | updated by RT Block was inactive. Reactivated on 20210721 with reason INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire Report (IP=39,US) INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire Report (IP=39,US)
104.152.52.39	32	RT	None	2021-07-21 00:00:00	2021-10-19 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire Report (IP=39,US)
104.152.59.121	32	EE	None	2020-12-01 00:00:00	2021-03-01 00:00:00	None	SSH User Authentication Brute Force Attempt - Failed Logons (IP=121,US)
104.154.233.24	32	DT	None	2021-08-04 00:00:00	2021-11-02 00:00:00	None	HTTP SQL Injection Attempt - Web Attacks (IP=24,US)
104.155.104.6	24	EE	None	2021-04-06 00:00:00	2021-07-05 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire (IP=6,BE)
104.155.137.238	24	RR	None	2020-10-15 00:00:00	2021-01-13 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=238,BG)
104.155.154.228	32	BMP	None	2020-10-30 00:00:00	2021-01-30 00:00:00	None	HTTP SQL Injection Attempt - 6hr Web Atacks (IP=228,US)
104.156.226.64	32	dbc	None	2020-03-24 00:00:00	2021-03-24 00:00:00	None	US TO-S-2020-0369 Malicious Email Activity
104.156.246.112	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	US TO-S-2020-0493 Malware Activity
104.156.48.44	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
104.156.49.155	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
104.156.58.14	32	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	US TO-S-2020-0838 Malicious Email Activity
104.156.59.38	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
104.156.62.133	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	US TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
104.159.165.46	32	BMP	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	SSH User Authentication Brute Force Attempt - 6hr Failed Logons (IP=46,US)
104.16.152.130	32	CR	None	2021-05-11 00:00:00	2021-08-11 00:00:00	None	Intrusion Event Record - 21C01157(IP=130,US)
104.16.208.155	32	dbc	None	2020-04-08 00:00:00	2021-04-08 00:00:00	None	US TO-S-2020-0419 Malware Activity
104.16.223.2	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	US TO-S-2020-0493 Malware Activity
104.16.224.2	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	US TO-S-2020-0493 Malware Activity
104.16.232.163	32	dbc	None	2020-01-08 00:00:00	2021-01-08 00:00:00	None	US TO-S-2020-0236 Malicious Email Activity
104.16.53.111	32	dbc	None	2020-08-24 00:00:00	2021-04-02 00:00:00	None	US TO-S-2020-0750 Malicious Email Activity | Unblock per CTO-21-091
104.16.95.31	32	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	US TO-S-2020-0322 Malware Activity
104.16.96.31	32	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	US TO-S-2020-0322 Malware Activity
104.161.20.170	32	RR	None	2021-03-26 00:00:00	2021-06-29 00:00:00	None	Self Report/ High Mitigated Traffic - TT# 21C00848 (IP=170,US) | updated by RR Block expiration extended with reason SPAM - Case # 5138 (IP=170,US)
104.161.32.175	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=175,US)
104.168.104.163	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
104.168.11.11	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=11,US)
104.168.137.8	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
104.168.139.71	32	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5637 TO-S-2021-1321 (IP=71,US)
104.168.14.113	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=113,US)
104.168.14.123	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=123,US)
104.168.14.4	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=4,US)
104.168.140.28	32	wmp	None	2020-08-26 00:00:00	2021-10-08 00:00:00	None	HIVE Case #3650 COLS-NA-TIP-20-0271 (IP=28,US) | updated by dbc Block expiration extended with reason HIVE Case #4064 TO-S-2020-0859 (IP=28,US)
104.168.144.23	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	US TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
104.168.147.37	32	TLM	None	2021-06-17 00:00:00	2021-12-17 00:00:00	None	HIVE Case #5644 TO-S-2021-1352 (IP=37,US)
104.168.151.164	32	kmw	None	2020-01-02 00:00:00	2021-01-02 00:00:00	None	US TO-S-2020-0228 Malicious Email Activity
104.168.152.247	32	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5629 TO-S-2021-1303 (IP=247,US)
104.168.159.3	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=3,US)
104.168.161.224	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
104.168.169.68	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
104.168.173.144	32	EE	None	2021-01-09 00:00:00	2021-04-09 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - 6 HR Web Attack (IP=144,US)
104.168.176.245	32	TLM	None	2021-07-29 00:00:00	2021-10-27 00:00:00	None	HIVE Case #5884 TO-S-2021-1435 (IP=245,US)
104.168.188.85	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
104.168.200.138	32	TLM	None	2021-06-17 00:00:00	2021-12-17 00:00:00	None	HIVE Case #5644 TO-S-2021-1352 (IP=138,US)
104.168.201.236	32	dbc	None	2020-06-10 00:00:00	2021-06-10 00:00:00	None	Unaffiliated TO-S-2020-0601 Malicious Email Activity
104.168.214.86	32	NAB	None	2021-03-08 00:00:00	2021-06-06 00:00:00	None	HIVE Case #5021 TO-S-2021-1116 COLS-NA-TIP-21-0047 (IP=86,US)
104.168.236.186	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	US TO-S-2021-1007 Malware Activity
104.168.28.199	32	EE	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire (IP=199,US)
104.168.46.164	32	TLM	None	2021-06-10 00:00:00	2021-12-10 00:00:00	None	HIVE CASE #5606 TO-S-2021-1338
104.168.88.123	32	GM	None	2020-11-22 00:00:00	2021-02-22 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=23,US)
104.168.89.77	32	TLM	None	2021-06-17 00:00:00	2021-12-17 00:00:00	None	HIVE Case #5644 TO-S-2021-1352 (IP=77,US)
104.168.96.118	32	TLM	None	2021-06-17 00:00:00	2021-12-17 00:00:00	None	HIVE Case #5644 TO-S-2021-1352 (IP=118,US)
104.17.166.186	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	US TO-S-2020-0493 Malware Activity
104.17.167.186	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	US TO-S-2020-0493 Malware Activity
104.17.184.108	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	US TO-S-2020-0493 Malware Activity
104.17.91.109	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	US TO-S-2020-0535 Malicious Email Activity
104.171.23.70	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	US TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
104.18.0.145	32	wmp	None	2020-07-07 00:00:00	2021-07-29 00:00:00	None	HIVE Case #3255 TO-S-2020-0661 COLS-NA-TIP-20-0207 (IP=145,US) | updated by dbc Block expiration extended with reason US TO-S-2020-0698 Malicious Email Activity
104.18.1.145	32	JKC	None	2021-06-08 00:00:00	2021-06-08 00:00:00	None	Malicious IP Hive Case 2977 TIPPER 20-0172 (ip=145, US)
104.18.156.3	32	GED	None	2020-12-04 00:00:00	2021-03-04 00:00:00	None	HIVE Case #NA FP CIO Policy (IP=3,US)
104.18.23.207	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	US TO-S-2020-0698 Malicious Email Activity
104.18.26.114	32	dbc	None	2020-06-10 00:00:00	2021-06-10 00:00:00	None	Unaffiliated TO-S-2020-0601 Malicious Email Activity
104.18.32.132	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	US TO-S-2020-0750 Malicious Email Activity
104.18.32.138	32	dbc	None	2020-05-22 00:00:00	2021-05-27 00:00:00	None	Unafilliated TO-S-2020-0559 Malicious Email Activity | updated by dbc Block expiration extended with reason Unafilliated TO-S-2020-0559.01 Malicious Email Activity
104.18.39.20	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	Unaffiliated TO-S-2020-0535 Malicious Email Activity
104.18.39.230	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	Unaffiliated TO-S-2020-0535 Malicious Email Activity
104.18.41.88	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	US TO-S-2020-0698 Malicious Email Activity
104.18.42.162	32	dbc	None	2020-04-08 00:00:00	2021-04-08 00:00:00	None	US TO-S-2020-0419 Malicious Email Activity
104.18.42.44	32	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	US TO-S-2020-0315 Malicious Email Activity
104.18.42.55	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	US TO-S-2020-0698 Malicious Email Activity
104.18.44.216	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	US TO-S-2020-0698 Malicious Email Activity
104.18.46.162	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	US Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
104.18.47.184	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	US TO-S-2020-0698 Malicious Email Activity
104.18.47.200	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	US TO-S-2020-0698 Malicious Email Activity
104.18.48.77	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	US TO-S-2020-0698 Malicious Email Activity
104.18.48.87	32	NAB	None	2021-01-07 00:00:00	2021-04-07 00:00:00	None	HIVE Case #NA FP Security (IP=87,US)
104.18.49.167	32	dbc	None	2020-05-13 00:00:00	2021-05-13 00:00:00	None	Unaffiliated TO-S-2020-0503 Malicious Email Activity
104.18.49.185	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	US TO-S-2020-0535 Malware Activity
104.18.50.166	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	US TO-S-2020-0698 Malicious Email Activity
104.18.50.231	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	US TO-S-2020-0698 Malicious Email Activity
104.18.52.178	32	dbc	None	2020-01-08 00:00:00	2021-01-08 00:00:00	None	US TO-S-2020-0236 Malicious Email Activity
104.18.52.221	32	JKC	None	2020-06-11 00:00:00	2021-06-11 00:00:00	None	Malicious IP Hive Case 2987 COLS-NA TIP 20-0165 CTO 20-156 (ip=221, US)
104.18.54.1	32	kmw	None	2020-01-02 00:00:00	2021-01-02 00:00:00	None	US TO-S-2020-0228 Malicious Email Activity
104.18.56.166	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	US TO-S-2020-0303 Malicious Email Activity
104.18.56.60	32	dbc	None	2020-06-10 00:00:00	2021-06-10 00:00:00	None	Unaffiliated TO-S-2020-0601 Malicious Email Activity
104.18.61.113	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	US TO-S-2020-0535 Malware Activity
104.18.63.182	32	dbc	None	2020-06-08 00:00:00	2021-06-08 00:00:00	None	Unafiliated TO-S-2020-0592 Malicious Email Activity
104.18.97.60	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	US TO-S-2020-0493 Malware Activity
104.19.247.53	32	JKC	None	2021-06-08 00:00:00	2021-06-08 00:00:00	None	Malicious IP Hive Case 2977 TIPPER 20-0172 (ip=53, US)
104.192.0.98	32	UA	None	2021-07-21 00:00:00	2021-10-19 00:00:00	None	SQL injection- 6 hour web attacks (IP=98,US)
104.193.142.80	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	US TO-S-2020-0331 Malicious Email Activity
104.193.143.56	32	kmw	None	2020-01-02 00:00:00	2021-01-02 00:00:00	None	US TO-S-2020-0228 Malicious Email Activity
104.193.172.111	32	wmp	None	2020-08-31 00:00:00	2021-10-29 00:00:00	None	HIVE Case #3723 COLS-NA-TIP-20-0275 (IP=111,CA) | updated by dbc Block expiration extended with reason CA Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
104.193.252.197	32	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5629 TO-S-2021-1303 (IP=197,US)
104.193.252.197	32	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5629 TO-S-2021-1303 (IP=197,US)
104.193.31.24	32	BMP	None	2020-10-19 00:00:00	2021-01-17 00:00:00	None	FTP Login Failed - 6hr Failed Logon (IP=24,US)
104.194.10.5	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
104.194.9.167	32	dbc	None	2020-09-17 00:00:00	2021-09-17 00:00:00	None	US TO-S-2020-0805 Malicious Email Activity
104.194.9.169	32	NAB	None	2020-10-30 00:00:00	2021-01-28 00:00:00	None	HIVE Case #4238 COLS-NA-TIP-20-0344 (IP=169,US)
104.197.203.42	32	SW	None	2021-05-27 00:00:00	2021-08-25 00:00:00	None	INDICATOR-OBFUSCATION obfuscated javascript excessive fromCharCode - potential attack - TT# 21C01225 ^^(IP=42, US)
104.198.187.86	32	BMP	None	2021-05-04 00:00:00	2021-08-03 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=86,US)
104.198.188.170	24	BMP	None	2021-06-15 00:00:00	2021-09-13 00:00:00	None	SERVER-WEBAPP Liferay arbitrary Java object deserialization attempt (1:56800:3) - SourceFire (IP=17,MA)
104.199.173.30	24	BMP	None	2021-09-09 00:00:00	2021-12-08 00:00:00	None	SERVER-WEBAPP Multiple routers getcfg.php credential disclosure attempt (1:44388:6) - SourceFire (IP=30,TW)
104.199.20.230	24	BMP	None	2021-05-13 00:00:00	2021-08-11 00:00:00	None	Command Injection (IP=230,BE)
104.199.205.173	24	RW	None	2021-09-16 00:00:00	2021-12-15 00:00:00	None	SQL injection - Web Attacks (IP=173,TW)
104.199.226.38	24	FT	None	2021-04-25 00:00:00	2021-07-25 00:00:00	None	SERVER-WEBAPP Oracle Business Intelligence directory traversal attempt - 6hr web attacks (IP=38,TW)
104.199.233.102	24	BMP	None	2021-04-01 00:00:00	2021-06-30 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=102,TW)
104.199.242.237	24	FT	None	2021-04-08 00:00:00	2021-07-07 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt (1:46316:5) - Sourcefire (IP=237,TW)
104.20.44.205	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
104.20.45.205	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	US TO-S-2020-0493 Malware Activity
104.20.57.30	32	dbc	None	2020-05-13 00:00:00	2021-05-13 00:00:00	None	Unaffiliated TO-S-2020-0503 Malicious Email Activity
104.20.58.30	32	dbc	None	2020-06-08 00:00:00	2021-06-08 00:00:00	None	US TO-S-2020-0592 Malware Activity
104.200.134.161	32	RB	None	2019-06-28 00:00:00	2021-02-14 00:00:00	None	Known Attack Tool User Agent / UDS-User_Agent_Morfeus_Scanner_RC5015175 - TT#19C02426 (IP=161,US) | updated by RB with reason Known Attack Tool User Agent - TT# 20C00408 (IP=161,US) | updated by dbc Block was inactive. Reactivated on 20200214 with reas
104.200.144.19	32	dbc	None	2020-09-23 00:00:00	2021-09-23 00:00:00	None	US TO-S-2020-0826 Hive Case 3950 Malicious Email Activity
104.200.151.152	32	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5637 TO-S-2021-1321 (IP=152,CA)
104.200.151.88	32	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5637 TO-S-2021-1321 (IP=88,CA)
104.200.16.91	32	wmp	None	2020-09-22 00:00:00	2021-10-21 00:00:00	None	HIVE Case #3941 TO-S-2020-0821 COLS-NA-TIP-20-0298 (IP=91,US) | updated by dbc Block expiration extended with reason US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
104.200.23.95	32	NAB	None	2021-01-22 00:00:00	2021-04-22 00:00:00	None	HIVE Case #NA FP Security (IP=95,US)
104.200.28.80	32	RR	None	2020-11-21 00:00:00	2021-02-19 00:00:00	None	HTTP: Blind SQL Injection - Timing - Web Attacks (IP=80,US)
104.200.29.140	32	RW	None	2021-03-06 00:00:00	2021-06-06 00:00:00	None	POLICY-OTHER PHP uri tag injection attempt - Sourcefire (IP=140,US)
104.200.96.0	20	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,BB)
104.201.29.98	32	BMP	None	2020-10-28 00:00:00	2021-01-26 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr Web Attacks (IP=98,US)
104.206.128.10	32	EE	None	2021-01-22 00:00:00	2021-08-12 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire (IP=10,US) | updated by BMP Block was inactive. Reactivated on 20210514 with reason INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:4
104.206.128.10	32	BMP	None	2021-05-14 00:00:00	2021-08-12 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire (IP=10,US) | updated by BMP Block was inactive. Reactivated on 20210514 with reason INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:4
104.206.128.14	32	EE	None	2021-02-07 00:00:00	2021-05-07 00:00:00	None	INDICATOR-SCAN DNS version.bind string (1:42785:4) - SourceFire (IP=14,US)
104.206.128.18	32	EE	None	2021-01-26 00:00:00	2021-08-16 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire (IP=18,US) | updated by UA Block was inactive. Reactivated on 20210518 with reason INDICATOR-SCAN DNS version.bind string information disclosure attempt - S
104.206.128.18	32	UA	None	2021-05-18 00:00:00	2021-08-16 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire (IP=18,US) | updated by UA Block was inactive. Reactivated on 20210518 with reason INDICATOR-SCAN DNS version.bind string information disclosure attempt - S
104.206.128.2	32	UA	None	2021-05-18 00:00:00	2021-08-16 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=2,US)
104.206.128.22	32	EE	None	2021-01-21 00:00:00	2021-08-16 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SoureFire (IP=22,US) | updated by UA Block was inactive. Reactivated on 20210518 with reason INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sou
104.206.128.22	32	UA	None	2021-05-18 00:00:00	2021-08-16 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SoureFire (IP=22,US) | updated by UA Block was inactive. Reactivated on 20210518 with reason INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sou
104.206.128.26	32	EE	None	2021-02-06 00:00:00	2021-05-06 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire (IP=26,US)
104.206.128.38	24	BMP	None	2021-02-13 00:00:00	2021-08-16 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire (IP=38,US) | updated by BMP Block was inactive. Reactivated on 20210518 with reason INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:4
104.206.128.50	32	UA	None	2021-05-18 00:00:00	2021-08-16 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=50,US)
104.206.128.62	32	CR	None	2021-05-11 00:00:00	2021-08-11 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt_Sourcefire (IP=62,US)
104.206.128.70	32	CR	None	2021-05-11 00:00:00	2021-08-11 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt_Sourcefire (IP=70,US)
104.206.128.74	32	CR	None	2021-05-11 00:00:00	2021-08-11 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt_Sourcefire (IP=74,US)
104.206.128.78	32	CR	None	2021-05-11 00:00:00	2021-08-11 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt_Sourcefire (IP=78,US)
104.206.225.254	32	wmp	None	2020-08-05 00:00:00	2021-09-17 00:00:00	None	HIVE Case #3479 COLS-NA-TIP-20-0246 (IP=254,US) | updated by dbc Block expiration extended with reason US TO-S-2020-0805 Malicious Email Activity
104.206.98.10	32	EE PROTOCOL-DNS	None	2021-01-22 00:00:00	2021-04-22 00:00:00	None	DNS query amplification attempt (1:28556:3) - SourceFire (IP=10,US)
104.207.129.139	32	GM	None	2021-04-02 00:00:00	2021-07-02 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=139,US)
104.207.198.60	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=60,US)
104.207.254.42	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
104.209.151.115	32	GM	None	2020-11-04 00:00:00	2021-02-04 00:00:00	None	SERVER-WEBAPP RevSlider information disclosure attempt - Sourcefire (IP=115,US)
104.21.69.79	32	NAB	None	2021-05-11 00:00:00	2021-11-11 00:00:00	None	HIVE Case #5422 DARKSIDE Ransomware (IP=79,US)
104.210.147.50	32	KH	None	2021-07-29 00:00:00	2021-10-27 00:00:00	None	Possible Cross-site Scripting Attack - FE IPS (IP=50,US)
104.211.72.132	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=132,IN)
104.214.104.206	32	BMP	None	2021-06-23 00:00:00	2021-09-21 00:00:00	None	SQL injection - 6hr Web Attacks (IP=206,US)
104.214.105.42	32	KH	None	2021-07-19 00:00:00	2021-10-17 00:00:00	None	File /etc/passwd Access Attempt Detect - FE IPS (IP=42,US)
104.214.110.48	32	KD	None	2021-08-26 00:00:00	2021-11-24 00:00:00	None	Command Injection (IP=48,US)
104.214.116.242	32	ABC	None	2021-09-16 00:00:00	2021-12-15 00:00:00	None	T1190 - Command Injection,SQL Injection (IP=242,US)
104.214.119.79	32	ZH	None	2021-07-29 00:00:00	2021-10-28 00:00:00	None	Web server exploit attempts Case 5893 - Fireeye Web (IP=79,US) | updated by BB Block expiration extended with reason Command Injection - ABC Report (IP=79,US)
104.215.79.111	32	BMP	None	2021-05-25 00:00:00	2021-08-23 00:00:00	None	SQL injection - 6hr Web Attacks (IP=111,US)
104.217.254.74	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=74,US)
104.219.232.58	32	wmp	None	2020-08-25 00:00:00	2021-10-08 00:00:00	None	HIVE Case #3649 COLS-NA-TIP-20-0268 (IP=58,US) | updated by dbc Block expiration extended with reason HIVE Case #4064 TO-S-2020-0859 (IP=58,US)
104.219.234.53	32	RR	None	2020-03-03 00:00:00	2021-03-24 00:00:00	None	TCP: SYN Host Sweep (IP=53,US) | updated by dbc Block expiration extended with reason US TO-S-2020-0369 Malicious Email Activity
104.219.248.115	32	NAB	None	2021-04-05 00:00:00	2021-07-04 00:00:00	None	HIVE Case #5201 TO-S-21-1209 (IP=115,US)
104.219.248.119	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
104.219.248.46	32	dbc	None	2020-09-17 00:00:00	2021-09-17 00:00:00	None	US TO-S-2020-0805 Malicious Email Activity
104.219.248.48	32	dbc	None	2020-06-08 00:00:00	2021-06-08 00:00:00	None	Unafiliated TO-S-2020-0592 Malicious Email Activity
104.219.248.64	32	dbc	None	2020-05-13 00:00:00	2021-05-13 00:00:00	None	Unaffiliated TO-S-2020-0503 Malicious Email Activity
104.219.248.9	32	wmp	None	2020-08-26 00:00:00	2021-10-08 00:00:00	None	HIVE Case #3650 COLS-NA-TIP-20-0271 (IP=9,US) | updated by dbc Block expiration extended with reason HIVE Case #4064 TO-S-2020-0859 (IP=9,US)
104.219.42.114	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	US TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
104.223.104.211	32	TLM	None	2021-06-17 00:00:00	2021-12-17 00:00:00	None	HIVE Case #5644 TO-S-2021-1352 (IP=211,US)
104.223.104.214	32	TLM	None	2021-06-17 00:00:00	2021-12-17 00:00:00	None	HIVE Case #5644 TO-S-2021-1352 (IP=214,US)
104.223.250.19	32	dbc	None	2020-09-17 00:00:00	2021-09-17 00:00:00	None	US TO-S-2020-0805 Malicious Email Activity
104.223.250.23	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=23,US)
104.223.62.200	32	dbc	None	2020-06-08 00:00:00	2021-06-08 00:00:00	None	US TO-S-2020-0592 Malware Activity
104.223.9.123	32	dbc	None	2020-06-08 00:00:00	2021-06-08 00:00:00	None	Unafiliated TO-S-2020-0592 Malicious Email Activity
104.223.95.50	32	BMP	None	2021-02-16 00:00:00	2021-05-15 00:00:00	None	SERVER-WEBAPP Cisco Ultra Services Framework command injection attempt - 6hr Web Attacks (IP=50,US)
104.225.219.211	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	US TO-S-2020-0303 Malicious Email Activity
104.225.222.72	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
104.227.245.154	32	dbc	None	2020-01-08 00:00:00	2021-01-08 00:00:00	None	CA TO-S-2020-0236 Malicious Email Activity
104.233.163.238	32	wmp	None	2020-09-22 00:00:00	2021-10-29 00:00:00	None	HIVE Case #3941 TO-S-2020-0821 COLS-NA-TIP-20-0298 (IP=238,US) | updated by dbc Block expiration extended with reason US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
104.236.1.164	32	GM	None	2021-03-29 00:00:00	2021-06-29 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=164,US)
104.236.11.165	32	EE	None	2021-04-06 00:00:00	2021-07-06 00:00:00	None	Webshell.Binary.php.FEC2 - Hive Case 5189 (IP=165,US)
104.236.120.134	32	kmw	None	2020-01-02 00:00:00	2021-01-02 00:00:00	None	US TO-S-2020-0228 Malicious Email Activity
104.236.131.142	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	US TO-S-2020-0698 Malicious Email Activity
104.236.168.190	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malware Activity
104.236.215.3	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
104.236.26.100	32	wmp	None	2021-02-11 00:00:00	2021-05-11 00:00:00	None	Firepower Suspicious Scan Activity (IP=100,US)
104.236.26.91	32	GM	None	2021-03-29 00:00:00	2021-06-29 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=91,US)
104.236.29.163	32	RB	None	2021-04-01 00:00:00	2021-06-30 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability - 6hr web attacks (IP=163,US)
104.236.31.145	32	EE	None	2021-03-19 00:00:00	2021-06-17 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attack (IP=145,US)
104.236.31.147	32	DT	None	2021-09-01 00:00:00	2021-11-30 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=147,US)
104.236.37.149	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
104.236.41.104	32	GM	None	2021-01-03 00:00:00	2021-04-03 00:00:00	None	SERVER-WEBAPP Atvise denial of service attempt - Web Attacks (IP=104,US)
104.236.42.221	32	GM	None	2021-04-03 00:00:00	2021-07-03 00:00:00	None	SERVER-WEBAPP Java XML deserialization remote code execution attempt - Web Attacks (IP=221,US)
104.236.43.5	32	RR	None	2021-06-05 00:00:00	2021-09-03 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Web Attacks (IP=5,US)
104.236.45.171	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	US TO-S-2020-0493 Malware Activity
104.236.47.208	32	EE	None	2021-04-06 00:00:00	2021-07-05 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) Web Attack (IP=208,US)
104.236.5.15	32	FT	None	2021-03-27 00:00:00	2021-06-25 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=,US)
104.236.52.89	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malware Activity
104.236.60.185	32	BMP	None	2021-07-16 00:00:00	2021-10-14 00:00:00	None	Malicious.SSL.Generic - Hive Case 5786 (IP=185,US)
104.236.62.24	32	FT	None	2021-04-16 00:00:00	2021-07-15 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr web attacks (IP=24,US)
104.236.68.216	32	EE	None	2021-04-13 00:00:00	2021-07-12 00:00:00	None	SERVER-WEBAPP Hikvision IP camera admin authentication attempt - Web Attack (IP=216,US)
104.236.75.62	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	US TO-S-2020-0493 Malware Activity
104.236.77.223	32	RR	None	2021-05-04 00:00:00	2021-08-02 00:00:00	None	SQL injection - Web Attacks (IP=223,US)
104.236.78.250	32	RR	None	2021-05-04 00:00:00	2021-08-02 00:00:00	None	SQL injection - Web Attacks (IP=250,US)
104.236.90.31	32	RR	None	2021-05-04 00:00:00	2021-08-02 00:00:00	None	SQL injection - Web Attacks (IP=31,US)
104.236.96.226	32	RR	None	2021-05-04 00:00:00	2021-08-02 00:00:00	None	SQL injection - Web Attacks (IP=226,US)
104.236.97.164	32	RR	None	2021-05-04 00:00:00	2021-08-02 00:00:00	None	SQL injection - Web Attacks (IP=164,US)
104.236.97.188	32	RR	None	2021-05-04 00:00:00	2021-08-02 00:00:00	None	SQL injection - Web Attacks (IP=188,US)
104.236.98.109	32	RR	None	2021-05-04 00:00:00	2021-08-02 00:00:00	None	SQL injection - Web Attacks (IP=109,US)
104.236.98.172	32	RR	None	2021-05-04 00:00:00	2021-08-02 00:00:00	None	SQL injection - Web Attacks (IP=172,US)
104.237.128.197	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	US TO-S-2020-0493 Malware Activity
104.237.144.19	32	RW	None	2021-03-06 00:00:00	2021-06-21 00:00:00	None	SERVER-APACHE Apache Struts freemarker tag OGNL expression injection attempt - Sourcefire (IP=19,US) | updated by RR Block expiration extended with reason SERVER-WEBAPP Citrix ADC and Gateway information disclosure attempt - Web Attacks (IP=19,US)
104.237.145.83	32	BMP	None	2021-06-04 00:00:00	2021-09-04 00:00:00	None	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - TT# 21C01262 (IP=83,US) | updated by RR Block expiration extended with reason SERVER-WEBAPP Fortigate SSL VPN cross site scripting attempt - Web Attacks (IP=83,US) | updated by RR
104.237.149.61	32	DT	None	2021-07-22 00:00:00	2021-10-20 00:00:00	None	POLICY-OTHER Adobe ColdFusion component browser access attempt (1:25977:3) - Source Fire (IP=61,US)
104.237.157.11	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	US TO-S-2021-1007 Malware Activity
104.237.157.77	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
104.237.159.52	32	RT	None	2021-05-27 00:00:00	2021-08-25 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire Report (IP=52,US)
104.237.252.38	32	TLM	None	2021-07-29 00:00:00	2021-10-27 00:00:00	None	HIVE Case #5884 TO-S-2021-1435 (IP=38,US)
104.238.100.88	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	US Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
104.238.103.108	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
104.238.111.167	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	US TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
104.238.111.36	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	US TO-S-2021-1007 Malicious Email Activity
104.238.125.133	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	US TO-S-2020-0493 Malware Activity
104.238.129.176	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=176,US)
104.238.179.208	32	GM	None	2021-01-11 00:00:00	2021-04-11 00:00:00	None	SERVER-OTHER Spring Data Commons remote code execution attempt - Sourcefire (IP=208,US)
104.238.220.186	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
104.238.68.130	32	wmp	None	2020-07-21 00:00:00	2021-10-08 00:00:00	None	HIVE Case #3375 COLS-NA-TIP-20-0230 (IP=130,US) | updated by dbc Block expiration extended with reason HIVE Case #4064 TO-S-2020-0859 (IP=130,US)
104.238.71.109	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
104.238.92.18	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=18,US)
104.238.94.90	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	HIVE Case #3974 COLS-NA-TIP-20-0301 (IP=90,US)
104.238.99.51	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	US TO-S-2020-0493 Malware Activity
104.239.174.130	32	BMP	None	2021-04-10 00:00:00	2021-07-09 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=130,US)
104.24.100.26	32	dbc	None	2020-04-08 00:00:00	2021-04-08 00:00:00	None	US TO-S-2020-0419 Malicious Email Activity
104.24.102.69	32	dbc	None	2020-06-10 00:00:00	2021-06-10 00:00:00	None	Unaffiliated TO-S-2020-0601 Malicious Email Activity
104.24.106.171	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	US TO-S-2020-0535 Malware Activity
104.24.106.207	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	US TO-S-2020-0535 Malware Activity
104.24.110.130	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
104.24.110.235	32	dbc	None	2020-06-10 00:00:00	2021-06-10 00:00:00	None	Unaffiliated TO-S-2020-0601 Malicious Email Activity
104.24.113.43	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	US TO-S-2020-0535 Malicious Email Activity
104.24.118.199	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	US Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
104.24.119.207	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	US TO-S-2020-0535 Malware Activity
104.24.120.116	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	US TO-S-2020-0331 Malicious Email Activity
104.24.121.146	32	dbc	None	2020-04-08 00:00:00	2021-04-08 00:00:00	None	US TO-S-2020-0419 Malicious Email Activity
104.24.121.194	32	dbc	None	2020-06-08 00:00:00	2021-06-08 00:00:00	None	Unafiliated TO-S-2020-0592 Malicious Email Activity
104.24.122.41	32	dbc	None	2020-06-08 00:00:00	2021-06-08 00:00:00	None	US TO-S-2020-0592 Malware Activity
104.24.123.151	32	dbc	None	2020-06-08 00:00:00	2021-06-08 00:00:00	None	Unafiliated TO-S-2020-0592 Malicious Email Activity
104.24.123.25	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	US TO-S-2020-0331 Malicious Email Activity
104.24.123.59	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	US TO-S-2020-0698 Malicious Email Activity
104.24.124.184	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	US TO-S-2020-0750 Malicious Email Activity
104.24.124.250	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	US TO-S-2020-0535 Malware Activity
104.24.126.202	32	dbc	None	2020-03-24 00:00:00	2021-03-24 00:00:00	None	US TO-S-2020-0369 Malicious Email Activity
104.24.126.232	32	dbc	None	2020-03-24 00:00:00	2021-03-24 00:00:00	None	US TO-S-2020-0369 Malicious Email Activity
104.24.127.162	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	US TO-S-2020-0750 Malicious Email Activity
104.24.96.216	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	US TO-S-2020-0535 Malware Activity
104.24.96.225	32	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	US TO-S-2020-0315 Malicious Web Application Activity
104.24.97.7	32	dbc	None	2020-05-13 00:00:00	2021-05-13 00:00:00	None	Unaffiliated TO-S-2020-0503 Malicious Email Activity
104.243.15.10	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=10,US)
104.243.240.0	24	dbc	None	2020-09-17 00:00:00	2021-09-17 00:00:00	None	MO TO-S-2020-0805 Malicious Web Application Activity
104.243.243.70	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	US TO-S-2020-0698 Malware Activity
104.243.250.0	24	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	MA Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
104.243.35.121	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	US TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
104.243.42.135	32	EE	None	2021-01-31 00:00:00	2021-04-30 00:00:00	None	SQL injection - 6 HR Web Attack (IP=135,US)
104.243.47.82	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	US Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
104.244.168.11	32	RW	None	2020-11-21 00:00:00	2021-02-21 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt - Sourcefire (IP=11,US)
104.244.224.0	21	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,JM)
104.244.65.251	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	CA TO-S-2020-0303 Malicious Email Activity
104.244.73.13	32	RR	None	2021-03-09 00:00:00	2021-06-07 00:00:00	None	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00585 (IP=13,US)
104.244.73.218	32	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	US TO-S-2020-0315 Malicious Web Application Activity
104.244.73.43	32	RR	None	2020-07-19 00:00:00	2021-06-10 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attack (IP=43,US) | updated by RW Block was inactive. Reactivated on 20210310 with reason HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00663 (IP=43,LU) HTTP: Mic
104.244.73.43	32	RW	None	2021-03-10 00:00:00	2021-06-10 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attack (IP=43,US) | updated by RW Block was inactive. Reactivated on 20210310 with reason HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00663 (IP=43,LU) HTTP: Mic
104.244.74.121	32	RB	None	2021-05-15 00:00:00	2021-08-13 00:00:00	None	SQL injection - 6hr web attacks (IP=121,US)
104.244.74.173	32	RW	None	2021-03-10 00:00:00	2021-06-10 00:00:00	None	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00664 (IP=173,US)
104.244.77.100	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=100,LU)
104.244.77.95	32	RW	None	2021-03-10 00:00:00	2021-06-10 00:00:00	None	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00663 (IP=95,LU)
104.244.78.231	32	DT	None	2021-03-14 00:00:00	2021-06-14 00:00:00	None	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00678 (IP=231,LU)
104.244.79.110	24	KH	None	2021-07-02 00:00:00	2021-09-30 00:00:00	None	SQL injection - Web attacks (IP=110,LU)
104.244.79.181	32	dbc	None	2020-03-24 00:00:00	2021-03-24 00:00:00	None	US TO-S-2020-0369 Malicious Email Activity
104.244.79.250	32	dbc	None	2020-03-24 00:00:00	2021-03-24 00:00:00	None	US TO-S-2020-0369 Malicious Email Activity
104.247.208.121	32	KD	None	2021-06-25 00:00:00	2021-09-23 00:00:00	None	File /etc/passwd Access Attempt Detect - FE IPS (IP=121,US)
104.247.72.208	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	US TO-S-2020-0331 Malicious Email Activity
104.247.72.243	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	US TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
104.247.73.198	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	US TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
104.247.73.246	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	US TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
104.247.73.51	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=51,US)
104.247.74.39	32	NAB	None	2021-04-05 00:00:00	2021-07-04 00:00:00	None	HIVE Case #5201 TO-S-21-1209 (IP=39,US)
104.247.77.95	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	US TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
104.247.78.29	32	NAB	None	2020-10-30 00:00:00	2021-11-19 00:00:00	None	HIVE Case #4238 COLS-NA-TIP-20-0344 (IP=29,US) | updated by dbc Block expiration extended with reason US TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
104.247.79.154	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	US TO-S-2020-0750 Malicious Email Activity
104.247.79.193	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	US TO-S-2020-0698 Malicious Email Activity
104.247.81.10	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	CA TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
104.247.81.131	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	CA Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
104.247.81.50	32	wmp	None	2020-08-20 00:00:00	2021-10-21 00:00:00	None	HIVE Case #3601 COLS-NA-TIP-20-0260 (IP=50,CA) | updated by dbc Block expiration extended with reason CA TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
104.247.81.52	32	wmp	None	2020-09-25 00:00:00	2021-11-03 00:00:00	None	HIVE Case #3980 COLS-NA-TIP-20-0305 (IP=52,CA) | updated by dbc Block expiration extended with reason CA Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
104.247.81.70	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	CA Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
104.247.81.71	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	CA Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
104.247.81.72	32	wmp	None	2020-09-03 00:00:00	2021-11-03 00:00:00	None	HIVE Case #3770 TO-S-2020-0779 COLS-NA-TIP-20-0280 (IP=72,CA) | updated by dbc Block expiration extended with reason CA Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
104.247.81.73	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	CA TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
104.247.81.74	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	CA TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
104.247.82.10	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	CA TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
104.247.82.71	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	CA TO-S-2021-1007 Malicious Email Activity
104.248.10.161	32	DT	None	2021-06-18 00:00:00	2021-09-17 00:00:00	None	SERVER-WEBAPP Citrix ADC and Gateway information disclosure attempt (1:56138:3) - Source Fire (IP=161,US) | updated by RR Block expiration extended with reason SERVER-WEBAPP Oracle Business Intelligence and XML Publisher XML external entity injection at
104.248.112.22	32	GM	None	2021-04-22 00:00:00	2021-07-21 00:00:00	None	Adobe ColdFusion Administrator Access Restriction - Web Attacks (IP=22,US)
104.248.113.85	32	ZH	None	2021-09-03 00:00:00	2021-12-02 00:00:00	None	PHP Exploitation Attempts Hive Case 6112 (IP=85,US)
104.248.114.159	32	ZH	None	2021-06-18 00:00:00	2021-09-16 00:00:00	None	SERVER-WEBAPP JBoss JMXInvokerServlet access attempt (1:24343:4) - Sourcefire Rpt (IP=159,US)
104.248.114.30	32	RB	None	2021-04-07 00:00:00	2021-07-06 00:00:00	None	SQL generic sql exec injection attempt - GET parameter - Sourcefire (IP=30,US)
104.248.116.34	32	SW	None	2021-08-10 00:00:00	2021-11-08 00:00:00	None	SERVER-WEBAPP WordPress Yuzo Related Posts plugin cross site scripting attempt (1:49796:1) - SourceFire (IP=34, US)
104.248.120.41	32	GM	None	2021-04-22 00:00:00	2021-07-21 00:00:00	None	Adobe ColdFusion Administrator Access Restriction - Web Attacks (IP=41,US)
104.248.121.146	32	RT	None	2021-06-29 00:00:00	2021-09-27 00:00:00	None	SQL injection - 6 HR WebAttack (IP=146,US)
104.248.123.65	32	KD	None	2021-08-10 00:00:00	2021-11-08 00:00:00	None	SERVER-WEBAPP JBoss JMX console access attempt - SourceFire (IP=65,US)
104.248.124.163	32	RB	None	2019-01-19 00:00:00	2021-06-24 00:00:00	None	Illegal user (IP=163 US) | updated by BMP Block was inactive. Reactivated on 20210326 with reason HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=163,US)
104.248.124.75	32	ZH	None	2021-06-18 00:00:00	2021-09-16 00:00:00	None	SQL Injection - 6hr Web Attacks (IP=75,US)
104.248.126.163	32	RR	None	2021-08-30 00:00:00	2021-11-28 00:00:00	None	SQL injection - Web Attacks (IP=163,US)
104.248.127.9	32	BMP	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=9,US)
104.248.128.202	32	wmp	None	2021-05-14 00:00:00	2021-08-14 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=202,DE)
104.248.129.235	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	DE TO-S-2020-0331 Malicious Web Application Activity
104.248.129.86	24	RW	None	2021-07-08 00:00:00	2021-10-06 00:00:00	None	SERVER-WEBAPP Ulterius web server directory traversal attempt - Web Attacks (IP=86,DE)
104.248.13.165	32	KD	None	2021-06-08 00:00:00	2021-09-07 00:00:00	None	SQL injection- Web Attacks (IP=165,US)
104.248.130.108	24	BMP	None	2021-05-11 00:00:00	2021-08-09 00:00:00	None	SQL injection - 6hr Web Attacks (IP=108,DE)
104.248.130.42	24	RB	None	2021-03-30 00:00:00	2021-06-28 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr web attacks (IP=42,DE)
104.248.131.162	24	CR	None	2021-04-30 00:00:00	2021-07-30 00:00:00	None	HTTP SQL injection_Web Attack Report (IP=162,DE)
104.248.133.87	24	BMP	None	2021-05-11 00:00:00	2021-08-09 00:00:00	None	SQL injection - 6hr Web Attacks (IP=87,DE)
104.248.134.203	24	RR	None	2021-05-02 00:00:00	2021-07-31 00:00:00	None	SQL injection - Web Attacks (IP=203,DE)
104.248.134.99	24	RR	None	2021-05-02 00:00:00	2021-07-31 00:00:00	None	SQL injection - Web Attacks (IP=99,DE)
104.248.135.219	24	CR	None	2021-04-30 00:00:00	2021-07-30 00:00:00	None	HTTP SQL injection_Web Attack Report (IP=219,DE)
104.248.136.187	24	RR	None	2021-05-04 00:00:00	2021-08-02 00:00:00	None	SQL injection - Web Attacks (IP=187,DE)
104.248.136.203	24	BMP	None	2021-05-13 00:00:00	2021-08-11 00:00:00	None	SQL injection - 6hr Web Attacks (IP=203,DE)
104.248.136.33	32	RR	None	2021-03-23 00:00:00	2021-06-21 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) -SourceFire (IP=33,US)
104.248.137.231	24	RW	None	2021-07-23 00:00:00	2021-10-21 00:00:00	None	Adobe ColdFusion Administrator Access Restriction - Web Attacks (IP=231,DE)
104.248.137.61	24	RR	None	2021-05-04 00:00:00	2021-08-02 00:00:00	None	SQL injection - Web Attacks (IP=61,DE)
104.248.138.189	24	EE	None	2021-03-12 00:00:00	2021-08-12 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=189,DE) | updated by RB Block expiration extended with reason HTTP: PHPUnit Remote Code Execution Vulnerability - 6hr web attacks (IP=189,DE)
104.248.138.189	32	srm	None	2021-05-14 00:00:00	2021-08-12 00:00:00	None	Firepower Suspicious Scan Activity (IP=189,DE)
104.248.141.184	24	RR	None	2021-05-02 00:00:00	2021-07-31 00:00:00	None	HTTP SQL Injection Attempt - Web Attacks (IP=184,DE)
104.248.143.19	24	RR	None	2021-05-02 00:00:00	2021-07-31 00:00:00	None	SQL injection - Web Attacks (IP=19,DE)
104.248.143.95	24	BMP	None	2021-05-11 00:00:00	2021-08-09 00:00:00	None	SQL injection - 6hr Web Attacks (IP=95,DE)
104.248.150.122	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	SG TO-S-2020-0298 Malicious Email Activity
104.248.153.158	24	BMP	None	2021-04-27 00:00:00	2021-07-26 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=158,SG)
104.248.155.139	32	srm	None	2021-05-04 00:00:00	2021-08-02 00:00:00	None	Firepower Suspicious Scan Activity (IP=139,SG)
104.248.157.177	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=177,SG)
104.248.16.63	24	RB	None	2021-05-02 00:00:00	2021-07-31 00:00:00	None	SQL injection - 6hr web attacks (IP=63,DE)
104.248.160.154	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	GB TO-S-2020-0493 Malware Activity
104.248.172.157	32	dbc	None	2020-04-08 00:00:00	2021-04-08 00:00:00	None	US TO-S-2020-0419 Malware Activity
104.248.175.154	24	EE	None	2021-03-28 00:00:00	2021-06-26 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks(IP=154,GB)
104.248.175.47	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	GB TO-S-2020-0493 Malware Activity
104.248.176.91	32	NAB	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	HIVE Case #NA FP Security (IP=91,US)
104.248.18.238	24	RR	None	2021-05-14 00:00:00	2021-08-12 00:00:00	None	OS-OTHER Bash CGI environment variable injection attempt - Web Attacks (IP=238,DE)
104.248.19.88	24	BMP	None	2021-05-12 00:00:00	2021-08-10 00:00:00	None	SQL injection - 6hr Web Attacks (IP=88,DE)
104.248.193.132	32	EE	None	2021-02-19 00:00:00	2021-05-19 00:00:00	None	Unauthorized Access-Probe / UDP: Host Sweep - TT: 21C00522 (IP=132,US)
104.248.193.7	24	RW	None	2021-03-07 00:00:00	2021-06-07 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6 hr failed logons (IP=7,NL)
104.248.197.21	24	BMP	None	2021-04-11 00:00:00	2021-07-10 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=21,NL)
104.248.198.248	32	wmp	None	2021-01-29 00:00:00	2021-04-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=248,NL)
104.248.199.50	24	DT	None	2021-04-16 00:00:00	2021-09-04 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=50,NL) | updated by RB Block expiration extended with reason HTTP: PHPUnit Remote Code Execution Vulnerability - 6hr web attacks (IP=50,NL) | updated by RR Block expir
104.248.199.9	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	srm Firepwer Suspicious Scan Activity (IP=9,NL)
104.248.2.243	32	BMP	None	2021-04-01 00:00:00	2021-06-30 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=243,US)
104.248.203.136	32	RR	None	2021-03-23 00:00:00	2021-06-21 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) -SourceFire (IP=136,US)
104.248.224.169	32	RT	None	2021-07-21 00:00:00	2021-10-19 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - 6HR Web Attack (IP=169,US)
104.248.224.229	32	RR	None	2021-04-26 00:00:00	2021-07-26 00:00:00	None	HTTP: Apache Struts2 Remote Command Execution Vulnerability - TT# 21C01082 (IP=203,US)
104.248.224.241	32	FT	None	2021-04-25 00:00:00	2021-07-25 00:00:00	None	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - TT# 21C01075 (IP=241,US)
104.248.227.173	32	RW	None	2021-07-23 00:00:00	2021-10-21 00:00:00	None	SERVER-WEBAPP Avtech IP Camera machine.cgi information disclosure attempt (1:41697:2) - Sourcefire (IP=173,US)
104.248.228.144	32	RT	None	2021-07-21 00:00:00	2021-10-19 00:00:00	None	POLICY-OTHER Adobe ColdFusion component browser access attempt - 6HR Web Attack (IP=144,US)
104.248.228.31	32	BMP	None	2021-03-16 00:00:00	2021-06-14 00:00:00	None	Webshell.Binary.php.FEC2 - Hive Case 5063 (IP=31,US)
104.248.228.88	32	RT	None	2021-07-21 00:00:00	2021-10-19 00:00:00	None	SQL union select - possible sql injection attempt - GET parameter - 6HR Web Attack (IP=88,US)
104.248.230.43	32	RT	None	2021-06-18 00:00:00	2021-09-16 00:00:00	None	AR RCC-CONUS HTTP_GET_Psble_F5TMUI_RCE_RC130840 - TT# 21C01338 (IP=43,US)
104.248.232.122	32	KD	None	2021-08-10 00:00:00	2021-11-08 00:00:00	None	SERVER-WEBAPP Ulterius web server directory traversal attempt - SourceFire (IP=122,US)
104.248.232.172	32	FT	None	2021-04-25 00:00:00	2021-07-25 00:00:00	None	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - TT# 21C01079 (IP=172,US)
104.248.232.215	32	BB	None	2021-09-10 00:00:00	2021-12-09 00:00:00	None	SERVER-ORACLE Oracle iPlanet Web Server unauthenticated information disclosure attempt (1:54214:1) - SourceFire (IP=215,US)
104.248.232.227	32	BMP	None	2021-08-15 00:00:00	2021-11-13 00:00:00	None	SQL injection - 6hr Web Attacks (IP=227,US)
104.248.236.182	32	RT	None	2021-07-21 00:00:00	2021-10-19 00:00:00	None	SERVER-WEBAPP Avtech IP Camera machine.cgi information disclosure attempt - 6HR Web Attack (IP=182,US)
104.248.238.33	32	CR	None	2021-05-05 00:00:00	2021-08-05 00:00:00	None	SQL injection - 6 hr Web Attacks (IP=33,US)
104.248.239.112	32	RT	None	2021-07-21 00:00:00	2021-10-19 00:00:00	None	SQL union select - possible sql injection attempt - GET parameter - 6HR Web Attack (IP=112,US)
104.248.239.19	32	FT	None	2021-04-25 00:00:00	2021-07-25 00:00:00	None	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - TT# 21C01076 (IP=19,US)
104.248.239.203	32	FT	None	2021-04-25 00:00:00	2021-07-25 00:00:00	None	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - TT# 21C01080 (IP=203,US)
104.248.239.229	32	FT	None	2021-04-25 00:00:00	2021-07-25 00:00:00	None	HTTP: Apache Struts Conversion Error Interceptor OGNL Script Injection - TT# 21C01074 (IP=229,US)
104.248.239.3	32	RR	None	2021-04-26 00:00:00	2021-07-25 00:00:00	None	SQL injection - Web Attacks (IP=3,US)
104.248.239.39	32	FT	None	2021-04-25 00:00:00	2021-07-25 00:00:00	None	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - TT# 21C01078 (IP=39,US)
104.248.24.182	32	wmp	None	2021-05-14 00:00:00	2021-08-14 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=182,DE)
104.248.24.24	32	dbc	None	2020-06-10 00:00:00	2021-06-10 00:00:00	None	DE TO-S-2020-0601 Malicious Reconnaissance Activity
104.248.240.225	24	BMP	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=225,DE)
104.248.241.209	24	RR	None	2021-05-02 00:00:00	2021-07-31 00:00:00	None	SQL injection - Web Attacks (IP=209,DE)
104.248.242.37	24	RR	None	2021-05-02 00:00:00	2021-07-31 00:00:00	None	SQL injection - Web Attacks (IP=37,DE)
104.248.242.76	24	RR	None	2021-05-02 00:00:00	2021-07-31 00:00:00	None	SQL injection - Web Attacks (IP=76,DE)
104.248.243.157	24	BMP	None	2021-05-11 00:00:00	2021-08-09 00:00:00	None	SQL injection - 6hr Web Attacks (IP=157,DE)
104.248.243.161	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	srm Firepwer Suspicious Scan Activity (IP=161,DE)
104.248.243.41	24	RR	None	2021-05-04 00:00:00	2021-08-02 00:00:00	None	SQL injection - Web Attacks (IP=41,DE)
104.248.244.123	24	RR	None	2021-05-04 00:00:00	2021-08-02 00:00:00	None	SQL injection - Web Attacks (IP=123,DE)
104.248.246.153	32	wmp	None	2021-05-05 00:00:00	2021-08-05 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=153,DE)
104.248.247.61	24	RR	None	2021-05-02 00:00:00	2021-07-31 00:00:00	None	SQL injection - Web Attacks (IP=61,DE)
104.248.248.233	24	BMP	None	2021-05-11 00:00:00	2021-08-09 00:00:00	None	SQL injection - 6hr Web Attacks (IP=233,DE)
104.248.248.233	24	BMP	None	2021-05-11 00:00:00	2021-08-09 00:00:00	None	SQL injection - 6hr Web Attacks (IP=233,DE) SQL injection - 6hr Web Attacks (IP=233,DE)
104.248.248.69	24	CR	None	2021-04-30 00:00:00	2021-07-30 00:00:00	None	HTTP SQL injection_Web Attack Report (IP=69,DE)
104.248.249.139	24	DT	None	2021-03-13 00:00:00	2021-08-23 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=139,DE) | updated by WR Block expiration extended with reason SERVER-WEBAPP PHPUnit PHP remote code execution attempt- 6 hr web attacks (IP=139,DE)
104.248.25.26	32	BB	None	2021-09-18 00:00:00	2021-12-17 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - IR# 21C01892 (IP=26, US)
104.248.25.73	32	wmp	None	2021-05-06 00:00:00	2021-08-06 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=73,DE)
104.248.25.86	24	BMP	None	2021-05-11 00:00:00	2021-08-09 00:00:00	None	SQL injection - 6hr Web Attacks (IP=86,DE)
104.248.250.160	24	BMP	None	2021-05-12 00:00:00	2021-08-10 00:00:00	None	SQL injection - 6hr Web Attacks (IP=160,DE)
104.248.251.141	24	RW	None	2021-03-31 00:00:00	2021-06-30 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability - 6hr web attacks (IP=141,DE)
104.248.252.83	24	RB	None	2021-05-02 00:00:00	2021-07-31 00:00:00	None	SQL injection - 6hr web attacks (IP=83,DE)
104.248.253.203	32	wmp	None	2021-04-30 00:00:00	2021-07-30 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=203,DE)
104.248.253.254	24	RR	None	2021-05-02 00:00:00	2021-07-31 00:00:00	None	SQL injection - Web Attacks (IP=254,DE)
104.248.253.92	24	BMP	None	2021-05-11 00:00:00	2021-08-09 00:00:00	None	SQL injection - 6hr Web Attacks (IP=92,DE)
104.248.254.4	24	RW	None	2021-05-02 00:00:00	2021-08-02 00:00:00	None	SQL injection - Web attacks (IP=4,DE)
104.248.254.49	32	BMP	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=49,US)
104.248.26.138	24	RB	None	2021-04-06 00:00:00	2021-07-06 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr web attacks (IP=138,DE) | updated by RR Block expiration extended with reason SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=138,DE)
104.248.26.63	24	BMP	None	2021-05-13 00:00:00	2021-08-11 00:00:00	None	HTTP: Firefuzzer SQL Injection Scanning II - 6hr Web Attacks (IP=63,DE)
104.248.28.180	24	BMP	None	2021-05-13 00:00:00	2021-08-11 00:00:00	None	SQL injection - 6hr Web Attacks (IP=180,DE)
104.248.28.180	24	BMP	None	2021-05-13 00:00:00	2021-08-11 00:00:00	None	SQL injection - 6hr Web Attacks (IP=180,DE) SQL injection - 6hr Web Attacks (IP=180,DE)
104.248.28.244	24	BMP	None	2021-05-13 00:00:00	2021-08-11 00:00:00	None	SQL injection - 6hr Web Attacks (IP=244,DE)
104.248.28.255	24	RR	None	2021-05-02 00:00:00	2021-07-31 00:00:00	None	SQL injection - Web Attacks (IP=255,DE)
104.248.29.200	24	BMP	None	2021-05-13 00:00:00	2021-08-11 00:00:00	None	SQL injection - 6hr Web Attacks (IP=200,DE)
104.248.29.213	24	RR	None	2021-05-02 00:00:00	2021-07-31 00:00:00	None	SQL injection - Web Attacks (IP=213,DE)
104.248.3.49	32	ZH	None	2021-09-08 00:00:00	2021-12-07 00:00:00	None	SQL injection - 6hr Web Attacks (IP=49,US)
104.248.31.138	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	srm Firepwer Suspicious Scan Activity (IP=138,DE)
104.248.33.196	24	RR	None	2021-05-04 00:00:00	2021-08-02 00:00:00	None	SQL injection - Web Attacks (IP=196,DE)
104.248.34.80	24	CR	None	2021-04-30 00:00:00	2021-07-30 00:00:00	None	HTTP SQL injection_Web Attack Report (IP=80,DE)
104.248.35.191	24	CR	None	2021-04-30 00:00:00	2021-07-30 00:00:00	None	HTTP SQL injection_Web Attack Report (IP=191,DE)
104.248.36.211	24	BMP	None	2021-05-11 00:00:00	2021-08-09 00:00:00	None	SQL injection - 6hr Web Attacks (IP=211,DE)
104.248.37.84	24	RR	None	2021-05-04 00:00:00	2021-08-02 00:00:00	None	SQL injection - Web Attacks (IP=84,DE)
104.248.38.140	24	EE	None	2021-04-13 00:00:00	2021-07-12 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) Sourcefire (IP=140,DE)
104.248.38.171	24	ZH	None	2021-09-22 00:00:00	2021-12-21 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - TT# 21C01917 (IP=171,DE)
104.248.39.16	24	RR	None	2021-05-04 00:00:00	2021-08-02 00:00:00	None	HTTP: Adobe ColdFusion Directory Traversal Information Disclosure Vulnerability - Web Attacks (IP=16,DE)
104.248.42.205	24	GM	None	2021-03-29 00:00:00	2021-06-29 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=205,DE)
104.248.43.158	24	RR	None	2021-05-04 00:00:00	2021-08-02 00:00:00	None	SQL injection - Web Attacks (IP=158,DE)
104.248.43.169	24	BMP	None	2021-05-13 00:00:00	2021-08-11 00:00:00	None	SQL injection - 6hr Web Attacks (IP=169,DE)
104.248.44.105	32	wmp	None	2021-05-11 00:00:00	2021-08-11 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=105,DE)
104.248.44.202	24	RR	None	2021-05-14 00:00:00	2021-08-12 00:00:00	None	SQL union select - possible sql injection attempt - GET parameter - Web Attacks (IP=202,DE)
104.248.44.202	32	srm	None	2021-05-14 00:00:00	2021-08-12 00:00:00	None	Firepower Suspicious Scan Activity (IP=202,DE)
104.248.45.172	24	RW	None	2021-08-17 00:00:00	2021-11-15 00:00:00	None	SERVER-WEBAPP WordPress
104.248.46.246	32	wmp	None	2021-05-14 00:00:00	2021-08-14 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=246,DE)
104.248.47.119	24	BMP	None	2021-05-13 00:00:00	2021-08-11 00:00:00	None	SQL injection - 6hr Web Attacks (IP=119,DE)
104.248.47.119	24	BMP	None	2021-05-13 00:00:00	2021-08-11 00:00:00	None	SQL injection - 6hr Web Attacks (IP=119,DE) SQL injection - 6hr Web Attacks (IP=119,DE)
104.248.47.163	24	RB	None	2021-05-10 00:00:00	2021-08-08 00:00:00	None	SQL injection - 6hr web attacks (IP=163,DE)
104.248.5.69	32	KD	None	2021-06-08 00:00:00	2021-09-07 00:00:00	None	SQL injection- Web Attacks (IP=69,US)
104.248.51.163	32	UA	None	2021-08-15 00:00:00	2021-11-13 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire (IP=163,US)
104.248.51.246	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	US TO-S-2020-0331 Malicious Email Activity
104.248.51.82	32	BB	None	2021-09-10 00:00:00	2021-12-09 00:00:00	None	- Web Attacks (IP=82,US)
104.248.51.84	32	BMP	None	2021-03-25 00:00:00	2021-06-23 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=84,US)
104.248.52.47	32	RB	None	2021-04-13 00:00:00	2021-08-09 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=47,US) | updated by BMP Block expiration extended with reason HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=47,US)
104.248.55.153	32	UA	None	2021-08-15 00:00:00	2021-11-13 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire (IP=153,US)
104.248.55.30	32	BB	None	2021-09-10 00:00:00	2021-12-09 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=30,US)
104.248.57.101	32	BB	None	2021-09-10 00:00:00	2021-12-09 00:00:00	None	SQL injection - Web Attacks (IP=101,US)
104.248.57.145	32	BB	None	2021-09-10 00:00:00	2021-12-09 00:00:00	None	SQL injection - Web Attacks (IP=145,US)
104.248.58.156	32	EE	None	2021-04-06 00:00:00	2021-07-05 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attack (IP=156,US)
104.248.58.96	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	US TO-S-2020-0493 Malware Activity
104.248.59.151	32	BB	None	2021-09-10 00:00:00	2021-12-09 00:00:00	None	SQL injection - Web Attacks (IP=151,US)
104.248.6.244	32	RB	None	2021-03-30 00:00:00	2021-06-28 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Sourcefire (IP=244,US)
104.248.60.43	32	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	US TO-S-2020-0315 Malicious Web Application Activity
104.248.61.236	32	CR	None	2021-01-06 00:00:00	2021-04-06 00:00:00	None	Masscan TCP Port Scanner - IPS Events (IP=236,US)
104.248.63.248	32	JKC	None	2020-06-11 00:00:00	2021-06-11 00:00:00	None	Malicious IP Hive Case 2987 COLS-NA TIP 20-0165 CTO 20-156 (ip=248, US)
104.248.64.30	32	BMP	None	2021-01-26 00:00:00	2021-04-26 00:00:00	None	SQL injection - 6hr Web Attacks (IP=30,US)
104.248.65.106	32	BMP	None	2021-01-26 00:00:00	2021-04-26 00:00:00	None	SQL injection - 6hr Web Attacks (IP=106,US)
104.248.66.174	32	BMP	None	2021-01-26 00:00:00	2021-04-26 00:00:00	None	SQL injection - 6hr Web Attacks (IP=174,US)
104.248.66.199	32	wmp	None	2021-01-27 00:00:00	2021-04-27 00:00:00	None	Suspicious Scan Activity (IP=199,US)
104.248.66.223	32	BMP	None	2021-01-26 00:00:00	2021-04-26 00:00:00	None	SQL injection - 6hr Web Attacks (IP=223,US)
104.248.70.149	32	wmp	None	2021-01-25 00:00:00	2021-04-25 00:00:00	None	Suspicious Scan Activity (IP=149,US)
104.248.70.167	32	wmp	None	2021-01-25 00:00:00	2021-04-25 00:00:00	None	Suspicious Scan Activity (IP=167,US)
104.248.70.191	32	GM	None	2020-12-20 00:00:00	2021-03-20 00:00:00	None	Masscan TCP Port Scanner - FireEye CMS (IP=191,US)
104.248.70.201	32	wmp	None	2021-01-25 00:00:00	2021-04-25 00:00:00	None	Suspicious Scan Activity (IP=201,US)
104.248.75.8	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	US TO-S-2020-0303 Malicious Email Activity
104.248.76.105	32	wmp	None	2021-01-25 00:00:00	2021-04-25 00:00:00	None	Suspicious Scan Activity (IP=105,US)
104.248.77.215	32	EE	None	2021-04-06 00:00:00	2021-12-07 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attack (IP=215,US) | updated by BMP Block expiration extended with reason HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=215,US) | updated by AR Block expiration | updated by RW Block expiration extended with reason HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - IR# 21C01780 (IP=215,US)
104.248.78.27	32	BMP	None	2021-01-21 00:00:00	2021-04-21 00:00:00	None	muieblackcat PHP Vulnerability Scanner - FireEye CMS (IP=27,US)
104.248.78.65	32	wmp	None	2021-01-25 00:00:00	2021-04-25 00:00:00	None	Suspicious Scan Activity (IP=201,US)
104.248.84.70	24	RB	None	2021-04-05 00:00:00	2021-07-04 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr web attacks (IP=70,NL)
104.248.87.85	24	RB	None	2021-04-01 00:00:00	2021-06-30 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability - 6hr web attacks (IP=85,NL)
104.248.89.171	32	srm	None	2021-04-27 00:00:00	2021-07-26 00:00:00	None	Firepower Suspicious Scan Activity (IP=171,NL)
104.248.89.232	32	RR	None	2021-08-31 00:00:00	2021-11-29 00:00:00	None	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - TT# 21C01698 (IP=232,US)
104.250.164.0	24	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	LI Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
104.250.174.61	32	JKC	None	2020-06-11 00:00:00	2021-06-11 00:00:00	None	Malicious IP Hive Case 2987 COLS-NA TIP 20-0165 CTO 20-156 (ip=61, US)
104.250.178.38	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	US TO-S-2020-0698 Malicious Email Activity
104.252.3.96	32	BB	None	2021-09-27 00:00:00	2021-12-26 00:00:00	None	INDICATOR-OBFUSCATION javascript with hex variable names - TT# 21C01966 (IP=96,US)
104.254.233.40	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	US TO-S-2020-0331 Malware Activity
104.254.233.62	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	NL TO-S-2020-0298 Malware Activity
104.254.244.178	32	BMP	None	2021-07-20 00:00:00	2021-10-18 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=178,US)
104.255.169.179	32	TLM	None	2021-07-29 00:00:00	2021-10-27 00:00:00	None	HIVE Case #5884 TO-S-2021-1435 (IP=179,US)
104.26.15.138	32	ZH	None	2021-06-09 00:00:00	2021-09-07 00:00:00	None	Attempted Access - INDICATOR-OBFUSCATION javascript with hex variable names - TT# 21C01278 (IP=201,US)
104.26.4.98	32	JKC	None	2020-06-11 00:00:00	2021-06-11 00:00:00	None	Malicious IP Hive Case 2987 COLS-NA TIP 20-0165 CTO 20-156 (ip=98, US)
104.26.7.32	32	dbc	None	2020-05-13 00:00:00	2021-05-13 00:00:00	None	Unaffiliated TO-S-2020-0503 Malicious Email Activity
104.27.128.176	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	US TO-S-2020-0535 Malware Activity
104.27.131.207	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	US TO-S-2020-0698 Malware Activity
104.27.131.73	32	dbc	None	2020-03-24 00:00:00	2021-03-24 00:00:00	None	US TO-S-2020-0369 Malicious Email Activity
104.27.132.219	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	US TO-S-2020-0750 Malicious Email Activity
104.27.132.9	32	dbc	None	2020-03-24 00:00:00	2021-03-24 00:00:00	None	US TO-S-2020-0369 Malicious Email Activity
104.27.134.47	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	US TO-S-2020-0750 Malicious Email Activity
104.27.138.145	32	dbc	None	2020-06-10 00:00:00	2021-06-10 00:00:00	None	Unaffiliated TO-S-2020-0601 Malicious Email Activity
104.27.138.44	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	US TO-S-2020-0331 Malware Activity
104.27.139.243	32	dbc	None	2020-06-08 00:00:00	2021-06-08 00:00:00	None	Unafiliated TO-S-2020-0592 Malicious Email Activity
104.27.139.58	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	US TO-S-2020-0535 Malware Activity
104.27.144.189	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	US TO-S-2020-0750 Malicious Email Activity
104.27.145.104	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	US TO-S-2020-0535 Malware Activity
104.27.145.177	32	dbc	None	2020-03-24 00:00:00	2021-03-24 00:00:00	None	US TO-S-2020-0369 Malicious Email Activity
104.27.146.114	32	JKC	None	2020-06-11 00:00:00	2021-06-11 00:00:00	None	Malicious IP Hive Case 2987 COLS-NA TIP 20-0165 CTO 20-156 (IP=114, US)
104.27.146.252	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	US TO-S-2020-0698 Malicious Email Activity
104.27.147.192	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	US TO-S-2020-0331 Malicious Email Activity
104.27.147.246	32	dbc	None	2020-06-10 00:00:00	2021-06-10 00:00:00	None	Unaffiliated TO-S-2020-0601 Malicious Email Activity
104.27.149.144	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	US TO-S-2020-0698 Malicious Email Activity
104.27.149.177	32	dbc	None	2020-06-08 00:00:00	2021-06-08 00:00:00	None	US TO-S-2020-0592 Malware Activity
104.27.149.234	32	dbc	None	2020-06-08 00:00:00	2021-06-08 00:00:00	None	US TO-S-2020-0592 Malicious Email Activity
104.27.150.96	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	US TO-S-2020-0331 Malicious Email Activity
104.27.152.14	32	dbc	None	2020-06-08 00:00:00	2021-06-08 00:00:00	None	US TO-S-2020-0592 Malicious Email Activity
104.27.152.22	32	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	US TO-S-2020-0315 Malicious Web Application Activity
104.27.153.22	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	US TO-S-2020-0331 Malicious Email Activity
104.27.154.111	32	GL	None	2020-10-30 00:00:00	2021-01-28 00:00:00	None	HIVE Case #4236 COLSNATIP200339 (IP=111,US)
104.27.155.133	32	dbc	None	2020-06-10 00:00:00	2021-06-10 00:00:00	None	Unaffiliated TO-S-2020-0601 Malicious Email Activity
104.27.156.82	32	dbc	None	2020-01-08 00:00:00	2021-01-08 00:00:00	None	US TO-S-2020-0236 Malicious Email Activity
104.27.158.100	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	US TO-S-2020-0698 Malicious Email Activity
104.27.159.100	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	US TO-S-2020-0698 Malicious Email Activity
104.27.159.155	32	dbc	None	2020-04-08 00:00:00	2021-04-08 00:00:00	None	US TO-S-2020-0419 Malware Activity
104.27.159.187	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	US TO-S-2020-0535 Malware Activity
104.27.159.56	32	NAB	None	2021-01-07 00:00:00	2021-04-07 00:00:00	None	HIVE Case #NA FP Security (IP=56,US)
104.27.160.96	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	US TO-S-2020-0750 Malicious Email Activity
104.27.163.201	32	dbc	None	2020-06-10 00:00:00	2021-06-10 00:00:00	None	Unaffiliated TO-S-2020-0601 Malicious Email Activity
104.27.166.1	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	US Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
104.27.176.115	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	US Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
104.27.176.124	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	US Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
104.27.183.233	32	dbc	None	2020-03-24 00:00:00	2021-03-24 00:00:00	None	US TO-S-2020-0369 Malicious Email Activity
104.27.187.16	32	wmp	None	2020-07-17 00:00:00	2021-08-24 00:00:00	None	HIVE Case #3353 TO-S-2020-0682 COLS-NA-TIP-20-0223 (IP=16,US) | updated by wmp Block expiration extended with reason HIVE Case #3375 COLS-NA-TIP-20-0230 (IP=16,US) | updated by dbc Block expiration extended with reason US TO-S-2020-0750 Malicious Emai
104.27.187.233	32	dbc	None	2020-06-08 00:00:00	2021-06-08 00:00:00	None	US TO-S-2020-0592 Malware Activity
104.27.188.115	32	dbc	None	2020-05-22 00:00:00	2021-05-27 00:00:00	None	Unafilliated TO-S-2020-0559 Malicious Email Activity | updated by dbc Block expiration extended with reason Unafilliated TO-S-2020-0559.01 Malicious Email Activity
104.27.188.156	32	dbc	None	2020-04-08 00:00:00	2021-04-08 00:00:00	None	US TO-S-2020-0419 Malicious Email Activity
104.27.191.180	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	US TO-S-2020-0698 Malicious Email Activity
104.27.191.184	32	BMP	None	2020-12-15 00:00:00	2021-03-15 00:00:00	None	Malicious.SSL.Generic - Hive Case 4565 (IP=184,US)
104.27.191.95	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	US TO-S-2020-0698 Malware Activity
104.28.0.82	32	dbc	None	2020-05-13 00:00:00	2021-05-13 00:00:00	None	Unaffiliated TO-S-2020-0503 Malicious Email Activity
104.28.12.2	32	kmw	None	2020-01-02 00:00:00	2021-01-02 00:00:00	None	US TO-S-2020-0228 Malicious Email Activity
104.28.13.112	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	US TO-S-2020-0331 Malicious Email Activity
104.28.14.44	32	dbc	None	2020-06-08 00:00:00	2021-06-08 00:00:00	None	US TO-S-2020-0592 Malware Activity
104.28.16.138	32	NAB	None	2021-01-11 00:00:00	2021-04-11 00:00:00	None	HIVE Case #NA FP Security (IP=138,US)
104.28.18.103	32	dbc	None	2020-06-08 00:00:00	2021-06-08 00:00:00	None	Unafiliated TO-S-2020-0592 Malicious Email Activity
104.28.18.208	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	US TO-S-2020-0750 Malicious Email Activity
104.28.19.122	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	US TO-S-2020-0331 Malicious Email Activity
104.28.19.146	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	US TO-S-2020-0698 Malicious Email Activity
104.28.19.60	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	US TO-S-2020-0698 Malicious Email Activity
104.28.2.168	32	dbc	None	2020-03-24 00:00:00	2021-03-24 00:00:00	None	US TO-S-2020-0369 Malicious Email Activity
104.28.2.19	32	dbc	None	2020-01-08 00:00:00	2021-01-08 00:00:00	None	US TO-S-2020-0236 Malicious Email Activity
104.28.2.78	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	US TO-S-2020-0698 Malicious Email Activity
104.28.20.103	32	dbc	None	2020-06-08 00:00:00	2021-06-08 00:00:00	None	Unafiliated TO-S-2020-0592 Malicious Email Activity
104.28.21.210	32	dbc	None	2020-03-24 00:00:00	2021-03-24 00:00:00	None	US TO-S-2020-0369 Malicious Email Activity
104.28.24.106	32	NAB	None	2021-01-07 00:00:00	2021-04-08 00:00:00	None	HIVE Case #NA FP Security (IP=106,US) | updated by NAB Block expiration extended with reason HIVE Case #NA FP Security (IP=106,US)
104.28.26.84	32	NAB	None	2020-10-30 00:00:00	2021-01-28 00:00:00	None	HIVE Case #4238 COLS-NA-TIP-20-0344 (IP=84,US)
104.28.29.26	32	dbc	None	2020-04-08 00:00:00	2021-04-08 00:00:00	None	US TO-S-2020-0419 Malware Activity
104.28.3.68	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	US TO-S-2020-0303 Malware Activity
104.28.31.102	32	dbc	None	2020-04-08 00:00:00	2021-04-08 00:00:00	None	US TO-S-2020-0419 Malicious Email Activity
104.28.4.47	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	US TO-S-2020-0331 Malicious Email Activity
104.28.7.169	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	US TO-S-2020-0303 Malicious Email Activity
104.28.8.112	32	dbc	None	2020-06-08 00:00:00	2021-06-08 00:00:00	None	US TO-S-2020-0592 Malicious Email Activity
104.28.8.21	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	US TO-S-2020-0698 Malicious Email Activity
104.28.8.39	32	dbc	None	2020-06-08 00:00:00	2021-06-08 00:00:00	None	Unafiliated TO-S-2020-0592 Malicious Email Activity
104.28.9.39	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	US TO-S-2020-0698 Malicious Email Activity
104.31.64.142	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	US TO-S-2020-0331 Malicious Email Activity
104.31.64.186	32	dbc	None	2020-05-13 00:00:00	2021-05-13 00:00:00	None	Unaffiliated TO-S-2020-0503 Malicious Email Activity
104.31.64.198	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	US Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
104.31.68.135	32	dbc	None	2020-06-08 00:00:00	2021-06-08 00:00:00	None	US TO-S-2020-0592 Malicious Email Activity
104.31.68.202	32	dbc	None	2020-03-24 00:00:00	2021-03-24 00:00:00	None	US TO-S-2020-0369 Malicious Email Activity
104.31.68.33	32	kmw	None	2020-01-02 00:00:00	2021-01-02 00:00:00	None	US TO-S-2020-0228 Malicious Email Activity
104.31.68.99	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	US TO-S-2020-0698 Malicious Email Activity
104.31.69.209	32	NAB	None	2021-01-07 00:00:00	2021-04-07 00:00:00	None	HIVE Case #NA FP Security (IP=209,US)
104.31.71.12	32	kmw	None	2020-01-02 00:00:00	2021-01-02 00:00:00	None	US TO-S-2020-0228 Malicious Email Activity
104.31.71.220	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	US TO-S-2020-0698 Malicious Email Activity
104.31.72.209	32	dbc	None	2020-06-08 00:00:00	2021-06-08 00:00:00	None	Unafiliated TO-S-2020-0592 Malicious Email Activity
104.31.73.193	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	US TO-S-2020-0698 Malicious Email Activity
104.31.74.146	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	US TO-S-2020-0698 Malicious Email Activity
104.31.76.226	32	dbc	None	2020-06-10 00:00:00	2021-06-10 00:00:00	None	Unaffiliated TO-S-2020-0601 Malicious Email Activity
104.31.78.15	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	US TO-S-2020-0331 Malicious Email Activity
104.31.79.3	32	dbc	None	2020-05-13 00:00:00	2021-05-13 00:00:00	None	Unaffiliated TO-S-2020-0503 Malicious Email Activity
104.31.83.131	32	dbc	None	2020-06-08 00:00:00	2021-06-08 00:00:00	None	Unafiliated TO-S-2020-0592 Malicious Email Activity
104.31.84.42	32	wmp	None	2020-06-19 00:00:00	2021-08-24 00:00:00	None	HIVE Case #3038 CTO-20-168 (IP=32,US) | updated by dbc Block expiration extended with reason US TO-S-2020-0750 Malicious Email Activity
104.31.85.243	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	US TO-S-2020-0535 Malware Activity
104.31.85.27	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	US TO-S-2020-0331 Malicious Email Activity
104.31.86.25	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	US Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
104.31.87.190	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	US TO-S-2020-0331 Malicious Email Activity
104.31.90.229	32	dbc	None	2020-06-08 00:00:00	2021-06-08 00:00:00	None	Unafiliated TO-S-2020-0592 Malicious Email Activity
104.31.95.115	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	US TO-S-2020-0331 Malicious Email Activity
104.31.95.156	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	Unaffiliated TO-S-2020-0535 Malicious Email Activity
104.36.197.12	32	dbc	None	2020-05-22 00:00:00	2021-05-27 00:00:00	None	Unafilliated TO-S-2020-0559 Malicious Email Activity | updated by dbc Block expiration extended with reason Unafilliated TO-S-2020-0559.01 Malicious Email Activity
104.37.31.86	32	BMP	None	2021-02-04 00:00:00	2021-05-04 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - 6hr Web Attacks (IP=86,US)
104.37.86.15	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
104.37.86.29	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	US TO-S-2020-0698 Malicious Email Activity
104.41.5.130	24	BMP	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HTTP: Blind SQL Injection - Timing (IP=130,BR)
104.43.143.175	32	ABC	None	2021-07-12 00:00:00	2021-10-10 00:00:00	None	Command Injection (IP=175,US)
104.43.198.179	32	ZH	None	2021-07-15 00:00:00	2021-10-13 00:00:00	None	SQL Injection - 6hr Web Attacks (IP=179,US)
104.43.207.132	32	ZH	None	2021-08-06 00:00:00	2021-11-04 00:00:00	None	Web server exploit attempts - HIVE Case 5899 (IP=132,US)
104.43.226.56	32	BMP	None	2021-09-03 00:00:00	2021-12-02 00:00:00	None	Command Injection (IP=56,US)
104.45.132.19	32	SW	None	2021-07-24 00:00:00	2021-10-22 00:00:00	None	Attempted Access - Inbound Brute Force - TT# 21C01478 (IP=19,US)
104.47.64.254	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	MULTIPLE UNRECOGNIZED TECHNIQUES; FORWARD TO DEV TEAM (IP=254,US)
104.58.184.180	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=180,US)
104.63.13.70	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=70,US)
104.69.71.48	32	RT	None	2021-06-08 00:00:00	2021-09-06 00:00:00	None	INDICATOR-COMPROMISE Content-Type text/plain containing Portable Executable data (1:38619:5) - SourceFire Report (IP=48,US)
104.8.200.236	32	GM	None	2021-02-15 00:00:00	2021-05-15 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - Web Attacks (IP=236,US)
104.9.96.183	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=183,US)
104.93.88.241	32	wmp	None	2021-01-25 00:00:00	2021-04-25 00:00:00	None	Suspicious Scan Activity (IP=241,US)
104.95.77.149	32	UA	None	2021-07-21 00:00:00	2021-10-19 00:00:00	None	INDICATOR-COMPROMISE Content-Type text/plain containing Portable Executable data (1:38619:5) - Sourcefire (IP=149,US)
105.101.40.178	32	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	DZ TO-S-2020-0315 Malicious Web Application Activity
105.103.221.238	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	DZ TO-S-2020-0331 Malicious Web Application Activity
105.110.199.50	24	RW	None	2020-11-06 00:00:00	2021-02-06 00:00:00	None	Malicious IP - Hive Case #4272 (IP=50,DZ)
105.154.215.165	24	RT	None	2021-06-23 00:00:00	2021-09-21 00:00:00	None	Adobe ColdFusion Administrator Access Restriction – 6hr Web Attacks (IP=165,MA)
105.154.218.82	24	RR	None	2021-05-01 00:00:00	2021-07-30 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - SourceFire (IP=82,MA)
105.156.76.94	32	RB	None	2021-01-20 00:00:00	2021-04-21 00:00:00	None	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - TT# 21C00416 (IP=94,MA)
105.157.75.151	24	RB	None	2021-05-16 00:00:00	2021-08-14 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - Sourcefire (IP=151,MA)
105.159.119.151	24	RR	None	2021-03-29 00:00:00	2021-06-27 00:00:00	None	SERVER-WEBAPP generic SQL select statement possible sql injection -SourceFire (IP=151,MA)
105.179.0.0	19	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	RW Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
105.184.148.245	24	RB	None	2021-03-30 00:00:00	2021-06-28 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6hr failed logons (IP=245,CN)
105.184.221.0	24	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	ZA Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
105.184.35.71	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	ZA TO-S-2020-0535 Malware Activity
105.209.235.113	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	ZA TO-S-2021-0876 Hive Case 4166 Malware Activity
105.212.95.97	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	ZA TO-S-2020-0331 Malicious Web Application Activity
105.213.67.88	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	ZA TO-S-2021-0876 Hive Case 4166 Malware Activity
105.216.17.129	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	ZA Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
105.216.26.76	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	ZA Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
105.216.27.161	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	ZA TO-S-2020-0298 Malicious Email Activity
105.216.38.53	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	US TO-S-2020-0303 Malicious Email Activity
105.216.57.142	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	US TO-S-2020-0303 Malicious Email Activity
105.234.156.0	23	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	MW Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
105.234.156.5	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	US TO-S-2020-0303 Malicious Email Activity
105.235.192.0	20	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	NG TO-S-2020-0331 Malicious Web Application Activity
105.242.150.10	32	srm	None	2021-01-28 00:00:00	2021-04-28 00:00:00	None	Firepower Suspicious Scan Activity (IP=10,ZA)
105.242.209.2	32	RB	None	2020-10-19 00:00:00	2021-01-17 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 21C00150 (IP=2,ZA)
105.255.158.250	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=250,ZA)
105.67.135.154	32	RB	None	2021-02-22 00:00:00	2021-05-23 00:00:00	None	Adobe ColdFusion Administrator Access Restriction - 6hr web attacks (IP=154,MA)
105.67.135.154	24	GM	None	2021-02-21 00:00:00	2021-05-22 00:00:00	None	SERVER-WEBAPP JBoss web console access attempt - 6hr Web Attacks (IP=154,MA)
105.96.19.60	24	RB	None	2021-05-07 00:00:00	2021-08-05 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Sourcefire (IP=60,DZ)
106.0.61.0	24	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,BD)
106.1.111.91	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=91,TW)
106.1.111.91	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=91,TW)
106.1.111.91	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=91,TW)
106.117.235.202	24	RR	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	SSH2 Failed Login Attempt - Failed Logons (IP=202,CN)
106.118.20.62	24	GM	None	2021-03-29 00:00:00	2021-06-29 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=62,CN)
106.12.104.199	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=199,CN)
106.12.104.199	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=199,CN)
106.12.109.44	24	BMP	None	2021-05-10 00:00:00	2021-08-08 00:00:00	None	HTTP: SQL Injection Attempt Detected - 6hr Web Attacks (IP=44,CN)
106.12.122.87	24	DT	None	2020-11-27 00:00:00	2021-02-25 00:00:00	None	POLICY-OTHER Adobe ColdFusion admin interface access attempt - 6hr Web Attacks (IP=87,CN)
106.12.172.48	32	wmp	None	2021-01-29 00:00:00	2021-04-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=48,CN)
106.12.180.221	24	FT	None	2021-03-27 00:00:00	2021-06-25 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=221,CN)
106.12.208.15	24	WR	None	2021-05-19 00:00:00	2021-08-17 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=15,CN)
106.12.212.191	24	RW	None	2021-09-16 00:00:00	2021-12-15 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=191,CN)
106.12.216.155	24	RB	None	2021-05-17 00:00:00	2021-08-21 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr web attacks (IP=155,CN) | updated by RB Block expiration extended with reason SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Sourcefire (IP=155,CN) SERVER-W
106.12.216.155	24	RB	None	2021-05-22 00:00:00	2021-08-21 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr web attacks (IP=155,CN) | updated by RB Block expiration extended with reason SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Sourcefire (IP=155,CN) SERVER-W
106.12.216.155	24	RR	None	2021-05-23 00:00:00	2021-08-21 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr web attacks (IP=155,CN) | updated by RB Block expiration extended with reason SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Sourcefire (IP=155,CN) SERVER-W
106.12.216.155	32	BMP	None	2020-10-19 00:00:00	2021-01-17 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 21C00154 (IP=155,CN)
106.12.216.155	24	RB	None	2021-05-17 00:00:00	2021-08-21 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr web attacks (IP=155,CN) | updated by RB Block expiration extended with reason SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Sourcefire (IP=155,CN) SERVER-W
106.12.254.44	24	RR	None	2021-03-29 00:00:00	2021-06-27 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt -SourceFire (IP=44,CN)
106.12.46.73	32	RT	None	2021-10-02 00:00:00	2021-12-31 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 22C00029
106.12.81.222	24	ZH	None	2021-08-28 00:00:00	2021-11-26 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - Sourcefire (IP=222,CN)
106.12.84.118	24	AR	None	2021-08-13 00:00:00	2021-11-11 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire Report (IP=118,CN)
106.13.136.211	24	SW	None	2021-08-20 00:00:00	2021-11-18 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - WebAttacks (IP=211,CN)
106.13.208.37	32	BMP	None	2020-12-22 00:00:00	2021-03-22 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - 6 Hr Web Attacks (IP=37,CN)
106.13.237.158	24	FT	None	2020-11-09 00:00:00	2021-02-10 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - 6hr web attacks (IP=158,CN) | updated by GM Block expiration extended with reason SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Sourcefire (IP=158,CN)
106.13.45.20	32	DT	None	2020-10-13 00:00:00	2021-01-11 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 21C00114 (IP=203,CN)
106.13.75.132	32	wmp	None	2021-03-01 00:00:00	2021-06-01 00:00:00	None	Firepower Suspicious Scan Activity (IP=132,CN)
106.13.76.76	24	WR	None	2021-08-18 00:00:00	2021-11-16 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - 6hr Web Attacks (IP=76,CN)
106.13.77.197	24	BMP	None	2021-09-03 00:00:00	2021-12-02 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=197,CN)
106.13.80.219	24	CR	None	2021-05-11 00:00:00	2021-08-09 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=219,CN)
106.13.97.31	24	FT	None	2020-11-06 00:00:00	2021-02-05 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=31,CN)
106.14.113.162	24	BMP	None	2021-05-10 00:00:00	2021-08-08 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - 6hr Web Attacks (IP=162,CN)
106.14.113.162	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=162,CN)
106.14.12.44	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	HIVE Case #Firepower Firepower (IP=44,CN)
106.14.26.12	24	GM	None	2021-03-20 00:00:00	2021-06-18 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=12,CN)
106.14.28.213	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	HIVE Case #Firepower Firepower (IP=213,CN)
106.14.31.43	24	UA	None	2021-05-27 00:00:00	2021-08-25 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=43,CN)
106.15.227.115	24	RR	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=115,CN)
106.15.65.146	24	EE	None	2021-04-04 00:00:00	2021-07-03 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attack (IP=146,CN)
106.187.35.251	32	kmw	None	2020-01-02 00:00:00	2021-01-02 00:00:00	None	SG TO-S-2020-0228 Malicious Web Application Activity
106.193.44.0	22	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,IN)
106.195.36.0	22	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=0,IN)
106.195.64.0	22	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5637 TO-S-2021-1321 (IP=0,IN)
106.198.100.0	22	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	IN TO-S-2020-0838 Malware Activity
106.2.7.25	24	RR	None	2021-03-11 00:00:00	2021-06-28 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=25,CN) | updated by RB Block expiration extended with reason HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=25,CN)
106.200.153.143	24	JKC	None	2020-04-13 00:00:00	2021-04-13 00:00:00	None	CTR-20-0629 MALWARE CAMPAIGN HIVE CASE #2512 (IP=143, IN)
106.200.153.143	32	dbc	None	2020-06-10 00:00:00	2021-06-10 00:00:00	None	IN TO-S-2020-0601 Malware Activity
106.200.193.171	32	dbc	None	2020-01-08 00:00:00	2021-01-08 00:00:00	None	IN TO-S-2020-0236 Malicious Reconnaissance Activity
106.201.0.0	20	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	IN Hive Case 4237 TO-S-2021-0910 Malware Activity
106.201.238.169	32	dbc	None	2020-05-22 00:00:00	2021-05-27 00:00:00	None	Unafilliated TO-S-2020-0559 Malicious Email Activity | updated by dbc Block expiration extended with reason Unafilliated TO-S-2020-0559.01 Malicious Email Activity
106.201.87.77	24	BMP	None	2021-02-23 00:00:00	2021-05-24 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6hr Failed Logons (IP=77,IN)
106.203.128.0	20	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	IN TO-S-2020-0331 Malware Activity
106.203.133.64	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	IN TO-S-2020-0331 Malicious Reconnaissance Activity
106.205.43.8	32	dbc	None	2020-01-08 00:00:00	2021-01-08 00:00:00	None	IN TO-S-2020-0236 Malicious Reconnaissance Activity
106.207.182.181	32	dbc	None	2020-01-08 00:00:00	2021-01-08 00:00:00	None	IN TO-S-2020-0236 Malicious Email Activity
106.208.84.0	22	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	IN TO-S-2021-0989 Hive Case # 4493 Unknown Malicious Activity
106.213.107.211	24	DT	None	2021-09-11 00:00:00	2021-12-10 00:00:00	None	SQL injection - Web Attacks (IP=211,IN)
106.217.96.0	19	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	IN TO-S-2021-1007 Malware Activity
106.223.120.0	22	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	IN TO-S-2021-1007 Malware Activity
106.223.128.0	19	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	IN TO-S-2021-0876 Hive Case 4166 Malware Activity
106.223.4.0	22	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5629 TO-S-2021-1303 (IP=0,IN)
106.223.56.0	22	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	IN TO-S-2020-0750 Malicious Email Activity
106.246.252.242	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	KR TO-S-2020-0331 Malware Activity
106.249.28.45	24	RR	None	2020-10-29 00:00:00	2021-01-27 00:00:00	None	BROWSER-PLUGINS Microsoft Windows Scripting Host Shell ActiveX function call access - SourceFire (IP=45,KR)
106.38.48.122	24	RB	None	2021-03-29 00:00:00	2021-06-27 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr web attacks (IP=122,CN)
106.38.50.78	24	EE	None	2021-03-27 00:00:00	2021-06-25 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=78,CN)
106.51.49.131	24	FT	None	2021-04-25 00:00:00	2021-07-25 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - 6hr web attacks (IP=131,IN)
106.51.67.64	24	GM	None	2021-04-02 00:00:00	2021-07-02 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=64,IN)
106.51.85.93	24	EE	None	2021-04-06 00:00:00	2021-07-05 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - Sourcefire (IP=93,IN)
106.51.86.209	24	EE	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attack (IP=209,IN)
106.52.10.139	24	FT	None	2021-03-03 00:00:00	2021-06-02 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=139,CN)
106.52.102.241	24	BMP	None	2021-06-02 00:00:00	2021-08-31 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=241,CN)
106.52.106.97	24	RR	None	2020-11-09 00:00:00	2021-02-07 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - SourceFire (IP=97,CN)
106.52.142.150	24	WR	None	2021-05-26 00:00:00	2021-08-24 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6 hr web attacks (IP=150, CN)
106.52.153.48	24	FT	None	2020-10-25 00:00:00	2021-01-25 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=48,CN)
106.52.163.30	24	GM	None	2020-10-24 00:00:00	2021-01-24 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Sourcefire (IP=30,CN)
106.52.167.107	24	FT	None	2020-10-31 00:00:00	2021-01-31 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Atacks (IP=107,CN)
106.52.205.237	24	RR	None	2021-03-30 00:00:00	2021-06-28 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt -SourceFire (IP=237,CN)
106.52.27.165	24	EE	None	2021-03-28 00:00:00	2021-06-26 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=165,CN)
106.52.38.41	24	RB	None	2021-03-29 00:00:00	2021-06-27 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - 6hr web attacks (IP=41,CN)
106.52.42.50	24	GLM	None	2021-04-04 00:00:00	2021-07-03 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=50,CN)
106.52.43.163	24	DT	None	2021-03-30 00:00:00	2021-06-28 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=163,CN)
106.52.70.197	24	BMP	None	2021-03-13 00:00:00	2021-06-11 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=197,CN)
106.52.78.254	24	DT	None	2021-03-13 00:00:00	2021-06-13 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=254,CN)
106.53.152.27	24	DT	None	2021-03-14 00:00:00	2021-06-14 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=27,CN)
106.53.153.195	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	HIVE Case #Firepower Firepower (IP=195,CN)
106.53.220.55	24	EE SERVER-WEBAPP	None	2021-01-26 00:00:00	2021-04-26 00:00:00	None	ThinkPHP 5.0.23/5.1.31 command injection attempt - 6 HR Web Attack (IP=55,CN)
106.53.226.148	24	GM	None	2021-03-29 00:00:00	2021-06-29 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=148,CN)
106.53.238.69	24	FT	None	2020-11-14 00:00:00	2021-02-22 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - 6hr Web Attacks (IP=69,CN)
106.53.239.229	24	FT	None	2021-03-21 00:00:00	2021-06-19 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=229,CN)
106.53.48.246	24	BMP	None	2020-12-06 00:00:00	2021-03-06 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - SourceFire (IP=24,CN)
106.53.53.176	24	GM	None	2020-10-05 00:00:00	2021-01-05 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=176,CN)
106.54.124.166	24	ZH	None	2021-06-27 00:00:00	2021-09-25 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - 6hr Web Attacks (IP=166,CN)
106.54.160.165	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=165,CN)
106.54.187.30	24	KD	None	2021-06-03 00:00:00	2021-09-04 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=30,CN)
106.54.188.101	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	srm Firepwer Suspicious Scan Activity (IP=101,CN)
106.54.49.107	32	GM	None	2020-10-02 00:00:00	2021-01-02 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT # 21C00009 (IP=107,CN)
106.54.72.168	24	RR	None	2020-12-18 00:00:00	2021-03-18 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - SourceFire (IP=168,CN)
106.54.84.17	24	BMP	None	2020-10-17 00:00:00	2021-01-15 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=17,CN)
106.55.14.27	24	GM	None	2021-03-27 00:00:00	2021-06-25 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=27,CN)
106.55.145.120	24	EE	None	2021-01-26 00:00:00	2021-04-26 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - 6 HR Web Attack (IP=55,CN
106.55.147.167	24	KD	None	2021-09-01 00:00:00	2021-12-01 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=167,CN)
106.55.156.196	24	RW	None	2021-01-21 00:00:00	2021-04-21 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Sourcefire (IP=196,CN)
106.55.30.82	24	BMP	None	2021-08-07 00:00:00	2021-11-05 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=82,CN)
106.55.45.75	32	FT	None	2021-01-02 00:00:00	2021-04-02 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - 6hr Web attacks (IP=75,CN)
106.55.7.134	24	BMP	None	2021-02-23 00:00:00	2021-05-24 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6hr Failed Logons (IP=134,CN)
106.58.210.13	24	BMP	None	2021-04-11 00:00:00	2021-07-10 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=13,CN)
106.72.37.65	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	JP TO-S-2020-0535 Malicious Email Activity
106.75.137.63	24	DT	None	2020-12-29 00:00:00	2021-03-29 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=63,CN)
106.75.14.76	24	EE	None	2021-04-02 00:00:00	2021-07-01 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt (1:51395:1) - SourceFire (IP=76,CN)
106.75.218.37	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=37,CN)
106.75.233.98	24	EE	None	2021-03-28 00:00:00	2021-06-26 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=98,CN)
106.75.253.181	24	RR	None	2021-03-23 00:00:00	2021-06-21 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) -SourceFire (IP=181,CN)
106.75.254.160	24	RW	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Sourcefire (IP=160,CN)
106.75.32.254	24	DT	None	2020-08-19 00:00:00	2021-09-03 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - SourceFire (IP=254,CN) | updated by RB Block was inactive. Reactivated on 20210605 with reason SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - 6hr web attacks (IP=254,CN)
106.75.62.241	24	RB	None	2021-03-09 00:00:00	2021-06-07 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=241,CN)
106.75.84.197	24	ABC	None	2019-01-08 06:00:00	2021-04-30 00:00:00	None	Generic ArcSight scan attempt (IP=197,China) | updated by EE Block was inactive. Reactivated on 20210131 with reason INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SoureFire (IP=197, CN)
106.75.94.187	24	EE	None	2021-04-02 00:00:00	2021-07-01 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=187,CN)
106.75.98.16	24	RB	None	2021-04-01 00:00:00	2021-06-30 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr web attacks (IP=16,CN)
106.75.99.14	24	BMP	None	2021-03-07 00:00:00	2021-06-07 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=14,CN)
106.87.157.161	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=161,CN)
106.87.157.161	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=161,CN)
107.127.0.6	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=6,US)
107.127.35.46	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=46,US)
107.127.35.85	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=85,US)
107.127.7.131	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=131,US)
107.131.142.23	32	dbc	None	2020-06-08 00:00:00	2021-06-08 00:00:00	None	US TO-S-2020-0592 Malware Activity
107.131.212.118	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=118,US)
107.142.46.59	32	BMP	None	2021-06-02 00:00:00	2021-08-31 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt (1:48837:6) - SourceFire (IP=59,US)
107.148.200.139	32	wmp	None	2020-08-20 00:00:00	2021-10-08 00:00:00	None	HIVE Case #3630 CTO-20-231 (IP=139,US) | updated by dbc Block expiration extended with reason HIVE Case #4064 TO-S-2020-0859 (IP=139,US)
107.148.200.38	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	US TO-S-2020-0750 Malicious Email Activity
107.150.10.157	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=157,US)
107.150.11.103	32	TLM	None	2021-06-17 00:00:00	2021-12-17 00:00:00	None	HIVE Case #5644 TO-S-2021-1352 (IP=103,US)
107.150.11.106	32	TLM	None	2021-06-10 00:00:00	2021-12-10 00:00:00	None	HIVE CASE #5606 TO-S-2021-1338
107.150.121.0	24	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	HK Hive Case 4187 TO-S-2021-0898 Malicious Web Application Activity
107.150.22.133	32	dbc	None	2020-09-23 00:00:00	2021-09-23 00:00:00	None	US TO-S-2020-0826 Hive Case 3950 Malicious Email Activity
107.150.27.91	32	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	US TO-S-2020-0315 Malware Activity
107.150.4.55	32	TLM	None	2021-06-10 00:00:00	2021-12-10 00:00:00	None	HIVE CASE #5606 TO-S-2021-1338
107.151.182.54	32	BMP	None	2021-03-31 00:00:00	2021-06-30 00:00:00	None	HTTP: Microsoft Windows HTTP.sys Remote Code Execution (CVE-2015-1635) - TT# 21C00911 (IP=54,US)
107.151.197.11	32	RW	None	2020-11-19 00:00:00	2021-02-19 00:00:00	None	Hello Peppa Scan - Fireeye IPS (IP=11,US)
107.152.109.167	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	US TO-S-2020-0698 Malicious Email Activity
107.152.25.197	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malicious Email Activity
107.152.33.207	32	TLM	None	2021-06-14 00:00:00	2021-12-14 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=207,US)
107.152.41.160	32	CR	None	2021-04-28 00:00:00	2021-07-27 00:00:00	None	Webmin CVE-2019-15107 Vulnerability Check_IPS EVent (IP=160,US)
107.152.41.160	32	CR	None	2021-04-28 00:00:00	2021-07-27 00:00:00	None	Webmin CVE-2019-15107 Vulnerability Check_IPS EVent (IP=160,US)
107.152.46.87	32	CR	None	2021-05-30 00:00:00	2021-08-28 00:00:00	None	SQL injection - Web Attacks (IP=87,US)
107.152.47.130	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=130,US)
107.154.159.157	32	dbc	None	2020-01-08 00:00:00	2021-01-08 00:00:00	None	US TO-S-2020-0236 Malicious Email Activity
107.158.194.18	32	RW	None	2021-02-09 00:00:00	2021-05-09 00:00:00	None	OPT Denial of Servie - McAfee IPS (IP=18,US)
107.158.194.18	32	wmp	None	2021-02-09 00:00:00	2021-05-09 00:00:00	None	Firepower Suspicious Scan Activity (IP=18,US)
107.161.191.122	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
107.161.30.122	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malware Activity
107.164.17.192	32	KD	None	2021-07-23 00:00:00	2021-10-23 00:00:00	None	INDICATOR-OBFUSCATION javascript with hex variable names - TT# 21C01475(IP=192,US)
107.167.82.131	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	US TO-S-2020-0493 Malware Activity
107.170.192.34	32	ABC	None	2018-03-29 05:00:00	2021-02-14 00:00:00	None	Generic ArcSight scan attempt (IP=34,US) | updated by dbc Block was inactive. Reactivated on 20200214 with reason US TO-S-2020-0298 Malicious Email Activity
107.170.199.11	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	US TO-S-2020-0298 Malicious Email Activity
107.170.203.160	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	US TO-S-2020-0298 Malicious Email Activity
107.170.204.82	32	RB	None	2019-11-02 00:00:00	2021-02-14 00:00:00	None	Unauthorized Access-Probe/UDP: Host Sweep - TT# 20C00792 (IP=82,US) | updated by dbc Block was inactive. Reactivated on 20200214 with reason US TO-S-2020-0298 Malicious Email Activity
107.170.23.212	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
107.170.233.150	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	US TO-S-2020-0493 Malware Activity
107.170.238.214	32	CR	None	2019-07-24 00:00:00	2021-02-20 00:00:00	None	Unauthorized Access-Probe - TT# 19C02643 (IP=214,US) | updated by dbc Block was inactive. Reactivated on 20200220 with reason US TO-S-2020-0303 Malicious Email Activity
107.172.193.199	32	TLM	None	2021-07-29 00:00:00	2021-10-27 00:00:00	None	HIVE Case #5884 TO-S-2021-1435 (IP=199,US)
107.172.201.10	32	jkc	None	2021-04-21 00:00:00	2021-10-21 00:00:00	None	Case # 5273 IOC_TO-S-2021-1233 Malicious callback IP
107.172.221.106	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	US TO-S-2020-0750 Malicious Email Activity
107.172.83.113	32	NAB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HIVE Case #5136 TO-S-21-1197 TO-S-21-1197.01 (IP=113,US)
107.172.93.38	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	US TO-S-2020-0331 Malicious Email Activity
107.172.93.41	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	US TO-S-2020-0698 Malicious Email Activity
107.173.122.201	32	EE	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire (IP=201,US)
107.173.148.188	32	RW	None	2021-05-02 00:00:00	2021-08-02 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=188,US)
107.173.148.66	32	CR	None	2021-05-29 00:00:00	2021-08-27 00:00:00	None	SQL injection - 6hr Web Attacks (IP=66,US)
107.173.157.251	32	RW	None	2021-05-08 00:00:00	2021-08-08 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attemp - Sourcefire (IP=251,US)
107.173.34.21	32	TLM	None	2021-06-17 00:00:00	2021-12-17 00:00:00	None	HIVE Case #5644 TO-S-2021-1352 (IP=21,US)
107.173.34.213	32	TLM	None	2021-06-10 00:00:00	2021-12-10 00:00:00	None	HIVE CASE #5606 TO-S-2021-1338
107.173.42.142	32	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	US TO-S-2020-0315 Malware Activity
107.174.244.119	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
107.174.247.10	32	CR	None	2021-05-04 00:00:00	2021-08-04 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt_Sourcefire (IP=10,US)
107.174.250.11	32	GL	None	2020-08-04 00:00:00	2021-09-17 00:00:00	None	HIVE Case #3466 CTO-20-211 JFHQ-DODIN (IP=11,US) | updated by dbc Block expiration extended with reason US TO-S-2020-0805 Malicious Web Application Activity
107.175.0.102	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=102,US)
107.175.154.11	32	NAB	None	2020-10-30 00:00:00	2021-01-28 00:00:00	None	HIVE Case #4238 COLS-NA-TIP-20-0344 (IP=11,US)
107.175.178.5	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	US TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
107.175.189.224	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	US TO-S-2020-0493 Malware Activity
107.175.33.177	32	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	US TO-S-2020-0315 Malicious Email Activity
107.175.44.64	32	BMP	None	2021-05-05 00:00:00	2021-08-03 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire (IP=64,US)
107.175.49.52	32	RW	None	2021-05-08 00:00:00	2021-08-08 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=52,US)
107.175.64.209	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malicious Email Activity
107.175.69.107	32	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5629 TO-S-2021-1303 (IP=107,US)
107.175.69.107	32	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5629 TO-S-2021-1303 (IP=107,US)
107.175.8.76	32	FT	None	2020-11-23 00:00:00	2021-02-23 00:00:00	None	Unauthorized Access-Probe/UDP: Host Sweep - TT# 21C00257 (IP=76,US)
107.175.95.122	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
107.180.0.10	32	wmp	None	2020-09-24 00:00:00	2021-10-29 00:00:00	None	HIVE Case #3974 COLS-NA-TIP-20-0301 (IP=10,US) | updated by dbc Block expiration extended with reason US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
107.180.0.182	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	US TO-S-2020-0750 Malicious Email Activity
107.180.0.191	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
107.180.0.210	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	US Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
107.180.1.15	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	US TO-S-2020-0698 Malicious Email Activity
107.180.1.207	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	US Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
107.180.1.214	32	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	US TO-S-2020-0838 Malicious Email Activity
107.180.102.118	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
107.180.106.136	32	RW	None	2021-03-10 00:00:00	2021-06-10 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=136,US)
107.180.109.14	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	US TO-S-2020-0303 Malicious Web Application Activity
107.180.109.31	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
107.180.109.53	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
107.180.11.215	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	US TO-S-2021-0949 Hive Case 4363 Malicious Email Activity
107.180.111.52	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	US TO-S-2020-0493 Malware Activity
107.180.111.64	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	US TO-S-2020-0493 Malware Activity
107.180.12.114	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=114,US)
107.180.12.180	32	kmw	None	2020-01-02 00:00:00	2021-01-02 00:00:00	None	US TO-S-2020-0228 Malicious Email Activity
107.180.12.36	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	US Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
107.180.120.3	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	US TO-S-2020-0493 Malware Activity
107.180.120.7	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	US TO-S-2020-0493 Malware Activity
107.180.121.16	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
107.180.122.23	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	US TO-S-2020-0303 Malicious Web Application Activity
107.180.122.26	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	US TO-S-2020-0303 Malicious Web Application Activity
107.180.126.249	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	US Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
107.180.127.126	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
107.180.13.125	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	US TO-S-2020-0698 Malicious Email Activity
107.180.14.67	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
107.180.2.144	32	dbc	None	2020-06-08 00:00:00	2021-06-08 00:00:00	None	US TO-S-2020-0592 Malware Activity
107.180.2.182	32	dbc	None	2020-04-08 00:00:00	2021-04-08 00:00:00	None	US TO-S-2020-0419 Malicious Email Activity
107.180.2.211	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
107.180.2.51	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=51,US)
107.180.21.16	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
107.180.21.20	32	dbc	None	2020-09-23 00:00:00	2021-09-23 00:00:00	None	US TO-S-2020-0826 Hive Case 3950 Malicious Email Activity
107.180.21.23	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
107.180.235.105	32	NAB	None	2020-10-30 00:00:00	2021-01-28 00:00:00	None	HIVE Case #4238 COLS-NA-TIP-20-0344 (IP=105,US)
107.180.25.127	32	kmw	None	2020-01-02 00:00:00	2021-01-02 00:00:00	None	US TO-S-2020-0228 Malicious Email Activity
107.180.25.128	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
107.180.25.211	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	Unaffiliated TO-S-2020-0535 Malicious Email Activity
107.180.25.212	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	US TO-S-2020-0331 Malicious Email Activity
107.180.26.179	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	US Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
107.180.26.90	32	NAB	None	2021-01-07 00:00:00	2021-04-07 00:00:00	None	HIVE Case #NA FP Security (IP=90,US)
107.180.27.156	32	dbc	None	2020-06-08 00:00:00	2021-06-08 00:00:00	None	US TO-S-2020-0592 Malware Activity
107.180.27.234	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	US TO-S-2020-0750 Malicious Email Activity
107.180.28.113	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	US TO-S-2020-0698 Malicious Email Activity
107.180.28.146	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	US TO-S-2020-0750 Malicious Email Activity
107.180.28.184	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
107.180.28.42	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=42,US)
107.180.3.157	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	US TO-S-2020-0698 Malware Activity
107.180.3.185	32	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5629 TO-S-2021-1303 (IP=185,US)
107.180.3.185	32	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5629 TO-S-2021-1303 (IP=185,US)
107.180.3.49	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
107.180.32.152	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
107.180.34.198	32	NAB	None	2021-01-07 00:00:00	2021-04-08 00:00:00	None	HIVE Case #NA FP Security (IP=198,US) | updated by NAB Block expiration extended with reason HIVE Case #NA FP Security (IP=198,US)
107.180.36.102	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	US TO-S-2020-0331 Malicious Email Activity
107.180.4.100	32	wmp	None	2020-08-20 00:00:00	2021-10-08 00:00:00	None	HIVE Case #3601 COLS-NA-TIP-20-0260 (IP=100,US) | updated by dbc Block expiration extended with reason HIVE Case #4064 TO-S-2020-0859 (IP=100,US)
107.180.4.119	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	US TO-S-2020-0750 Malicious Email Activity
107.180.4.19	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	US TO-S-2020-0750 Malicious Email Activity
107.180.4.221	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=221,US)
107.180.40.120	32	TLM	None	2021-07-29 00:00:00	2021-10-27 00:00:00	None	HIVE Case #5884 TO-S-2021-1435 (IP=120,US)
107.180.40.68	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	US TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
107.180.41.152	32	dbc	None	2020-06-08 00:00:00	2021-06-08 00:00:00	None	Unafiliated TO-S-2020-0592 Malicious Email Activity
107.180.41.168	32	dbc	None	2020-06-10 00:00:00	2021-06-10 00:00:00	None	Unaffiliated TO-S-2020-0601 Malicious Email Activity
107.180.41.38	32	dbc	None	2020-09-01 00:00:00	2021-09-01 00:00:00	None	US HIVE Case #3744 TO-S-2020-0772 Malicious Email Activity
107.180.41.50	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	US TO-S-2020-0698 Malicious Email Activity
107.180.41.88	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	US TO-S-2020-0535 Malicious Email Activity
107.180.41.89	32	NAB	None	2020-10-30 00:00:00	2021-01-28 00:00:00	None	HIVE Case #4238 COLS-NA-TIP-20-0344 (IP=89,US)
107.180.41.90	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	US TO-S-2020-0698 Malicious Email Activity
107.180.43.132	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	US TO-S-2020-0698 Malicious Email Activity
107.180.46.151	32	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5629 TO-S-2021-1303 (IP=151,US)
107.180.46.151	32	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5629 TO-S-2021-1303 (IP=151,US)
107.180.46.246	32	dbc	None	2020-09-17 00:00:00	2021-09-17 00:00:00	None	US TO-S-2020-0805 Malicious Email Activity
107.180.47.3	32	wmp	None	2020-08-26 00:00:00	2021-10-08 00:00:00	None	HIVE Case #3650 COLS-NA-TIP-20-0271 (IP=3,US) | updated by dbc Block expiration extended with reason HIVE Case #4064 TO-S-2020-0859 (IP=3,US)
107.180.47.4	32	wmp	None	2020-09-25 00:00:00	2021-10-29 00:00:00	None	HIVE Case #3980 COLS-NA-TIP-20-0305 (IP=4,US) | updated by dbc Block expiration extended with reason US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
107.180.48.109	32	wmp	None	2020-08-24 00:00:00	2021-10-08 00:00:00	None	HIVE Case #3604 COLS-NA-TIP-20-0262 (IP=109,US) | updated by dbc Block expiration extended with reason HIVE Case #4064 TO-S-2020-0859 (IP=109,US)
107.180.48.28	32	dbc	None	2020-07-29 00:00:00	2021-11-22 00:00:00	None	US TO-S-2020-0698 Malicious Email Activity | updated by GL Block was inactive. Reactivated on 20210824 with reason HIVE Case #6053 Possible Phishing Email (IP=28,US) HIVE Case #6053 Possible Phishing Email (IP=28,US)
107.180.48.28	32	GL	None	2021-08-24 00:00:00	2021-11-22 00:00:00	None	US TO-S-2020-0698 Malicious Email Activity | updated by GL Block was inactive. Reactivated on 20210824 with reason HIVE Case #6053 Possible Phishing Email (IP=28,US) HIVE Case #6053 Possible Phishing Email (IP=28,US)
107.180.48.68	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=68,US)
107.180.50.182	32	kmw	None	2020-01-02 00:00:00	2021-01-02 00:00:00	None	US TO-S-2020-0228 Malicious Email Activity
107.180.50.211	32	dbc	None	2020-06-08 00:00:00	2021-06-08 00:00:00	None	US TO-S-2020-0592 Malicious Email Activity
107.180.50.220	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
107.180.51.1	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=1,US)
107.180.51.18	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
107.180.51.230	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=230,US)
107.180.51.241	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	US TO-S-2020-0698 Malicious Email Activity
107.180.51.28	32	wmp	None	2020-09-16 00:00:00	2021-10-29 00:00:00	None	HIVE Case #3909 COLS-NA-TIP-20-0296 (IP=28,US) | updated by dbc Block expiration extended with reason US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
107.180.51.33	32	NAB	None	2021-01-29 00:00:00	2021-04-29 00:00:00	None	HIVE Case #NA FP Security (IP=33,US)
107.180.51.43	32	NAB	None	2021-01-11 00:00:00	2021-04-11 00:00:00	None	HIVE Case #NA FP Security (IP=43,US)
107.180.54.176	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	US TO-S-2020-0535 Malicious Email Activity
107.180.54.236	32	NAB	None	2021-04-05 00:00:00	2021-07-04 00:00:00	None	HIVE Case #5201 TO-S-21-1209 (IP=236,US)
107.180.54.251	32	dbc	None	2020-06-10 00:00:00	2021-06-10 00:00:00	None	Unaffiliated TO-S-2020-0601 Malicious Email Activity
107.180.54.253	32	NAB	None	2021-03-03 00:00:00	2021-06-01 00:00:00	None	HIVE Case #NA FP Security (IP=253,US)
107.180.55.19	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	US TO-S-2020-0698 Malicious Email Activity
107.180.55.21	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	US TO-S-2020-0698 Malicious Email Activity
107.180.56.152	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	US TO-S-2020-0331 Malware Activity
107.180.56.177	32	kmw	None	2020-01-02 00:00:00	2021-01-02 00:00:00	None	US TO-S-2020-0228 Malicious Email Activity
107.180.56.181	32	kmw	None	2020-01-02 00:00:00	2021-01-02 00:00:00	None	US TO-S-2020-0228 Malicious Email Activity
107.180.57.58	32	dbc	None	2020-09-17 00:00:00	2021-09-17 00:00:00	None	US TO-S-2020-0805 Malicious Email Activity
107.180.58.64	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	US TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
107.180.58.74	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	US TO-S-2020-0331 Malicious Email Activity
107.180.76.159	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
107.180.78.1	32	RB	None	2019-06-22 00:00:00	2021-02-14 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt_Sourcefire (IP=1 US) | updated by dbc Block was inactive. Reactivated on 20200214 with reason US TO-S-2020-0298 Malicious Email Activity
107.180.90.126	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	US TO-S-2021-1007 Malware Activity
107.180.93.249	32	dbc	None	2020-09-23 00:00:00	2021-09-23 00:00:00	None	US TO-S-2020-0826 Hive Case 3950 Malicious Email Activity
107.180.97.189	32	RW	None	2019-11-14 00:00:00	2021-02-20 00:00:00	None	SQL HTTP URI blind injection attempt - 6hr web attacks (IP=189,US) | updated by dbc Block was inactive. Reactivated on 20200220 with reason US TO-S-2020-0303 Malicious Web Application Activity
107.181.175.122	32	RR	None	2021-07-06 00:00:00	2021-10-06 00:00:00	None	Potential BOT - Outbound Traffic (IP=122,US)
107.181.189.80	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	CA TO-S-2020-0493 Malware Activity
107.181.189.82	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	CA TO-S-2021-0876 Hive Case 4166 Malicious Web Application Activity
107.182.183.206	32	DT	None	2021-03-14 00:00:00	2021-06-14 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Web Attacks (IP=206,US)
107.182.236.107	32	TLM	None	2021-07-29 00:00:00	2021-10-27 00:00:00	None	HIVE Case #5884 TO-S-2021-1435 (IP=107,US)
107.185.211.16	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malware Activity
107.187.147.54	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=54,US)
107.189.1.122	24	DT	None	2021-06-18 00:00:00	2021-09-16 00:00:00	None	SQL use of concat function with select - likely SQL injection (1:24172:2) - Source Fire (IP=122,LU)
107.189.1.122	24	DT	None	2021-06-18 00:00:00	2021-09-16 00:00:00	None	SQL injection - Web Attacks (IP=122,LU)
107.189.10.119	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	US TO-S-2021-1007 Malware Activity
107.189.10.150	32	RW	None	2021-07-05 00:00:00	2021-10-03 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt (1:28556:3) - Sourcefire (IP=150,US)
107.189.28.106	24	KH	None	2021-07-07 00:00:00	2021-10-05 00:00:00	None	SQL injection - 6 hr web attacks (IP=106,LU)
107.189.3.104	24	SW	None	2021-09-13 00:00:00	2021-12-12 00:00:00	None	SERVER-WEBAPP F5 BIG-IP Traffic Management User Interface remote code execution attempt (1:54484:2) - Source Fire (IP=104,LU) | updated by SW Block expiration extended with reason ColdFusion Error Reporting TT# 21C01839 (IP=107,LU) ColdFusion Error Reporting TT# 21C01839 (IP=107,LU)
107.189.3.104	24	DT	None	2021-06-18 00:00:00	2021-12-12 00:00:00	None	SERVER-WEBAPP F5 BIG-IP Traffic Management User Interface remote code execution attempt (1:54484:2) - Source Fire (IP=104,LU) | updated by SW Block expiration extended with reason ColdFusion Error Reporting TT# 21C01839 (IP=107,LU) ColdFusion Error Reporting TT# 21C01839 (IP=107,LU)
107.189.3.104	24	DT	None	2021-06-18 00:00:00	2021-12-12 00:00:00	None	SERVER-WEBAPP F5 BIG-IP Traffic Management User Interface remote code execution attempt (1:54484:2) - Source Fire (IP=104,LU) | updated by SW Block expiration extended with reason ColdFusion Error Reporting TT# 21C01839 (IP=107,LU) ColdFusion Error Reporting TT# 21C01839 (IP=107,LU)
107.189.30.232	24	RR	None	2021-06-20 00:00:00	2021-09-18 00:00:00	None	SERVER-WEBAPP Microsoft Exchange Server server side request forgery attempt - SourceFire (IP=232,LX)
107.189.30.232	24	RR	None	2021-06-20 00:00:00	2021-09-18 00:00:00	None	SERVER-WEBAPP Microsoft Exchange Server server side request forgery attempt - SourceFire (IP=232,LX) SERVER-WEBAPP Microsoft Exchange Server server side request forgery attempt - SourceFire (IP=232,LX)
107.189.30.27	24	RT	None	2021-05-27 00:00:00	2021-08-25 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt - Sourcefire Report (IP=27,LU)
107.189.31.29	32	BMP	None	2021-05-13 00:00:00	2021-12-02 00:00:00	None	HTTP: Adobe ColdFusion Directory Traversal Information Disclosure Vulnerability - 6hr Web Attacks (IP=29,US) | updated by RB Block was inactive. Reactivated on 20210903 with reason Self-Report / ColdFusion errors - TT# 21C01751 (IP=29,US) Self-Report / ColdFusion errors - TT# 21C01751 (IP=29,US)
107.189.31.29	32	BMP	None	2021-05-13 00:00:00	2021-12-02 00:00:00	None	HTTP: Adobe ColdFusion Directory Traversal Information Disclosure Vulnerability - 6hr Web Attacks (IP=29,US) | updated by RB Block was inactive. Reactivated on 20210903 with reason Self-Report / ColdFusion errors - TT# 21C01751 (IP=29,US) Self-Report / ColdFusion errors - TT# 21C01751 (IP=29,US)
107.189.31.29	24	RR	None	2021-05-23 00:00:00	2021-08-21 00:00:00	None	SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0917 attack attempt (3:51924:1) Sourcefire (IP=29,LU) | updated by RR Block expiration extended with reason SERVER-WEBAPP VMware vRealize Operations Manager SSRF attempt - SourceFire (IP=29,LX) SERVER-WEBAPP VMwar
107.189.31.29	32	RB	None	2021-09-03 00:00:00	2021-12-02 00:00:00	None	HTTP: Adobe ColdFusion Directory Traversal Information Disclosure Vulnerability - 6hr Web Attacks (IP=29,US) | updated by RB Block was inactive. Reactivated on 20210903 with reason Self-Report / ColdFusion errors - TT# 21C01751 (IP=29,US) Self-Report / ColdFusion errors - TT# 21C01751 (IP=29,US)
107.189.31.29	24	EE	None	2021-04-13 00:00:00	2021-08-21 00:00:00	None	SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0917 attack attempt (3:51924:1) Sourcefire (IP=29,LU) | updated by RR Block expiration extended with reason SERVER-WEBAPP VMware vRealize Operations Manager SSRF attempt - SourceFire (IP=29,LX) SERVER-WEBAPP VMwar
107.189.4.6	24	UA	None	2021-06-22 00:00:00	2021-09-22 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt (IP=6,LU)
107.189.4.6	24	UA	None	2021-06-22 00:00:00	2021-09-22 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt - Source Fire (IP=6,LU)
107.189.7.98	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	LU TO-S-2020-0459 Malware Activity
107.189.8.77	24	DT	None	2021-06-18 00:00:00	2021-09-16 00:00:00	None	POLICY-OTHER SAP NetWeaver AS LM Configuration Wizard access detected (1:54573:2) - Source Fire (IP=77,LU)
107.189.8.77	32	DT	None	2021-06-18 00:00:00	2021-09-16 00:00:00	None	SQL injection - Web Attacks (IP=77,US)
107.190.132.210	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
107.20.163.38	32	AR	None	2021-06-25 00:00:00	2021-09-23 00:00:00	None	INDICATOR-OBFUSCATION javascript with hex variable names - TT# 21C01368 (IP=38,US)
107.20.19.249	32	DT	None	2021-09-12 00:00:00	2021-12-11 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - Source Fire (IP=249,US)
107.20.41.239	32	RW	None	2021-07-05 00:00:00	2021-10-03 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire (IP=239,US)
107.20.56.157	32	SW	None	2021-08-01 00:00:00	2021-10-30 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - SourceFire (IP=157, US)
107.202.203.250	32	UA	None	2021-07-21 00:00:00	2021-10-19 00:00:00	None	SQL injection - 6 hour web attacks (IP=250,US)
107.21.121.30	32	GM	None	2020-10-29 00:00:00	2021-01-29 00:00:00	None	SERVER-WEBAPP JBoss web console access attempt - Sourcefire (IP=130,US)
107.21.169.194	32	BMP	None	2021-01-04 00:00:00	2021-04-04 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - SourceFire (IP=194,US)
107.21.170.147	32	RW	None	2021-07-08 00:00:00	2021-10-06 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire (IP=147,US)
107.21.18.20	32	RW	None	2021-09-23 00:00:00	2021-12-22 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=20,US)
107.21.31.202	32	BMP	None	2021-08-08 00:00:00	2021-11-06 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=202,US)
107.21.42.240	32	RW	None	2021-09-20 00:00:00	2021-12-19 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire (IP=240,US)
107.21.55.77	32	BMP	None	2021-05-03 00:00:00	2021-08-01 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=77,US)
107.21.82.183	32	ZH	None	2021-06-28 00:00:00	2021-09-26 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire Rpt (IP=183,US)
107.219.169.126	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=126,US)
107.22.120.165	32	ZH	None	2021-07-04 00:00:00	2021-10-02 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire Rpt (IP=165,US)
107.22.178.157	32	tjh	None	2016-04-11 05:00:00	2021-05-21 00:00:00	None	US TO-S-2016-0507 | unblocked - IP hosts multiple .edu and .org sites
107.220.160.143	24	CR	None	2020-12-29 00:00:00	2021-01-13 00:00:00	None	SERVER-OTHER Cisco IOS invalid IKE fragment length memory corruption or exhaustion attempt - Sourcefire (IP=143,US) | Unblock - Caused outage - INC000008112452 - False positive signature
107.23.208.235	32	RW	None	2021-05-20 00:00:00	2021-08-19 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=235,US)
107.23.252.39	32	ZH	None	2021-07-03 00:00:00	2021-10-01 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - Sourcefire Rpt (IP=39,US)
107.23.81.109	32	PS	None	2021-06-03 00:00:00	2021-09-01 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (1:45200:2) (IP=109,US)
107.23.81.109	32	PS	None	2021-06-03 00:00:00	2021-09-01 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (1:45200:2) (IP=109,US)
107.6.141.50	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	NL TO-S-2020-0750 Malicious Email Activity
107.6.154.230	32	dbc	None	2020-05-13 00:00:00	2021-05-13 00:00:00	None	Unaffiliated TO-S-2020-0503 Malicious Email Activity
107.6.162.34	24	GM	None	2020-12-25 00:00:00	2021-03-25 00:00:00	None	SSLv2 Client Hello Request Detected - FireEye CMS (IP=34,NL)
107.6.168.210	24	GM	None	2020-12-08 00:00:00	2021-03-08 00:00:00	None	SSLv2 Client Hello Request Detected - FireEye CMS (IP=210,NL)
107.6.169.251	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	NL TO-S-2020-0459 Malicious Email Activity
107.6.169.253	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	NL TO-S-2020-0459 Malicious Email Activity
107.6.169.254	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	NL TO-S-2020-0459 Malicious Email Activity
107.6.171.130	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	NL TO-S-2020-0459 Malicious Email Activity
107.6.171.131	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	NL TO-S-2020-0459 Malicious Email Activity
107.6.171.132	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	NL TO-S-2020-0459 Malicious Email Activity
107.6.171.133	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	NL TO-S-2020-0459 Malicious Email Activity
107.6.171.186	24	GM	None	2020-12-25 00:00:00	2021-09-16 00:00:00	None	Generic URI Injection wget Attempt - Web Attacks (IP=186,NL) | updated by RT Block was inactive. Reactivated on 20210618 with reason Malicious Activity - TT# 21C01336 (IP=186,NL) Malicious Activity - TT# 21C01336 (IP=186,NL)
107.6.171.186	24	RT	None	2021-06-18 00:00:00	2021-09-16 00:00:00	None	Generic URI Injection wget Attempt - Web Attacks (IP=186,NL) | updated by RT Block was inactive. Reactivated on 20210618 with reason Malicious Activity - TT# 21C01336 (IP=186,NL) Malicious Activity - TT# 21C01336 (IP=186,NL)
107.6.180.154	24	RT	None	2021-06-18 00:00:00	2021-09-16 00:00:00	None	SSLv2 Client Hello Request Detected - FireEye CMS (IP=154,NL) | updated by RT Block was inactive. Reactivated on 20210618 with reason Malicious Activity - TT# 21C01336 (IP=154,NL) Malicious Activity - TT# 21C01336 (IP=154,NL)
107.6.180.154	24	GM	None	2020-12-08 00:00:00	2021-09-16 00:00:00	None	SSLv2 Client Hello Request Detected - FireEye CMS (IP=154,NL) | updated by RT Block was inactive. Reactivated on 20210618 with reason Malicious Activity - TT# 21C01336 (IP=154,NL) Malicious Activity - TT# 21C01336 (IP=154,NL)
107.6.183.178	32	NAB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HIVE Case #5136 TO-S-21-1197 TO-S-21-1197.01 (IP=178,NL)
107.6.183.226	24	GM	None	2020-10-14 00:00:00	2021-01-14 00:00:00	None	SSLv2 Client Hello Request Detected - FireEye CMS (IP=226,NL)
107.77.169.54	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=54,US)
107.77.194.110	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=110,US)
107.77.195.4	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=4,US)
107.77.197.41	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=41,US)
107.77.198.131	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=131,US)
107.77.201.100	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=100,US)
107.77.202.190	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=190,US)
107.77.203.229	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=229,US)
107.77.205.110	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=110,US)
107.77.205.137	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=137,US)
107.77.205.149	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=149,US)
107.77.205.77	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=77,US)
107.77.205.92	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=92,US)
107.77.207.151	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=151,US)
107.77.208.57	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=57,US)
107.77.209.226	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=226,US)
107.77.210.137	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=137,US)
107.77.210.153	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=153,US)
107.77.216.155	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=155,US)
107.77.216.167	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=167,US)
107.77.216.90	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=90,US)
107.77.217.124	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=124,US)
107.77.218.25	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=25,US)
107.77.219.139	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=139,US)
107.77.219.38	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=38,US)
107.77.221.158	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=158,US)
107.77.221.81	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=81,US)
107.77.222.211	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=211,US)
107.77.222.76	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=76,US)
107.77.223.79	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=79,US)
107.77.225.227	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=227,US)
107.77.225.99	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=99,US)
107.77.228.82	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=82,US)
107.77.230.167	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=167,US)
107.77.230.7	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=7,US)
107.77.232.185	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=185,US)
107.77.232.70	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=70,US)
107.77.233.145	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=145,US)
107.77.234.59	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=59,US)
107.77.237.113	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=113,US)
107.77.85.87	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	MULTIPLE UNRECOGNIZED TECHNIQUES; FORWARD TO DEV TEAM (IP=87,US)
107gam.com	---	RKM	None	2020-06-23 00:00:00	2021-06-23 00:00:00	2023-01-19 22:41:43	Hive 2982
108.160.135.156	24	RR	None	2021-05-06 00:00:00	2021-08-04 00:00:00	None	SQL injection - Web Attacks (IP=156,JP)
108.161.133.125	32	wmp	None	2020-07-02 00:00:00	2021-09-01 00:00:00	None	HIVE Case #3190 COLS-NA-TIP-20-0200 (IP=125,US) | updated by dbc Block expiration extended with reason US HIVE Case #3744 TO-S-2020-0772 Malicious Email Activity
108.161.139.208	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
108.163.150.164	32	TLM	None	2021-07-29 00:00:00	2021-10-27 00:00:00	None	HIVE Case #5884 TO-S-2021-1435 (IP=164,CA)
108.163.220.2	32	GM	None	2020-12-27 00:00:00	2021-09-16 00:00:00	None	SSLv2 Client Hello Request Detected - FireEye CMS (IP=2,US) | updated by RT Block was inactive. Reactivated on 20210618 with reason Malicious Activity - TT# 21C01336 (IP=2,US)
108.163.237.178	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	US TO-S-2021-1007 Unknown Malicious Activity
108.166.194.73	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=73,US)
108.167.131.129	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	US TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
108.167.132.127	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
108.167.132.224	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
108.167.136.40	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=40,US)
108.167.141.129	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	US TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
108.167.141.194	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	US TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
108.167.143.109	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
108.167.143.114	32	TLM	None	2021-06-17 00:00:00	2021-12-17 00:00:00	None	HIVE Case #5644 TO-S-2021-1352 (IP=114,US)
108.167.146.148	32	dbc	None	2020-09-23 00:00:00	2021-09-23 00:00:00	None	US TO-S-2020-0826 Hive Case 3950 Malicious Email Activity
108.167.146.228	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	US TO-S-2020-0698 Malware Activity
108.167.146.232	32	dbc	None	2020-09-17 00:00:00	2021-09-17 00:00:00	None	US TO-S-2020-0805 Malicious Email Activity
108.167.149.250	32	wmp	None	2020-07-17 00:00:00	2021-09-17 00:00:00	None	HIVE Case #3353 TO-S-2020-0682 COLS-NA-TIP-20-0223 (IP=250,US) | updated by dbc Block expiration extended with reason US TO-S-2020-0805 Malicious Email Activity
108.167.158.241	32	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5637 TO-S-2021-1321 (IP=241,US)
108.167.158.95	32	NAB	None	2021-04-05 00:00:00	2021-07-04 00:00:00	None	HIVE Case #5201 TO-S-21-1209 (IP=95,US)
108.167.159.27	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	Unaffiliated TO-S-2020-0535 Malicious Email Activity
108.167.161.62	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	US TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
108.167.172.116	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=116,US)
108.167.172.132	32	NAB	None	2021-04-05 00:00:00	2021-07-04 00:00:00	None	HIVE Case #5201 TO-S-21-1209 (IP=132,US)
108.167.172.191	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	US TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
108.167.183.253	32	TLM	None	2021-06-17 00:00:00	2021-12-17 00:00:00	None	HIVE Case #5644 TO-S-2021-1352 (IP=253,US)
108.167.183.57	32	jkc	None	2021-04-21 00:00:00	2021-10-21 00:00:00	None	Case # 5273 IOC_TO-S-2021-1233 Malicious callback IP
108.167.187.34	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	US TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
108.167.188.227	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	US TO-S-2021-1007 Malicious Email Activity
108.167.188.41	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	US TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
108.167.189.56	32	dbc	None	2020-06-10 00:00:00	2021-06-10 00:00:00	None	Unaffiliated TO-S-2020-0601 Malicious Email Activity
108.17.53.55	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=55,US)
108.170.32.75	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=75,US)
108.171.167.39	32	dbc	None	2020-05-22 00:00:00	2021-05-27 00:00:00	None	Unafilliated TO-S-2020-0559 Malicious Email Activity | updated by dbc Block expiration extended with reason Unafilliated TO-S-2020-0559.01 Malicious Email Activity
108.174.10.10	32	dbc	None	2020-06-08 00:00:00	2021-06-08 00:00:00	None	Unafiliated TO-S-2020-0592 Malicious Email Activity
108.177.235.92	32	dbc	None	2020-09-17 00:00:00	2021-09-17 00:00:00	None	US TO-S-2020-0805 Malicious Web Application Activity
108.178.35.3	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
108.178.4.110	32	wmp	None	2020-08-25 00:00:00	2021-10-08 00:00:00	None	HIVE Case #3649 COLS-NA-TIP-20-0268 (IP=110,US) | updated by dbc Block expiration extended with reason HIVE Case #4064 TO-S-2020-0859 (IP=110,US)
108.179.192.224	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	US TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
108.179.193.124	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	Unaffiliated TO-S-2020-0535 Malicious Email Activity
108.179.193.83	32	NAB	None	2020-10-30 00:00:00	2021-01-28 00:00:00	None	HIVE Case #4238 COLS-NA-TIP-20-0344 (IP=83,US)
108.179.231.114	32	dbc	None	2020-04-08 00:00:00	2021-04-08 00:00:00	None	US TO-S-2020-0419 Malware Activity
108.179.231.115	32	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5629 TO-S-2021-1303 (IP=115,US)
108.179.243.236	32	wmp	None	2020-08-20 00:00:00	2021-10-08 00:00:00	None	HIVE Case #3601 COLS-NA-TIP-20-0260 (IP=236,US) | updated by dbc Block expiration extended with reason HIVE Case #4064 TO-S-2020-0859 (IP=236,US)
108.179.246.24	32	GLM	None	2017-03-18 05:00:00	2021-04-23 00:00:00	None	SQL 1 = 1 - possible sql injection attempt (IP=24,US) | updated by dbc Block was inactive. Reactivated on 20200423 with reason US TO-S-2020-0459 Malware Activity
108.179.246.86	32	NAB	None	2021-04-05 00:00:00	2021-07-04 00:00:00	None	HIVE Case #5201 TO-S-21-1209 (IP=86,US)
108.179.252.19	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	US TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
108.179.252.199	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
108.179.252.24	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	US TO-S-2020-0331 Malicious Email Activity
108.179.252.50	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=50,US)
108.179.253.23	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
108.184.193.30	32	RR	None	2021-08-20 00:00:00	2021-11-18 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Automated Block (IP=30,US)
108.188.148.173	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=173,US)
108.189.84.112	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=112,US)
108.191.74.12	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=12,US)
108.20.234.5	32	EE	None	2021-04-06 00:00:00	2021-07-05 00:00:00	None	SQL injection Web Attack (IP=5,US)
108.216.33.214	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=214,US)
108.248.181.23	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	US TO-S-2020-0298 Malicious Email Activity
108.4.142.64	32	ZH	None	2021-09-21 00:00:00	2021-12-20 00:00:00	None	Adobe ColdFusion Administrator Access Restriction - 6hr web attacks (IP=64,US)
108.48.22.102	32	dbc	None	2020-03-24 00:00:00	2021-03-24 00:00:00	None	US TO-S-2020-0369 Malware Activity
108.53.179.134	32	BMP	None	2021-06-02 00:00:00	2021-08-31 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - 6hr Web Attacks (IP=134,US)
108.59.9.27	32	TLM	None	2021-06-17 00:00:00	2021-12-17 00:00:00	None	HIVE Case #5644 TO-S-2021-1352 (IP=27,US)
108.60.201.32	32	BMP	None	2021-05-27 00:00:00	2021-08-25 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=32,US)
108.60.212.5	32	GM	None	2019-02-10 00:00:00	2021-04-23 00:00:00	None	SQL 1 = 1 - possible sql injection attempt (IP=5,US) | updated by dbc Block was inactive. Reactivated on 20200423 with reason US TO-S-2020-0459 Malware Activity
108.61.0.122	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	US TO-S-2021-1007 Malicious Email Activity
108.61.128.42	32	BMP	None	2021-02-13 00:00:00	2021-05-13 00:00:00	None	Unauthorized Access-Probe/UDP: Host Sweep - IR# 21C00493 (IP=42,US)
108.61.131.85	32	wmp	None	2020-09-03 00:00:00	2021-10-21 00:00:00	None	HIVE Case #3770 TO-S-2020-0779 COLS-NA-TIP-20-0280 (IP=85,US) | updated by dbc Block expiration extended with reason US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
108.61.201.105	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	JP Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
108.61.213.245	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	AU TO-S-2020-0303 Malicious Email Activity
108.62.118.232	32	NAB	None	2021-05-11 00:00:00	2021-11-11 00:00:00	None	HIVE Case #5422 DARKSIDE Ransomware (IP=232,US)
108.62.122.79	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	US TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
108.62.141.142	32	GL	None	2020-10-09 00:00:00	2021-01-07 00:00:00	None	HIVE Case #4099 CTO 2020-282 (IP=142,US)
108.63.242.130	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	CA Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
109.1.150.175	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	FR TO-S-2020-0331 Malicious Web Application Activity
109.104.151.108	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=108,AL)
109.104.151.109	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=109,AL)
109.104.78.189	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=189,DE)
109.105.79.46	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	RU TO-S-2020-0298 Malicious Email Activity
109.106.246.8	32	TLM	None	2021-06-10 00:00:00	2021-12-10 00:00:00	None	HIVE CASE #5606 TO-S-2021-1338
109.108.129.43	32	NAB	None	2021-04-16 00:00:00	2021-07-15 00:00:00	None	HIVE Case #NA FP Security (IP=43,GB)
109.109.117.11	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	NL Hive Case 4237 TO-S-2021-0910 Malicious Web Application Activity
109.11.128.0	19	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	RU Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
109.111.134.195	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	RU TO-S-2020-0303 Malicious Email Activity
109.115.40.139	24	KD	None	2021-09-05 00:00:00	2021-12-04 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt - Web Attacks (IP=139,IT)
109.116.117.241	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	IT TO-S-2020-0493 Malware Activity
109.116.214.124	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	IT TO-S-2021-0876 Hive Case 4166 Malware Activity
109.116.220.113	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	IT Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
109.116.251.66	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	IT Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
109.117.198.174	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	IT Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
109.12.230.243	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	FR TO-S-2020-0298 Malicious Email Activity
109.123.117.228	24	RT	None	2021-06-08 00:00:00	2021-09-06 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire Report (IP=228,UK)
109.123.75.100	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	GB Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
109.126.220.62	32	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5629 TO-S-2021-1303 (IP=62,RU)
109.130.146.132	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	BE TO-S-2020-0493 Malware Activity
109.131.119.246	24	RR	None	2020-10-22 00:00:00	2021-01-20 00:00:00	None	SERVER-WEBAPP Zeroshell Linux Router command injection attempt - Web Attacks (IP=246,BE)
109.160.87.92	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	BG TO-S-2020-0298 Malicious Email Activity
109.161.116.100	32	jkc	None	2020-06-26 00:00:00	2021-06-26 00:00:00	None	Case # 3146 - IOC_ CTO 20-172 malicious callback IP (ip= RU)
109.161.145.114	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	BH TO-S-2020-0331 Malicious Web Application Activity
109.166.159.170	24	RB	None	2021-03-18 00:00:00	2021-06-16 00:00:00	None	SERVER-WEBAPP JBoss admin-console access - Sourcefire (IP=170,RO)
109.167.148.85	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	RU TO-S-2020-0298 Malicious Email Activity
109.168.52.25	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	IT TO-S-2020-0331 Malicious Web Application Activity
109.169.15.73	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	GB TO-S-2020-0303 Malware Activity
109.169.217.143	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	RU TO-S-2020-0331 Malicious Web Application Activity
109.169.24.37	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	GB TO-S-2020-0698 Malicious Email Activity
109.169.79.27	32	dbc	None	2020-04-08 00:00:00	2021-04-08 00:00:00	None	GB TO-S-2020-0419 Malicious Email Activity
109.170.71.114	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	RU Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
109.172.174.130	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	GE TO-S-2020-0331 Malicious Web Application Activity
109.172.202.142	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	GE TO-S-2020-0331 Malicious Web Application Activity
109.173.167.11	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	PL TO-S-2020-0303 Malicious Email Activity
109.174.127.89	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	RU TO-S-2020-0331 Malicious Web Application Activity
109.177.64.0	20	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	AE Hive Case 4237 TO-S-2021-0910 Malware Activity
109.182.182.143	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	SI TO-S-2020-0331 Malicious Web Application Activity
109.183.192.154	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	US TO-S-2020-0303 Malicious Email Activity
109.184.191.66	32	jkc	None	2020-06-26 00:00:00	2021-06-26 00:00:00	None	Case # 3146 - IOC_ CTO 20-172 malicious callback IP (ip=66,RU)
109.184.253.201	32	jkc	None	2020-06-26 00:00:00	2021-06-26 00:00:00	None	Case # 3146 - IOC_ CTO 20-172 malicious callback IP (ip=201,RU)
109.190.207.247	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	FR TO-S-2020-0298 Malicious Email Activity
109.190.231.251	24	FT	None	2020-11-06 00:00:00	2021-02-05 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - 6hr Web Attacks (IP=251,FR)
109.193.128.177	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	DE TO-S-2020-0298 Malicious Email Activity
109.193.245.188	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	DE TO-S-2021-0876 Hive Case 4166 Malicious Web Application Activity
109.196.210.39	24	BMP	None	2020-10-01 00:00:00	2021-01-01 00:00:00	None	FTP Login Failed - 6hr Logons (IP=39,RU)
109.196.252.199	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	PL TO-S-2020-0298 Malicious Email Activity
109.199.92.184	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	PL TO-S-2020-0303 Malicious Email Activity
109.199.93.19	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	PL TO-S-2020-0331 Malicious Web Application Activity
109.201.135.34	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	NL TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
109.201.135.43	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	NL Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
109.201.135.65	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	NL Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
109.201.140.103	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=103,NL)
109.201.142.34	24	EE	None	2020-12-16 00:00:00	2021-03-16 00:00:00	None	PROTOCOL-DNS DNS query - SourceFire (IP=34, NL)
109.202.198.252	24	ZH	None	2021-05-26 00:00:00	2021-08-24 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - 6hr Web Attacks (IP=252,CH)
109.205.117.140	30	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	IQ TO-S-2020-0303 Malicious Email Activity
109.205.160.0	21	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	AZ Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
109.205.243.8	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	SK Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
109.206.172.192	32	GED	None	2020-12-04 00:00:00	2021-03-04 00:00:00	None	HIVE Case #NA FP CIO Policy (IP=192,NL)
109.206.178.54	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=54,NL)
109.206.246.108	24	BMP	None	2020-10-19 00:00:00	2021-01-18 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr Web Attacks (IP=108,DE) | updated by RR Block expiration extended with reason SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=108,CN)
109.207.192.0	20	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	UA Hive Case 4237 TO-S-2021-0910 Malware Activity
109.21.167.62	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	FR TO-S-2020-0459 Malware Activity
109.21.167.62	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	FR TO-S-2020-0459 Malware Activity
109.212.101.6	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	FR TO-S-2020-0459 Malware Activity
109.212.103.196	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	FR TO-S-2020-0459 Malware Activity
109.226.192.0	19	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5629 TO-S-2021-1303 (IP=0,RU)
109.226.217.73	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	RU TO-S-2020-0303 Malicious Email Activity
109.228.166.15	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	SE TO-S-2020-0750 Malicious Email Activity
109.228.198.107	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	TR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
109.228.39.35	24	DT	None	2021-03-14 00:00:00	2021-06-14 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=35,GB)
109.228.49.154	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	GB TO-S-2020-0698 Malicious Email Activity
109.228.52.83	24	RT	None	2021-07-23 00:00:00	2021-10-21 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6HR Web Attack (IP=83,UK)
109.228.57.144	24	ZH	None	2021-06-27 00:00:00	2021-09-25 00:00:00	None	SERVER-APACHE Apache Tomcat mod_jk access control bypass attempt (1:48381:1) - Sourcefire Rpt (IP=144,GB)
109.229.246.0	24	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	RU Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
109.230.199.0	24	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	SE Hive Case 4237 TO-S-2021-0910 Malicious Reconnaissance Activity
109.230.28.47	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	SK Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
109.232.104.0	21	dbc	None	2020-09-17 00:00:00	2021-09-17 00:00:00	None	RU TO-S-2020-0805 Malicious activity
109.232.216.184	32	dbc	None	2020-09-23 00:00:00	2021-09-23 00:00:00	None	TR TO-S-2020-0826 Hive Case 3950 Malicious Email Activity
109.232.216.234	32	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	TR TO-S-2020-0838 Malicious Email Activity
109.233.126.145	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	IT TO-S-2020-0459 Malware Activity
109.233.218.100	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	IT Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
109.234.160.30	32	NAB	None	2021-01-12 00:00:00	2021-04-12 00:00:00	None	HIVE Case #NA FP Security (IP=30,FR)
109.234.161.112	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	FR TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
109.234.161.21	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	FR Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
109.234.161.35	32	wmp	None	2020-08-20 00:00:00	2021-10-08 00:00:00	None	HIVE Case #3601 COLS-NA-TIP-20-0260 (IP=35,FR) | updated by dbc Block expiration extended with reason HIVE Case #4064 TO-S-2020-0859 (IP=35,FR)
109.234.162.70	32	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	FR TO-S-2020-0838 Malicious Email Activity
109.234.164.136	32	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	FR TO-S-2020-0838 Malicious Email Activity
109.234.164.138	32	dbc	None	2020-06-08 00:00:00	2021-06-08 00:00:00	None	FR TO-S-2020-0592 Malware Activity
109.234.164.75	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	FR TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
109.234.35.230	24	EBT	None	2020-04-21 00:00:00	2021-04-21 00:00:00	None	HIVE Case# 2609 COVID-19_IOCs (IP=230,NL)
109.234.38.61	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	Case # 3146 - IOC_ CTO 20-172 malicious callback IP (ip=61,RU)
109.234.38.61	32	jkc	None	2020-06-26 00:00:00	2021-06-26 00:00:00	None	Case # 3146 - IOC_ CTO 20-172 malicious callback IP (ip=61,RU)
109.235.16.39	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	ES TO-S-2020-0331 Malicious Web Application Activity
109.235.7.228	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=228,CZ)
109.236.35.0	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	AL TO-S-2020-0331 Malicious Web Application Activity
109.236.92.132	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	NL TO-S-2020-0459 Malware Activity
109.236.94.52	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	NL TO-S-2020-0459 Malware Activity
109.236.94.52	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	NL TO-S-2020-0459 Malware Activity
109.237.138.26	32	wmp	None	2020-09-16 00:00:00	2021-10-29 00:00:00	None	HIVE Case #3909 COLS-NA-TIP-20-0296 (IP=26,DE) | updated by dbc Block expiration extended with reason DE Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
109.238.80.0	20	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	RU TO-S-2020-0331 Malicious Web Application Activity
109.24.175.222	24	RR	None	2021-05-22 00:00:00	2021-08-20 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - Web Attacks (IP=222,FR)
109.242.126.125	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	GR TO-S-2020-0298 Malicious Email Activity
109.242.160.187	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	GR TO-S-2020-0298 Malicious Email Activity
109.242.228.82	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	GR TO-S-2020-0303 Malicious Email Activity
109.242.234.239	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	GR TO-S-2020-0303 Malicious Email Activity
109.242.235.183	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	GR TO-S-2020-0331 Malicious Web Application Activity
109.242.244.3	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	GR TO-S-2020-0303 Malicious Email Activity
109.248.203.82	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	HIVE Case #Firepower Firepower (IP=82,RU)
109.48.109.119	32	FT	None	2021-01-30 00:00:00	2021-04-30 00:00:00	None	No Authentication Required - 6hr Failed Logons (IP=119,PT)
109.66.30.150	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	IL TO-S-2020-0459 Malware Activity
109.68.120.0	21	TLM	None	2021-06-10 00:00:00	2021-12-10 00:00:00	None	HIVE CASE #5606 TO-S-2021-1338
109.70.100.31	24	RB	None	2021-05-15 00:00:00	2021-08-13 00:00:00	None	SQL injection - 6hr web attacks (IP=31,AT)
109.70.100.31	24	RB	None	2021-05-15 00:00:00	2021-08-13 00:00:00	None	SQL injection - 6hr web attacks (IP=31,AT) SQL injection - 6hr web attacks (IP=31,AT)
109.70.100.34	24	RB	None	2021-05-15 00:00:00	2021-08-13 00:00:00	None	SQL injection - 6hr web attacks (IP=34,AT)
109.70.100.35	24	RB	None	2021-05-15 00:00:00	2021-08-13 00:00:00	None	SQL injection - 6hr web attacks (IP=35,AT)
109.70.100.35	32	DT	None	2021-03-14 00:00:00	2021-06-14 00:00:00	None	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00678 (IP=35,AT)
109.70.100.35	32	DT	None	2021-03-14 00:00:00	2021-06-14 00:00:00	None	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00678 (IP=35,AT) HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00678 (IP=35,AT)
109.70.100.39	32	DT	None	2021-03-14 00:00:00	2021-06-14 00:00:00	None	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00678 (IP=39,DK)
109.70.100.39	32	DT	None	2021-03-14 00:00:00	2021-06-14 00:00:00	None	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00678 (IP=39,DK) HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00678 (IP=39,DK)
109.70.100.40	32	RW	None	2021-03-10 00:00:00	2021-06-10 00:00:00	None	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00664 (IP=40,AT)
109.70.100.44	32	DT	None	2021-03-14 00:00:00	2021-06-14 00:00:00	None	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00678 (IP=44,AT)
109.70.100.44	32	DT	None	2021-03-14 00:00:00	2021-06-14 00:00:00	None	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00678 (IP=44,AT) HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00678 (IP=44,AT)
109.70.100.49	32	DT	None	2021-03-14 00:00:00	2021-06-14 00:00:00	None	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00678 (IP=49,AT)
109.70.100.49	32	DT	None	2021-03-14 00:00:00	2021-06-14 00:00:00	None	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00678 (IP=49,AT) HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00678 (IP=49,AT)
109.70.100.57	24	EE	None	2021-03-10 00:00:00	2021-06-10 00:00:00	None	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00660 (IP=57,AT)
109.70.100.58	24	RB	None	2021-05-15 00:00:00	2021-08-13 00:00:00	None	SQL injection - 6hr web attacks (IP=58,AT)
109.71.43.204	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	PT TO-S-2020-0698 Malicious Email Activity
109.72.2.102	24	RB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr failed logons (IP=102,CZ)
109.72.224.0	20	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	RU TO-S-2020-0303 Malicious Email Activity
109.72.7.36	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	HIVE Case #Firepower Firepower (IP=36,CZ)
109.73.184.249	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	IT Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
109.73.185.62	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	IT TO-S-2020-0331 Malicious Web Application Activity
109.73.186.143	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	IT TO-S-2020-0331 Malicious Web Application Activity
109.73.240.0	21	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	PS Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
109.74.198.84	32	dbc	None	2020-04-08 00:00:00	2021-04-08 00:00:00	None	GB TO-S-2020-0419 Malware Activity
109.74.202.179	24	ZH	None	2021-07-05 00:00:00	2021-10-03 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire Rpt (IP=179,GB)
109.80.109.53	24	RW	None	2021-02-27 00:00:00	2021-05-27 00:00:00	None	Malicious IP - Hive Case #2974 (IP=53,CZ)
109.83.173.169	24	RB	None	2021-03-16 00:00:00	2021-06-16 00:00:00	None	SQL 1 = 1 - possible sql injection attempt - 6hr web attacks (IP=169,SA)
109.86.228.175	24	BMP	None	2021-09-03 00:00:00	2021-12-02 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt (1:19559:13) - SourceFire (IP=175, UA)
109.89.186.236	24	RW	None	2021-05-20 00:00:00	2021-08-19 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - 6 hr web attacks (IP=236,BE)
109.89.206.204	24	RT	None	2021-09-06 00:00:00	2021-12-05 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt - 6HR Web Attack (IP=204,BE)
109.92.186.112	24	KD	None	2021-06-02 00:00:00	2021-09-03 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - Web Attacks (IP=112,RS)
109.94.164.28	32	wmp	None	2021-04-27 00:00:00	2021-07-27 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=28,IR)
109.94.176.0	20	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	RU TO-S-2020-0303 Malicious Email Activity
109.94.209.109	32	wmp	None	2020-08-26 00:00:00	2021-10-08 00:00:00	None	HIVE Case #3650 COLS-NA-TIP-20-0271 (IP=109,EE) | updated by dbc Block expiration extended with reason HIVE Case #4064 TO-S-2020-0859 (IP=109,EE)
109.94.209.23	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	EE TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
109.94.233.16	24	BMP	None	2021-09-15 00:00:00	2021-12-14 00:00:00	None	SQL injection - WebAttacks (IP=16,RS)
109.95.202.75	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	PL TO-S-2020-0331 Malicious Web Application Activity
109.95.208.0	21	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	RU TO-S-2020-0698 Malicious Email Activity
109.99.37.97	24	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepwer Suspicious Scan Activity (IP=97,RO)
110.10.125.211	24	RR	None	2021-09-22 00:00:00	2021-12-21 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - SourceFire (IP=211,KR)
110.10.129.175	24	UA	None	2021-07-11 00:00:00	2021-10-09 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=175,KR) | updated by UA Block was inactive. Reactivated on 20210711 with reason HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=175,KR) HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=175,KR)
110.10.129.175	24	BMP	None	2021-03-13 00:00:00	2021-10-09 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=175,KR) | updated by UA Block was inactive. Reactivated on 20210711 with reason HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=175,KR) HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=175,KR)
110.136.0.0	14	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	ID TO-S-2020-0331 Malicious Web Application Activity
110.136.167.194	24	RR	None	2021-06-20 00:00:00	2021-09-18 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - SourceFire (IP=194,ID)
110.136.248.0	22	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	ID TO-S-2020-0298 Malicious Email Activity
110.136.58.72	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	ID TO-S-2020-0298 Malicious Email Activity
110.136.88.92	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	ID TO-S-2020-0298 Malicious Email Activity
110.137.130.152	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	ID TO-S-2020-0303 Malicious Email Activity
110.137.192.0	20	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	ID TO-S-2020-0298 Malicious Email Activity
110.137.80.146	24	RR	None	2021-06-06 00:00:00	2021-09-04 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - SourceFire (IP=146,ID)
110.137.99.203	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	ID TO-S-2020-0298 Malicious Email Activity
110.138.150.225	24	DT	None	2021-06-21 00:00:00	2021-09-19 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt (1:19559:13) - Source Fire (IP=225,ID)
110.138.150.225	24	RR	None	2021-06-21 00:00:00	2021-09-19 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - SourceFire (IP=225,ID)
110.138.212.158	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	ID TO-S-2020-0331 Malicious Web Application Activity
110.138.246.121	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	ID TO-S-2020-0303 Malicious Email Activity
110.138.32.0	21	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	ID TO-S-2020-0298 Malicious Email Activity
110.139.16.239	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	ID TO-S-2020-0331 Malicious Web Application Activity
110.143.73.133	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	AU TO-S-2020-0298 Malicious Email Activity
110.145.77.103	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	AU TO-S-2021-0876 Hive Case 4166 Malware Activity
110.152.156.160	24	RR	None	2021-05-22 00:00:00	2021-08-20 00:00:00	None	FTP Login Failed - Failed Logons (IP=160,CN)
110.153.68.68	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=68,CN)
110.159.141.199	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	MY Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
110.159.241.16	24	GM	None	2021-03-09 00:00:00	2021-06-07 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=241,MY)
110.159.32.175	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	MY Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
110.164.126.99	32	wmp	None	2021-01-14 00:00:00	2021-04-14 00:00:00	None	Suspicious Scan Activity (IP=99,TH)
110.164.163.178	24	EE	None	2021-04-07 00:00:00	2021-07-06 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt (1:19559:13) - Sourcefire (IP=178,TH)
110.164.20.154	24	RW	None	2021-01-04 00:00:00	2021-04-04 00:00:00	None	Authentication Failure - 6 hr failed logons (IP=154,TH)
110.168.211.36	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	TH TO-S-2020-0303 Malicious Email Activity
110.169.16.0	20	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	TH Hive Case 4237 TO-S-2021-0910 Malware Activity
110.172.104.0	24	TLM	None	2021-06-10 00:00:00	2021-12-10 00:00:00	None	HIVE CASE #5606 TO-S-2021-1338
110.172.142.0	24	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	IN TO-S-2020-0298 Malicious Email Activity
110.172.172.0	24	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	IN Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
110.182.101.200	32	srm	None	2021-05-17 00:00:00	2021-08-15 00:00:00	None	Firepower Suspicious Scan Activity (IP=200,CN)
110.182.102.201	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=201,CN)
110.182.126.118	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=118,CN)
110.185.107.27	24	DT	None	2021-01-02 00:00:00	2021-04-02 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - SSH Scan Report (IP=27,CN)
110.187.229.182	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=182,CN)
110.189.172.84	24	RW	None	2021-03-07 00:00:00	2021-06-07 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr web attacks (IP=84,CN)
110.224.160.118	24	GM	None	2021-03-20 00:00:00	2021-06-18 00:00:00	None	FTP Login Failed - Failed Logons (IP=118,IN)
110.227.168.0	21	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	IN TO-S-2021-0876 Hive Case 4166 Malicious Web Application Activity
110.227.250.0	24	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	IN Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
110.232.248.0	24	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	IN Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
110.232.81.0	24	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	ID Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
110.235.0.11	24	ZH	None	2021-08-22 00:00:00	2021-11-20 00:00:00	None	OS-OTHER Bash CGI environment variable injection attempt - 6 hr Web Attacks (IP=11,HK)
110.235.240.0	20	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	KH TO-S-2020-0303 Malicious Email Activity
110.235.252.110	24	BMP	None	2021-06-09 00:00:00	2021-09-07 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6hr Failed Logons (IP=110,KH)
110.235.252.110	24	SW	None	2021-06-09 00:00:00	2021-09-07 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt (1:19559:13) - Source Fire (IP=110,KH)
110.235.252.110	24	SW	None	2021-06-09 00:00:00	2021-09-07 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt (1:19559:13) - Source Fire (IP=110,KH)
110.243.178.147	24	GM	None	2020-11-28 00:00:00	2021-02-28 00:00:00	None	Generic URI Injection wget Attempt - FireEye CMS (IP=147,CN)
110.247.249.41	24	BMP	None	2020-10-01 00:00:00	2021-01-01 00:00:00	None	FTP Login Failed - 6hr Logons (IP=41,CN)
110.248.124.254	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=254,CN)
110.249.25.147	24	KD	None	2021-06-04 00:00:00	2021-09-03 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (1:42857:3)- Source Fire (IP=147,CN)
110.253.103.53	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=53,CN)
110.253.145.3	24	DT	None	2021-06-24 00:00:00	2021-09-22 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=3,CN)
110.253.166.241	24	WR	None	2021-06-17 00:00:00	2021-09-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=241,CN)
110.253.213.198	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=198,CN)
110.253.51.112	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=112,CN)
110.34.0.178	24	RW	None	2021-04-18 00:00:00	2021-07-18 00:00:00	None	SQL injection - Web attacks (IP=178,NP)
110.35.194.11	24	SW	None	2021-06-09 00:00:00	2021-09-07 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Web Attacks(IP=11, KR)
110.36.221.135	24	EE	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attack (IP=135,PK)
110.36.229.244	24	RR	None	2021-05-24 00:00:00	2021-08-22 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - SourceFire (IP=244,PK)
110.39.10.166	24	GM	None	2021-03-24 00:00:00	2021-06-24 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=166,PK)
110.4.119.117	32	FT	None	2020-10-04 00:00:00	2021-01-03 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability
110.40.13.167	24	RW	None	2021-03-31 00:00:00	2021-06-30 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Sourcefire (IP=167,CN)
110.40.186.201	32	BB	None	2021-09-10 00:00:00	2021-12-09 00:00:00	None	SERVER-WEBAPP Apache Unomi OGNL MVEL2 remote command execution attempt (1:56990:1) - SourceFire (IP=201,US)
110.40.187.24	24	BMP	None	2021-09-03 00:00:00	2021-12-02 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=24,CN)
110.44.117.55	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	NP TO-S-2020-0298 Malicious Email Activity
110.46.13.145	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	KR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
110.46.15.133	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	KR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
110.46.15.135	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	KR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
110.46.206.68	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	KR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
110.46.49.7	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	KR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
110.47.70.188	24	WR	None	2021-06-26 00:00:00	2021-09-24 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6HR Web Attack (IP=188,KR)
110.49.62.160	24	RT	None	2021-06-29 00:00:00	2021-09-27 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire Report (IP=160,TH)
110.50.160.0	19	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	TW Hive Case 4237 TO-S-2021-0910 Malware Activity
110.52.210.178	24	RT	None	2021-07-14 00:00:00	2021-10-12 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - Sourcefire Report (IP=178,CN)
110.54.244.68	24	RB	None	2021-04-01 00:00:00	2021-06-30 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - Sourcefire (IP=68,PH)
110.6.145.48	24	KD	None	2021-06-02 00:00:00	2021-08-31 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt- Web Attacks (IP=48,CN)
110.7.180.121	24	KD	None	2021-06-08 00:00:00	2021-09-07 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt- Web Attacks (IP=121,CN)
110.77.128.0	20	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	TH Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
110.77.146.29	24	UA	None	2021-08-04 00:00:00	2021-11-02 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6hr Failed Logons (IP=29,TH)
110.77.152.168	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	TH TO-S-2020-0331 Malicious Web Application Activity
110.77.158.235	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	TH TO-S-2020-0298 Malicious Email Activity
110.77.183.159	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	TH TO-S-2020-0331 Malicious Web Application Activity
110.77.197.0	24	sym	None	2014-05-29 05:00:00	2021-02-14 00:00:00	None	SERVER-WEBAPP Setup.php access (ip=118,TH) | updated by kmw with reason TH TO-S-2019-0176 Malicious Web Application Activity | updated by dbc Block was inactive. Reactivated on 20200214 with reason TH TO-S-2020-0298 Malicious Email Activity
110.77.216.216	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	TH TO-S-2020-0331 Malicious Web Application Activity
110.77.232.0	24	NAB	None	2021-04-05 00:00:00	2021-07-04 00:00:00	None	HIVE Case #5201 TO-S-21-1209 (IP=0,TH)
110.77.232.205	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	TH TO-S-2020-0303 Malicious Email Activity
110.77.242.140	32	jkc	None	2021-04-21 00:00:00	2021-10-21 00:00:00	None	Case # 5273 IOC_TO-S-2021-1233 Malicious callback IP
110.77.251.122	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	TH TO-S-2020-0298 Malicious Email Activity
110.78.141.0	24	NAB	None	2021-04-05 00:00:00	2021-07-04 00:00:00	None	HIVE Case #5201 TO-S-21-1209 (IP=0,TH)
110.78.147.202	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	TH TO-S-2020-0298 Malicious Email Activity
110.78.154.0	24	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	TH TO-S-2020-0298 Malicious Email Activity
110.78.160.0	21	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	TH Hive Case 4237 TO-S-2021-0910 Malware Activity
110.78.174.0	24	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	TH TO-S-2021-0989 Hive Case # 4493 Malicious Web Application Activity
110.78.174.0	24	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	TH TO-S-2021-0989 Hive Case # 4493 Malicious Web Application Activity
110.78.174.0	24	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	TH TO-S-2021-0989 Hive Case # 4493 Malicious Web Application Activity
110.78.80.0	20	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	TH Hive Case 4237 TO-S-2021-0910 Malware Activity
110.8.71.166	24	GM	None	2020-11-21 00:00:00	2021-02-21 00:00:00	None	Generic URI Injection wget Attempt - FireEye CMS (IP=166,KR)
110.80.46.90	32	wmp	None	2021-03-01 00:00:00	2021-06-01 00:00:00	None	Firepower Suspicious Scan Activity (IP=90,CN)
110.82.58.197	32	srm	None	2021-04-26 00:00:00	2021-07-25 00:00:00	None	Firepower Suspicious Scan Activity (IP=197,CN)
110.93.213.56	24	RB	None	2021-01-13 00:00:00	2021-04-13 00:00:00	None	FTP Login Failed - 6hr failed logons (IP=56,PK)
110.93.237.0	24	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	PK TO-S-2021-0941 Hive Case 4361 Malware Activity
111.118.138.0	23	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	KH TO-S-2020-0298 Malicious Email Activity
111.118.21.122	24	RR	None	2021-03-09 00:00:00	2021-06-07 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=122,KR)
111.118.214.210	32	NAB	None	2020-10-30 00:00:00	2021-01-28 00:00:00	None	HIVE Case #4238 COLS-NA-TIP-20-0344 (IP=210,IN)
111.119.183.24	24	KD	None	2021-07-13 00:00:00	2021-10-11 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt (1:19559:13)- Source Fire (IP=24,PK)
111.119.187.45	24	RR	None	2020-12-03 00:00:00	2021-03-03 00:00:00	None	FTP Login Failed - Failed Logon (IP=45,PK)
111.119.245.114	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=114,IN)
111.125.234.67	24	ZH	None	2021-07-17 00:00:00	2021-10-15 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt (1:19559:13) - Sourcefire Rpt (IP=67,IN)
111.160.112.142	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=142,CN)
111.165.128.53	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	HIVE Case #Firepower Firepower (IP=53,CN)
111.167.174.34	32	srm	None	2021-05-17 00:00:00	2021-08-15 00:00:00	None	Firepower Suspicious Scan Activity (IP=34,CN)
111.17.186.194	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=194,CN)
111.170.84.171	32	srm	None	2021-04-28 00:00:00	2021-07-27 00:00:00	None	Firepower Suspicious Scan Activity (IP=171,CN)
111.170.85.71	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=71,CN)
111.193.192.65	24	EE	None	2021-03-28 00:00:00	2021-06-26 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks(IP=65,CN)
111.198.61.222	24	EE	None	2021-03-22 00:00:00	2021-06-20 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attack (IP=222,CN)
111.198.77.239	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=239,CN)
111.205.14.16	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	HIVE Case #Firepower Firepower (IP=16,CN)
111.205.14.41	24	KD	None	2021-06-03 00:00:00	2021-09-03 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (1:42857:3)- Source Fire (IP=41,CN)
111.205.46.47	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=47,CN)
111.206.170.103	24	RW	None	2021-03-06 00:00:00	2021-06-06 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=103,CN)
111.207.154.62	24	RR	None	2021-05-30 00:00:00	2021-08-28 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=62,CN)
111.207.154.62	32	srm	None	2021-05-05 00:00:00	2021-08-03 00:00:00	None	Firepower Suspicious Scan Activity (IP=62,CN)
111.220.94.149	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	AU TO-S-2020-0331 Malicious Web Application Activity
111.223.158.133	24	EE	None	2021-04-06 00:00:00	2021-07-05 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt (1:19559:13) - Sourcefire (IP=133,LK)
111.223.2.140	32	wmp	None	2021-06-03 00:00:00	2021-09-03 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=140,IN)
111.223.67.125	32	jkc	None	2021-04-21 00:00:00	2021-10-21 00:00:00	None	Case # 5273 IOC_TO-S-2021-1233 Malicious callback IP
111.225.89.82	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=82,CN)
111.225.91.62	24	EE	None	2020-12-07 00:00:00	2021-03-07 00:00:00	None	BROWSER-IE Microsoft IE - SourceFire (IP=62,CN)
111.229.100.86	24	DT	None	2021-03-25 00:00:00	2021-06-23 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=86,CN)
111.229.110.194	24	GM	None	2020-11-05 00:00:00	2021-02-05 00:00:00	None	SERVER-WEBAPP vBulletin template rendering arbitrary PHP code execution attempt - Sourcefire (IP=194,CN)
111.229.133.245	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	HIVE Case #Firepower Firepower (IP=245,CN)
111.229.135.171	24	RR	None	2020-12-18 00:00:00	2021-03-18 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - SourceFire (IP=171,CN)
111.229.142.109	24	BMP	None	2020-10-23 00:00:00	2021-01-21 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr Web Attacks (IP=109,CN)
111.229.143.216	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=216,CN)
111.229.158.97	24	RB	None	2020-10-19 00:00:00	2021-01-17 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr web attacks (IP=97,CN)
111.229.179.125	24	FT	None	2020-11-04 00:00:00	2021-02-04 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=125,CN)
111.229.239.203	24	RR	None	2020-10-21 00:00:00	2021-01-19 00:00:00	None	SERVER-WEBAPP Linksys E-series HNAP TheMoon remote code execution attempt - Web Attacks (IP=203,CN)
111.229.6.201	24	ZH	None	2021-07-17 00:00:00	2021-10-15 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=201,CN)
111.229.73.197	32	wmp	None	2021-01-29 00:00:00	2021-04-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=197,CN)
111.229.84.133	24	FT	None	2020-11-04 00:00:00	2021-02-04 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr Web Attacks (IP=133,CN) | updated by GM Block was inactive. Reactivated on 20201104 with reason SERVER-WEBAPP Drupal 8 remote code execution attempt - Sourcefire (IP=133,CN)
111.23.147.140	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=140,CN)
111.230.142.59	24	GM	None	2020-11-05 00:00:00	2021-02-05 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Web Attacks (IP=59,CN)
111.230.157.95	24	RT	None	2021-05-27 00:00:00	2021-08-25 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Sourcefire (IP=95,CN) | updated by RT Block was inactive. Reactivated on 20210527 with reason HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6 HR Web Attack (IP=
111.230.157.95	24	RW	None	2019-12-31 00:00:00	2021-08-25 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Sourcefire (IP=95,CN) | updated by RT Block was inactive. Reactivated on 20210527 with reason HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6 HR Web Attack (IP=
111.230.157.95	24	RWB	None	2020-01-01 00:00:00	2021-08-25 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Sourcefire (IP=95,CN) | updated by RT Block was inactive. Reactivated on 20210527 with reason HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6 HR Web Attack (IP=
111.230.171.137	32	srm	None	2021-04-07 00:00:00	2021-07-07 00:00:00	None	Firepower Suspicious Scan Activity (IP=137,CN)
111.230.178.135	24	EE	None	2021-03-27 00:00:00	2021-06-25 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) Web Attacks (IP=135,CN)
111.230.204.240	32	srm	None	2021-04-07 00:00:00	2021-07-07 00:00:00	None	Firepower Suspicious Scan Activity (IP=240,CN)
111.230.228.235	24	RR	None	2021-05-13 00:00:00	2021-08-11 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt_Sourcefire (IP=235,CN) | updated by DT Block was inactive. Reactivated on 20200717 with reason HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=235,CN) | updated by RR Block was inacti
111.230.228.235	24	RB	None	2020-01-29 00:00:00	2021-08-11 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt_Sourcefire (IP=235,CN) | updated by DT Block was inactive. Reactivated on 20200717 with reason HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=235,CN) | updated by RR Block was inacti
111.230.41.189	24	RB	None	2018-12-08 06:00:00	2021-09-21 00:00:00	None	MALWARE-BACKDOOR JSP webshell backdoor detected (IP=189,CN) | updated by KF Block was inactive. Reactivated on 20191020 with reason Command Injection Attempt (IP=189,CN) | updated by DT Block was inactive. Reactivated on 20210623 with reason HTTP: De
111.231.11.236	24	RR	None	2020-11-21 00:00:00	2021-02-19 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=236,CN)
111.231.202.210	32	wmp	None	2021-05-10 00:00:00	2021-08-10 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=210,CN)
111.231.202.210	24	RR	None	2021-05-30 00:00:00	2021-08-28 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - SourceFire (IP=210,CN)
111.231.54.145	24	UA	None	2021-05-20 00:00:00	2021-08-19 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=145,CN)
111.231.94.161	24	GM	None	2020-11-29 00:00:00	2021-03-01 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Web Attacks (IP=161,CN)
111.235.66.83	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=83,IN)
111.235.84.8	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	PH TO-S-2020-0331 Malicious Web Application Activity
111.251.57.55	24	KD	None	2021-06-02 00:00:00	2021-08-31 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt- Web Attacks (IP=55,TW)
111.26.101.137	24	GM	None	2021-03-20 00:00:00	2021-06-18 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=137,CN)
111.26.85.210	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=210,CN)
111.30.107.154	24	RR	None	2019-06-22 00:00:00	2021-08-21 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt (1:50182:1) - SourceFire (IP=154,CN) | updated by GM Block was inactive. Reactivated on 20201109 with reason SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Web Attacks (IP=154,CN)
111.38.103.114	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=114,CN)
111.38.103.122	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=122,CN)
111.38.103.13	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=13,CN)
111.38.103.66	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=66,CN)
111.38.104.141	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=141,CN)
111.38.106.128	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=128,CN)
111.38.106.19	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=19,CN)
111.38.106.48	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=48,CN)
111.38.121.223	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=223,CN)
111.38.121.226	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=226,CN)
111.38.123.197	24	GM	None	2020-12-27 00:00:00	2021-03-27 00:00:00	None	Generic URI Injection wget Attempt - FireEye CMS (IP=197,CN)
111.38.140.34	24	GM	None	2021-04-02 00:00:00	2021-07-02 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=34,CN)
111.38.155.38	24	RW	None	2021-02-27 00:00:00	2021-05-27 00:00:00	None	SERVER-WEBAPP LifeRay arbitrary Java object deserialization attempt - Sourcefire (IP=38,CN)
111.38.9.114	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=114,CN)
111.39.68.61	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=61,CN)
111.43.70.251	24	RR	None	2021-05-19 00:00:00	2021-08-17 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - SourceFire (IP=251,CN)
111.43.70.254	24	RR	None	2020-10-28 00:00:00	2021-01-26 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=254,CN)
111.48.76.248	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=248,CN)
111.6.121.27	24	EE	None	2021-03-27 00:00:00	2021-06-25 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=27,CN)
111.61.154.107	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=107,CN)
111.62.22.88	24	RR	None	2020-12-29 00:00:00	2021-03-29 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - SourceFire (IP=88,CN)
111.67.192.115	32	FT	None	2020-10-09 00:00:00	2021-01-07 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability
111.7.96.138	32	wmp	None	2021-04-19 00:00:00	2021-07-19 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=138,CN)
111.7.96.142	32	wmp	None	2021-04-15 00:00:00	2021-07-15 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=142,CN)
111.7.96.147	32	wmp	None	2021-04-16 00:00:00	2021-07-16 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=147,CN)
111.7.96.150	32	CR	None	2021-07-09 00:00:00	2021-10-07 00:00:00	None	High Attacker Suspicious Scan Activity - ArcSight ESM (IP=150,CN)
111.7.96.160	32	wmp	None	2021-06-29 00:00:00	2021-09-29 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=160,CN)
111.7.96.167	32	wmp	None	2021-04-19 00:00:00	2021-07-19 00:00:00	None	Palo Alto Suspicious Scan Activity Suspicious Scan Activity (IP=167,CN)
111.7.96.176	32	wmp	None	2021-04-19 00:00:00	2021-07-19 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=176,CN)
111.7.96.181	32	wmp	None	2021-04-16 00:00:00	2021-07-16 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=181,CN)
111.74.153.159	24	RR	None	2020-12-07 00:00:00	2021-03-07 00:00:00	None	HTTP: SQL Injection Attempt Detected - Web Attacks (IP=159,CN)
111.78.53.30	24	RR	None	2021-07-02 00:00:00	2021-09-30 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=30,CN)
111.92.189.45	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	HIVE Case #3909 COLS-NA-TIP-20-0296 (IP=45,KR)
111.92.80.118	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	HIVE Case #Firepower Firepower (IP=118,IN)
111.92.80.157	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=157,IN)
111.92.80.167	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=167,IN)
111.92.80.174	24	DT	None	2021-06-24 00:00:00	2021-09-22 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Web Attacks (IP=174,IN)
111.92.80.20	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=20,IN)
111.92.80.210	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	srm Firepwer Suspicious Scan Activity (IP=210,IN)
111.92.80.218	32	srm	None	2021-04-26 00:00:00	2021-07-25 00:00:00	None	Firepower Suspicious Scan Activity (IP=218,IN)
111.92.80.22	32	wmp	None	2021-04-30 00:00:00	2021-07-30 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=22,IN)
111.92.80.226	32	srm	None	2021-05-05 00:00:00	2021-08-03 00:00:00	None	Firepower Suspicious Scan Activity (IP=226,IN)
111.92.80.233	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	HIVE Case #Firepower Firepower (IP=233,IN)
111.92.80.33	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=33,IN)
111.92.80.39	32	srm	None	2021-04-20 00:00:00	2021-07-19 00:00:00	None	Firepower Suspicious Scan Activity (IP=39,IN)
111.92.80.95	32	srm	None	2021-05-14 00:00:00	2021-08-12 00:00:00	None	Firepower Suspicious Scan Activity (IP=95,IN)
111.92.81.135	24	GM	None	2021-01-30 00:00:00	2021-04-30 00:00:00	None	Generic URI Injection wget Attempt - FireEye CMS (IP=135,IN)
111.98.254.75	32	wmp	None	2021-04-15 00:00:00	2021-07-15 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=75,JP)
112.104.0.0	19	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=0,TW)
112.104.91.231	24	KD	None	2021-06-04 00:00:00	2021-09-03 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (1:42857:3)-Source Fire (IP=231,CN)
112.104.96.0	19	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	TW TO-S-2020-0838 Malware Activity
112.105.64.0	19	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	TW Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
112.109.88.0	21	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	VN TO-S-2020-0750 Malicious Email Activity
112.120.42.194	24	EE	None	2021-04-20 00:00:00	2021-12-28 00:00:00	None	HIVE Case #6266 IOC_CVE-2021-22005 (IP=194,HK) | updated by EE Block was inactive. Reactivated on 20210929 with reason HIVE Case #6266 IOC_CVE-2021-22005 (IP=194,HK)
112.124.46.131	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=131,CN)
112.126.102.161	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	HIVE Case #Firepower Firepower (IP=161,CN)
112.126.68.48	24	FT	None	2021-03-30 00:00:00	2021-06-28 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=48,CN)
112.126.79.65	24	FT	None	2021-04-08 00:00:00	2021-07-07 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=65,CN)
112.126.98.210	32	wmp	None	2021-02-11 00:00:00	2021-05-11 00:00:00	None	Firepower Suspicious Scan Activity (IP=210,CN)
112.133.215.0	24	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	IN Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
112.133.222.151	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=151,IN)
112.133.237.0	24	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=0,IN)
112.133.241.0	24	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,IN)
112.133.246.0	24	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,IN)
112.134.0.0	19	TLM	None	2021-06-10 00:00:00	2021-12-10 00:00:00	None	HIVE CASE #5606 TO-S-2021-1338
112.134.160.0	19	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,LK)
112.134.231.115	24	RB	None	2021-03-24 00:00:00	2021-06-22 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - Sourcefire (IP=115,LK)
112.135.96.0	19	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	LK Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
112.157.24.135	24	EE	None	2021-03-15 00:00:00	2021-06-13 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt - Web Attack (IP=135,KR)
112.158.135.205	24	DT	None	2021-09-01 00:00:00	2021-11-30 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - Web Attacks (IP=205,KR)
112.160.232.174	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	KR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
112.162.109.164	24	ZH	None	2021-06-28 00:00:00	2021-09-26 00:00:00	None	SERVER-WEBAPP Linksys E-series HNAP TheMoon remote code execution attempt (1:29831:3) - Sourcefire Rpt (IP=164,KR)
112.169.179.49	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	KR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
112.175.150.23	32	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5629 TO-S-2021-1303 (IP=23,KR)
112.175.184.75	32	dbc	None	2020-03-24 00:00:00	2021-03-24 00:00:00	None	KR TO-S-2020-0369 Malicious Email Activity
112.175.89.215	24	GM	None	2021-03-09 00:00:00	2021-06-07 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=215,KR)
112.184.135.3	24	KH	None	2021-07-27 00:00:00	2021-10-25 00:00:00	None	Generic URI Injection wget Attempt - FE IPS (IP=3,KR)
112.185.64.233	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	KR TO-S-2021-0876 Hive Case 4166 Malware Activity
112.19.161.232	24	KD	None	2021-06-03 00:00:00	2021-09-04 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=232,CN)
112.196.107.59	24	ZH	None	2021-08-20 00:00:00	2021-11-18 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - Failed Logons (IP=59,IN)
112.196.15.138	32	dbc	None	2020-01-08 00:00:00	2021-01-08 00:00:00	None	IN TO-S-2020-0236 Malicious Email Activity
112.196.166.20	24	EE	None	2021-02-17 00:00:00	2021-05-16 00:00:00	None	FireEye User Agent String - Hive Case 4933 (IP=20,IN)
112.196.166.43	24	BB	None	2021-07-30 00:00:00	2021-10-28 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - Failed Logon (IP=43,IN)
112.196.188.109	24	RR	None	2021-02-18 00:00:00	2021-05-19 00:00:00	None	OS-OTHER Bash CGI environment variable injection attempt - Web Attacks (IP=109,IN)
112.196.188.47	32	FT	None	2020-12-17 00:00:00	2021-03-17 00:00:00	None	SERVER-WEBAPP vBulletin pre-authenticated command injection attempt - 6hr Web Attacks (IP=47,IN)
112.196.188.9	24	EE	None	2021-02-17 00:00:00	2021-05-16 00:00:00	None	FireEye User Agent String - Hive Case 4932 (IP=9,IN)
112.196.60.26	24	RR	None	2021-03-06 00:00:00	2021-06-04 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - SourceFire (IP=26,IN)
112.196.88.98	24	RR	None	2021-04-26 00:00:00	2021-07-25 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt (1:19559:13) - SourceFire (IP=98,IN)
112.196.94.202	32	dbc	None	2020-01-08 00:00:00	2021-01-08 00:00:00	None	IN TO-S-2020-0236 Malicious Reconnaissance Activity
112.199.168.153	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	SG TO-S-2021-1007 Malicious Web Application Activity
112.206.102.3	24	KD	None	2021-09-05 00:00:00	2021-12-04 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6hr Failed Logons (IP=3,PH)
112.206.73.206	24	ZH	None	2021-07-24 00:00:00	2021-10-22 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt (1:19559:13) - Sourcefire Rpt (IP=206,PH)
112.207.29.210	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	PH TO-S-2020-0298 Malicious Email Activity
112.209.148.241	24	RW	None	2021-02-09 00:00:00	2021-05-09 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - Sourcefire (IP=241,PL)
112.213.127.179	24	RW	None	2020-11-22 00:00:00	2021-02-22 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability - Web Attacks (IP=179,HK)
112.213.86.254	24	RR	None	2021-08-31 00:00:00	2021-11-29 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=254,VN)
112.213.89.105	32	NAB	None	2020-10-28 00:00:00	2021-01-26 00:00:00	None	HIVE Case #4192 COLS-NA-TIP-20-0322 (IP=105,VN)
112.213.91.61	32	NAB	None	2020-11-12 00:00:00	2021-02-10 00:00:00	None	HIVE Case #4299 COLS-NA-TIP-20-0348 (IP=61,VN)
112.221.132.29	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	KR TO-S-2020-0303 Malicious Email Activity
112.225.187.19	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=19,CN)
112.225.82.17	24	GM	None	2021-01-07 00:00:00	2021-04-07 00:00:00	None	Generic URI Injection wget Attempt - FireEye CMS (IP=17,CN)
112.226.118.229	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=229,CN)
112.226.119.12	24	GM	None	2020-11-21 00:00:00	2021-02-21 00:00:00	None	Generic URI Injection wget Attempt - FireEye CMS (IP=12,CN)
112.226.162.148	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=148,CN)
112.226.67.193	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=193,CN)
112.228.180.95	24	GM	None	2021-03-03 00:00:00	2021-06-03 00:00:00	None	Generic URI Injection wget Attempt - FireEye CMS (IP=95,CN)
112.228.79.114	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=114,CN)
112.229.178.109	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=109,CN)
112.229.186.88	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firep0wer Suspicious Scan Activity (IP=88,CN)
112.230.251.85	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=85,CN)
112.232.151.103	24	EE	None	2020-12-15 00:00:00	2021-03-15 00:00:00	None	SSH User Authentication Brute Force Attempt - 6 HR Failed Logons (IP=103,CN)
112.233.100.32	32	srm	None	2021-01-29 00:00:00	2021-04-29 00:00:00	None	Firepwer Suspicious Scan Activity (IP=32,CN)
112.233.147.73	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=73,CN)
112.234.175.204	24	GM	None	2021-01-26 00:00:00	2021-04-26 00:00:00	None	Generic URI Injection wget Attempt - FireEye CMS (IP=204,CN)
112.234.194.178	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=178,CN)
112.234.194.23	32	srm	None	2021-02-02 00:00:00	2021-05-03 00:00:00	None	Firepwer Suspicious Scan Activity (IP=23,CN)
112.234.218.202	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=202,CN)
112.237.105.36	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=36,CN)
112.237.141.241	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=241,CN)
112.238.17.120	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=120,CN)
112.238.224.75	24	FT	None	2020-10-19 00:00:00	2021-01-19 00:00:00	None	SERVER-WEBAPP vBulletin template rendering arbitrary PHP code execution attempt (1:54768:2) - SourceFire (IP=75,CN)
112.238.73.181	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=181,CN)
112.242.18.128	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=128,CN)
112.242.20.248	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	HIVE Case #Firepower Firepower (IP=248,CN)
112.242.228.252	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=252,CN)
112.245.237.186	32	wmp	None	2021-05-11 00:00:00	2021-08-11 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=186,CN)
112.245.51.48	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=48,CN)
112.246.162.50	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=50,CN)
112.247.147.78	24	GM	None	2021-02-12 00:00:00	2021-05-12 00:00:00	None	Generic URI Injection wget Attempt - FireEyeCMS (IP=78,CN)
112.247.161.45	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=45,CN)
112.247.214.146	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=146,CN)
112.247.41.134	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=134,CN)
112.247.43.29	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=29,CN)
112.247.62.10	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=10,CN)
112.247.85.231	24	KH	None	2021-07-27 00:00:00	2021-10-25 00:00:00	None	Generic URI Injection wget Attempt - FE IPS (IP=231,CN)
112.248.80.117	32	srm	None	2021-05-05 00:00:00	2021-08-03 00:00:00	None	Firepower Suspicious Scan Activity (IP=117,CN)
112.248.83.91	24	KH	None	2021-09-04 00:00:00	2021-12-03 00:00:00	None	Generic URI Injection wget Attempt - FE IPS (IP=91,CN)
112.249.232.220	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=220,CN)
112.249.41.142	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=142,CN)
112.25.75.181	24	FT	None	2021-04-08 00:00:00	2021-07-07 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr web attacks (IP=181,CN)
112.251.17.5	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=5,CN)
112.251.219.229	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firep0wer Suspicious Scan Activity (IP=229,CN)
112.251.221.45	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=45,CN)
112.252.239.103	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=103,CN)
112.252.46.212	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=212,CN)
112.255.8.235	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=235,CN)
112.26.212.80	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=80,CN)
112.27.115.8	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=8,CN)
112.27.121.163	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=163,CN)
112.27.123.173	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=173,CN)
112.27.124.158	24	GM	None	2020-12-03 00:00:00	2021-03-03 00:00:00	None	Generic URI Injection wget Attempt - FireEye CMS (IP=158,CN)
112.27.126.243	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=243,CN)
112.27.250.128	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=128,CN)
112.27.80.120	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=120,CN)
112.27.80.121	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=121,CN)
112.27.80.98	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=98,CN)
112.27.81.238	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=238,CN)
112.27.82.29	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	HIVE Case #Firepower Firepower (IP=29,CN)
112.27.83.182	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=182,CN)
112.27.83.23	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=23,CN)
112.27.85.113	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=113,CN)
112.27.87.130	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=130,CN)
112.27.87.203	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=203,CN)
112.27.87.213	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=213,CN)
112.27.91.247	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=247,CN)
112.29.170.128	24	RR	None	2021-04-01 00:00:00	2021-06-30 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt -SourceFire (IP=128,CN)
112.30.1.152	24	RR	None	2021-01-07 00:00:00	2021-04-07 00:00:00	None	Generic URI Injection wget Attempt - IPS Events (IP=152,CN)
112.30.100.228	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=228,CN)
112.30.110.27	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=27,CN)
112.30.110.30	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=30,CN)
112.30.110.31	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=31,CN)
112.30.110.32	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=32,CN)
112.30.110.33	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=33,CN)
112.30.110.36	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=36,CN)
112.30.110.37	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=37,CN)
112.30.110.38	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=38,CN)
112.30.110.41	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=41,CN)
112.30.110.42	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=42,CN)
112.30.110.43	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	HIVE Case #Firepower Firepower (IP=43,CN)
112.30.110.45	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=45,CN)
112.30.110.46	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=46,CN)
112.30.110.48	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=48,CN)
112.30.110.51	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=51,CN)
112.30.110.52	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=52,CN)
112.30.110.54	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=54,CN)
112.30.110.55	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=55,CN)
112.30.110.58	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=58,CN)
112.30.110.62	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=62,CN)
112.30.110.63	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=63,CN)
112.30.110.66	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=66,CN)
112.30.126.156	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=156,CN)
112.30.35.237	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=237,CN)
112.30.38.100	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=100,CN)
112.30.38.101	32	srm	None	2021-04-07 00:00:00	2021-07-07 00:00:00	None	Firepower Suspicious Scan Activity (IP=101,CN)
112.30.38.19	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firep0wer Suspicious Scan Activity (IP=19,CN)
112.30.4.103	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=103,CN)
112.30.4.119	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=119,CN)
112.30.4.121	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=121,CN)
112.30.4.136	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=136,CN)
112.30.4.37	32	wmp	None	2021-05-11 00:00:00	2021-08-11 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=37,CN)
112.30.4.52	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=52,CN)
112.30.4.53	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=53,CN)
112.30.4.57	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=57,CN)
112.30.4.60	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=60,CN)
112.30.4.61	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=61,CN)
112.30.4.62	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=62,CN)
112.30.4.68	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=68,CN)
112.30.4.69	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=69,CN)
112.30.4.77	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=77,CN)
112.30.4.90	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=90,CN)
112.30.97.184	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=184,CN)
112.30.98.129	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=129,CN)
112.31.176.16	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=16,CN)
112.31.177.39	32	srm	None	2021-04-07 00:00:00	2021-07-07 00:00:00	None	Firepower Suspicious Scan Activity (IP=39,CN)
112.31.211.135	24	GM	None	2020-11-22 00:00:00	2021-02-22 00:00:00	None	Generic URI Injection wget Attempt - FireEye (IP=135,CN)
112.31.240.239	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=239,CN)
112.31.240.45	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=45,CN)
112.31.247.104	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=104,CN)
112.31.82.160	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=160,CN)
112.31.87.98	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=98,CN)
112.4.114.151	24	EE	None	2021-02-27 00:00:00	2021-05-27 00:00:00	None	SSH2 Failed Login Attempt - 6 HR Failed Logons (IP=151,CN)
112.51.25.180	24	RR	None	2021-04-15 00:00:00	2021-07-14 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Web Attacks (IP=180,CN)
112.53.100.233	24	RR	None	2021-05-02 00:00:00	2021-08-30 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=233,CN) | updated by ZH Block expiration extended with reason HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attack Report (IP=233,CN) HTTP: PHPUnit Remote Code Execut
112.53.100.233	24	ZH	None	2021-06-01 00:00:00	2021-08-30 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=233,CN) | updated by ZH Block expiration extended with reason HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attack Report (IP=233,CN) HTTP: PHPUnit Remote Code Execut
112.53.227.57	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=57,CN)
112.53.227.66	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=66,CN)
112.72.88.0	21	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	VN Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
112.74.91.108	32	NAB	None	2020-10-28 00:00:00	2021-01-26 00:00:00	None	HIVE Case #4192 COLS-NA-TIP-20-0322 (IP=108,CN)
112.78.112.150	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	JP TO-S-2020-0535 Malicious Email Activity
112.78.40.0	21	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	ID TO-S-2020-0298 Malicious Email Activity
112.80.117.247	24	FT	None	2021-03-20 00:00:00	2021-06-18 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=247,CN)
112.80.127.91	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=91,CN)
112.80.215.101	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=101,CN)
112.80.39.82	24	RB	None	2021-03-11 00:00:00	2021-06-28 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=82,CN) | updated by DT Block expiration extended with reason HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=82,CN)
112.82.224.139	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=139,CN)
112.82.238.10	24	WR	None	2021-06-23 00:00:00	2021-09-21 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (1:42857:3) - Sourcefire Report (IP=10,CN)
112.83.118.203	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=203,CN)
112.86.167.192	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firep0wer Suspicious Scan Activity (IP=192,CN)
112.86.76.27	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=27,CN)
112.87.107.65	24	GM	None	2020-11-20 00:00:00	2021-02-20 00:00:00	None	Generic URI Injection wget Attempt - FireEye CMS (IP=65,CN)
112.91.109.103	24	RB	None	2021-01-18 00:00:00	2021-04-18 00:00:00	None	SSH2 Failed Login Attempt - 6hr failed logons (IP=103,CN)
112.91.215.218	24	alj	None	2018-11-27 06:00:00	2021-03-29 00:00:00	None	FIREEYE Web: Malware Callback | updated by RR Block was inactive. Reactivated on 20201229 with reason HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=218,CN)
112.93.29.211	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=211,CN)
112.94.102.99	24	GM	None	2021-01-12 00:00:00	2021-04-12 00:00:00	None	Generic URI Injection wget Attempt - FireEye CMS (IP=99,CN)
112.94.96.120	24	GM	None	2021-01-26 00:00:00	2021-04-26 00:00:00	None	Generic URI Injection wget Attempt - FireEye CMS (IP=120,CN)
112.94.96.142	32	srm	None	2021-04-26 00:00:00	2021-07-25 00:00:00	None	Firepower Suspicious Scan Activity (IP=142,CN)
112.94.96.63	32	srm	None	2021-04-27 00:00:00	2021-07-26 00:00:00	None	Firepower Suspicious Scan Activity (IP=63,CN)
112.94.97.130	24	KH	None	2021-08-23 00:00:00	2021-11-21 00:00:00	None	Generic URI Injection wget Attempt - FE IPS (IP=130,CN)
112.94.97.71	32	wmp	None	2021-05-14 00:00:00	2021-08-14 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=71,CN)
112.94.98.14	24	SW	None	2021-06-09 00:00:00	2021-09-07 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Web Attacks(IP=14, CN)
112.94.98.223	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=223,CN)
112.94.99.189	24	KH	None	2021-08-17 00:00:00	2021-11-15 00:00:00	None	Generic URI Injection wget Attempt -
112.94.99.189	24	KH	None	2021-08-17 00:00:00	2021-11-15 00:00:00	None	Generic URI Injection wget Attempt - FE IPS (IP=189,CN)
112.94.99.90	24	GM	None	2021-02-04 00:00:00	2021-05-04 00:00:00	None	Generic URI Injection wget Attempt - FireEye CMS (IP=90,CN)
112.95.80.34	32	wmp	None	2021-04-20 00:00:00	2021-07-20 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=34,CN)
113.100.140.178	24	KD	None	2021-06-14 00:00:00	2021-09-13 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=178,CN)
113.101.160.211	32	srm	None	2021-04-22 00:00:00	2021-07-21 00:00:00	None	Firepower Suspicious Scan Activity (IP=211,CN)
113.102.37.135	24	GM	None	2021-01-26 00:00:00	2021-04-26 00:00:00	None	Generic URI Injection wget Attempt - FireEye CMS (IP=135,CN)
113.11.251.241	32	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	SG TO-S-2020-0838 Malicious Email Activity
113.11.254.216	32	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	SG TO-S-2020-0838 Malicious Email Activity
113.113.99.221	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=221,CN)
113.116.130.61	24	FT	None	2020-10-05 00:00:00	2021-01-05 00:00:00	None	SQL HTTP URI blind injection attempt - SourceFire (IP=61,GB)
113.116.53.178	24	GM	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=178,CN)
113.116.54.174	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=174,CN)
113.118.11.106	24	DT	None	2021-03-25 00:00:00	2021-06-23 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - 6hr Web Attacks (IP=106,CN)
113.118.121.79	32	srm	None	2021-04-27 00:00:00	2021-07-26 00:00:00	None	Firepower Suspicious Scan Activity (IP=79,CN)
113.118.200.176	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	HIVE Case #Firepower Firepower (IP=176,CN)
113.118.203.246	24	FT	None	2021-03-30 00:00:00	2021-06-28 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=246,CN)
113.118.79.255	24	GM	None	2021-03-29 00:00:00	2021-06-29 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=255,CN)
113.12.188.94	24	KH	None	2021-07-07 00:00:00	2021-10-05 00:00:00	None	SSH User Authentication Brute Force Attempt - 6 hr Failed Logons (IP=94,CN)
113.125.84.227	32	srm	None	2021-04-07 00:00:00	2021-07-07 00:00:00	None	Firepower Suspicious Scan Activity (IP=227,CN)
113.131.125.135	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	KR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
113.131.177.217	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	KR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
113.131.183.2	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	KR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
113.131.183.3	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	KR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
113.131.200.2	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	KR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
113.131.201.11	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	KR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
113.131.201.6	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	KR TO-S-2020-0331 Malicious Web Application Activity
113.141.165.219	24	RW	None	2021-03-13 00:00:00	2021-06-13 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Sourcefire (IP=219,CN)
113.141.165.219	24	RW	None	2021-03-10 00:00:00	2021-06-10 00:00:00	None	Hello Peppa Scan - Fireeye IPS (IP=219,CN)
113.141.165.219	24	RW	None	2021-03-13 00:00:00	2021-06-13 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=219,CN)
113.161.0.156	24	BMP	None	2021-06-23 00:00:00	2021-09-21 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6hr Failed Logons (IP=156,VN)
113.161.6.152	24	KD	None	2021-06-04 00:00:00	2021-09-03 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt (1:19559:13)-Source Fire (IP=152,VN)
113.162.13.244	24	AR	None	2021-08-30 00:00:00	2021-11-28 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt – 6hr Failed Logons (IP=244,VN)
113.162.244.132	24	DT	None	2021-08-26 00:00:00	2021-11-24 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - Failed Logons (IP=132,VN)
113.162.91.221	24	UA	None	2021-08-09 00:00:00	2021-11-07 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6hr Failed Logons (IP=221,VN)
113.168.68.87	24	BMP	None	2021-06-18 00:00:00	2021-09-16 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6hr Failed Logons (IP=87,VN)
113.179.255.154	24	CR	None	2021-05-13 00:00:00	2021-08-11 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - Sourcefire (IP=154,VN)
113.193.178.0	24	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	IN TO-S-2020-0750 Malicious Email Activity
113.193.191.116	24	CR	None	2020-12-30 00:00:00	2021-04-01 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Sourcefire (IP=116,IN)
113.195.171.151	32	srm	None	2021-04-07 00:00:00	2021-07-07 00:00:00	None	Firepower Suspicious Scan Activity (IP=151,CN)
113.195.207.146	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firep0wer Suspicious Scan Activity (IP=146,CN)
113.199.16.19	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	KR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
113.20.17.112	24	RR	None	2021-03-26 00:00:00	2021-06-25 00:00:00	None	MALICIOUS.URL (IP=112,IN)
113.20.29.29	32	NAB	None	2020-10-30 00:00:00	2021-01-28 00:00:00	None	HIVE Case #4238 COLS-NA-TIP-20-0344 (IP=29,ID)
113.203.250.0	24	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	PK TO-S-2021-0876 Hive Case 4166 Malware Activity
113.205.38.66	24	RR	None	2021-05-31 00:00:00	2021-08-29 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - Failed Logons (IP=66,CN)
113.21.229.225	32	dbc	None	2020-01-08 00:00:00	2021-01-08 00:00:00	None	BD TO-S-2020-0236 Malicious Email Activity
113.21.64.0	20	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	IN TO-S-2020-0303 Malicious Email Activity
113.21.96.0	20	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,NC)
113.211.11.90	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=90,MY)
113.22.0.0	20	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	VN Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
113.22.112.0	20	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	VN Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
113.22.192.0	20	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	VN Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
113.22.240.31	24	RW	None	2021-05-02 00:00:00	2021-08-02 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Sourcefire (IP=31,VN)
113.22.82.42	32	TLM	None	2021-06-10 00:00:00	2021-12-10 00:00:00	None	HIVE CASE #5606 TO-S-2021-1338
113.220.112.115	24	GM	None	2020-10-31 00:00:00	2021-01-31 00:00:00	None	Generic URI Injection wget Attempt - FireEye CMS (IP=115,CN)
113.225.0.210	24	ZH	None	2021-05-17 00:00:00	2021-08-15 00:00:00	None	SSH User Authentication Brute Force Attempt - 6 hr Failed Logons (IP=210,CN)
113.226.42.250	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=250,CN)
113.226.42.250	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=250,CN)
113.226.42.250	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=250,CN)
113.227.138.230	32	srm	None	2021-05-17 00:00:00	2021-08-15 00:00:00	None	Firepower Suspicious Scan Activity (IP=230,CN)
113.227.194.172	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=172,CN)
113.23.103.0	24	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	VN TO-S-2021-0876 Hive Case 4166 Malicious Web Application Activity
113.23.109.81	24	RR	None	2021-06-11 00:00:00	2021-09-09 00:00:00	None	SERVER-WEBAPP Oracle Business Intelligence and XML Publisher XML external entity injection attempt - Web Attacks (IP=81,VN)
113.23.11.32	24	RB	None	2021-06-20 00:00:00	2021-09-18 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6hr failed logons (IP=32,VN)
113.23.16.95	32	dbc	None	2020-05-22 00:00:00	2021-05-27 00:00:00	None	Unafilliated TO-S-2020-0559 Malicious Email Activity | updated by dbc Block expiration extended with reason Unafilliated TO-S-2020-0559.01 Malicious Email Activity
113.23.255.179	24	BMP	None	2021-03-10 00:00:00	2021-06-10 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=179,MY)
113.23.255.185	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=185,MY)
113.23.27.179	24	KH	None	2021-09-05 00:00:00	2021-12-04 00:00:00	None	SERVER-WEBAPP Atlassian Confluence OGNL injection remote code execution attempt (1:58094:1) - Sourcefire (IP=179,VN)
113.23.32.0	20	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,VN)
113.232.156.157	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=157,CN)
113.235.116.209	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=209,CN)
113.246.131.79	24	GM	None	2020-12-27 00:00:00	2021-03-27 00:00:00	None	Generic URI Injection wget Attempt - FireEye CMS (IP=79,CN)
113.246.27.181	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=181,CN)
113.246.31.88	24	SW	None	2021-06-01 00:00:00	2021-08-30 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Web Attacks(IP=88,CN)
113.247.178.74	24	GM	None	2020-12-25 00:00:00	2021-03-25 00:00:00	None	Generic URI Injection wget Attempt - FireEye CMS (IP=74,CN)
113.254.216.178	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=178,HK)
113.31.113.238	24	BMP	None	2021-03-30 00:00:00	2021-06-28 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=238,CN)
113.31.117.253	24	GM	None	2021-03-29 00:00:00	2021-06-29 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=253,CN)
113.52.116.188	24	RW	None	2020-11-19 00:00:00	2021-02-19 00:00:00	None	Authentication Failed - 6hr Failed Logon (IP=188,MO)
113.52.132.0	22	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	HK TO-S-2020-0698 Malicious Email Activity
113.52.40.133	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=133,VN)
113.53.125.33	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=33,TH)
113.53.230.0	24	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	TH Hive Case 4187 TO-S-2021-0898 Malicious Web Application Activity
113.53.231.198	32	KF	None	2019-12-29 00:00:00	2021-01-19 00:00:00	None	Immediate Inbound Network Block - TT# 20C01272 (IP=198,US) | updated by FT Block was inactive. Reactivated on 20201019 with reason HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 21C00149 (IP=229,TH)
113.53.25.176	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	TH TO-S-2020-0303 Malicious Email Activity
113.53.6.0	24	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,TH)
113.53.82.0	24	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,TH)
113.59.151.110	24	GM	None	2020-11-01 00:00:00	2021-02-01 00:00:00	None	Generic URI Injection wget Attempt - FireEye CMS (IP=110,KR)
113.59.156.243	24	GM	None	2021-01-12 00:00:00	2021-04-12 00:00:00	None	Generic URI Injection wget Attempt - FireEye CMS (IP=243,KR)
113.61.197.23	32	srm	None	2021-01-29 00:00:00	2021-04-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=23,TW)
113.65.23.98	24	FT	None	2021-03-20 00:00:00	2021-06-18 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=98,CN)
113.73.75.31	32	srm	None	2021-04-20 00:00:00	2021-07-19 00:00:00	None	Firepower Suspicious Scan Activity (IP=31,CN)
113.73.75.31	24	EE	None	2021-04-20 00:00:00	2021-07-19 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=31,CN)
113.89.245.102	24	EE	None	2020-12-07 00:00:00	2021-03-07 00:00:00	None	FTPP_FTP_RESPONSE_LENGTH_OVERFLOW - SourceFire (IP=102,CN)
113.89.42.64	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=64,CN)
113.90.176.55	32	srm	None	2021-05-19 00:00:00	2021-08-17 00:00:00	None	Firepower Suspicious Scan Activity (IP=55,CN)
113.90.186.165	24	KH	None	2021-07-19 00:00:00	2021-10-17 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6 hr Web Attacks (IP=165,CN)
113.90.246.180	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	HIVE Case #Firepower Firepower (IP=180,CN)
113.91.160.177	32	wmp	None	2021-05-07 00:00:00	2021-08-07 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=177,CN)
114.108.214.123	32	TLM	None	2021-06-10 00:00:00	2021-12-10 00:00:00	None	HIVE CASE #5606 TO-S-2021-1338
114.109.179.60	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	TH TO-S-2021-0876 Hive Case 4166 Malware Activity
114.113.145.25	24	EE	None	2021-04-20 00:00:00	2021-07-19 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attack (IP=25,CN)
114.113.238.11	24	RR	None	2020-12-29 00:00:00	2021-03-29 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - SourceFire (IP=11,CN)
114.113.238.6	24	RR	None	2021-06-06 00:00:00	2021-09-04 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=6,CN)
114.113.238.7	24	RR	None	2021-06-06 00:00:00	2021-09-04 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=7,CN)
114.115.133.131	24	SW	None	2021-08-25 00:00:00	2021-11-23 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - WebAttacks (IP=131, CN)
114.115.152.170	24	AR	None	2021-07-11 00:00:00	2021-10-09 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6 Hr Web Attack (IP=170,CN)
114.115.169.158	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	HIVE Case #Firepower Firepower (IP=158,CN)
114.115.208.175	24	AR	None	2021-09-10 00:00:00	2021-12-09 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=175,CN)
114.115.216.212	24	SW	None	2021-08-10 00:00:00	2021-11-08 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - WebAttacks (IP=212, CN)
114.115.251.26	24	DT	None	2021-03-08 00:00:00	2021-06-08 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=26,CN)
114.116.196.226	24	BMP	None	2021-06-08 00:00:00	2021-09-07 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=226,CN) | updated by BMP Block expiration extended with reason HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=226,CN)
114.116.198.143	24	RR	None	2021-06-05 00:00:00	2021-09-03 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=143,CN)
114.116.214.135	24	FT	None	2020-10-18 00:00:00	2021-01-18 00:00:00	None	SERVER-WEBAPP vBulletin template rendering arbitrary PHP code execution attempt - Web Attacks (IP=135,CN)
114.116.225.199	24	CR	None	2021-05-18 00:00:00	2021-08-16 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability - Web Attacks (IP=199,CN)
114.116.233.139	24	BB	None	2021-07-25 00:00:00	2021-10-23 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=139,CN)
114.116.250.76	24	WR	None	2021-06-26 00:00:00	2021-09-24 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=76,CN)
114.116.40.246	24	RR	None	2021-09-13 00:00:00	2021-12-12 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=246,CN)
114.116.72.153	24	UA	None	2021-08-15 00:00:00	2021-11-13 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr web attacks (IP=153,CN)
114.119.129.190	24	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=190,HK)
114.119.130.125	16	wmp	None	2021-06-09 00:00:00	2021-09-07 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=125,SG)
114.119.131.203	24	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=203,HK)
114.119.145.126	32	wmp	None	2021-05-27 00:00:00	2021-08-27 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=126,SG)
114.127.245.7	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	ID TO-S-2021-0989 Hive Case # 4493 Unknown Malicious Activity
114.134.184.0	21	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	KH Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
114.134.184.10	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	KH TO-S-2020-0331 Malicious Web Application Activity
114.134.88.0	21	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	BD TO-S-2020-0298 Malicious Email Activity
114.142.158.62	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	HK TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
114.142.168.0	21	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	ID TO-S-2021-1007 Malware Activity
114.142.204.253	24	RR	None	2021-06-05 00:00:00	2021-09-03 00:00:00	None	SERVER-OTHER Cisco IOS invalid IKE fragment length memory corruption or exhaustion attempt - SourceFire (IP=253,GU)
114.143.112.0	20	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	IN TO-S-2021-0949 Hive Case 4363 Malware Activity
114.143.139.174	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=174,IN)
114.143.139.174	24	BMP	None	2021-05-10 00:00:00	2021-08-08 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=174,IN)
114.143.26.50	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=50,IN)
114.170.81.200	32	wmp	None	2021-04-15 00:00:00	2021-07-15 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=200,JP)
114.199.26.87	24	KD	None	2021-06-03 00:00:00	2021-09-03 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (1:42857:3)- Source Fire (IP=87,KR)
114.224.131.197	24	KH	None	2021-07-27 00:00:00	2021-10-25 00:00:00	None	Generic URI Injection wget Attempt - FE IPS (IP=197,CN)
114.226.130.130	24	KH	None	2021-08-17 00:00:00	2021-11-15 00:00:00	None	Generic URI Injection wget Attempt
114.226.58.139	24	GM	None	2020-12-25 00:00:00	2021-03-25 00:00:00	None	Generic URI Injection wget Attempt - Web Attacks (IP=139,CN)
114.226.62.140	32	srm	None	2021-04-22 00:00:00	2021-07-21 00:00:00	None	Firepower Suspicious Scan Activity (IP=140,CN)
114.228.242.109	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=109,CN)
114.236.65.180	24	RR	None	2021-01-07 00:00:00	2021-04-07 00:00:00	None	Generic URI Injection wget Attempt - IPS Events (IP=180,AU)
114.24.77.65	24	EE	None	2020-12-23 00:00:00	2021-03-23 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt - SourceFire (IP=65,TW)
114.246.34.33	24	SW	None	2021-06-09 00:00:00	2021-09-07 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks(IP=33, CN)
114.247.39.56	24	BMP	None	2021-05-26 00:00:00	2021-08-24 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=56,CN)
114.250.91.107	24	RT	None	2021-07-21 00:00:00	2021-10-19 00:00:00	None	SSH User Authentication Brute Force Attempt - 6HR Failed Logon (IP=107,CN)
114.251.180.162	24	RT	None	2021-09-03 00:00:00	2021-12-02 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt (1:51395:1) - SOURCEFIRE REPORT (IP=162,CN)
114.251.211.16	24	DT	None	2021-03-22 00:00:00	2021-06-20 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=16,CN)
114.255.222.98	24	WR	None	2021-06-23 00:00:00	2021-09-21 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (1:42857:3) - Sourcefire Report (IP=98,CN)
114.255.249.181	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=181,CN)
114.30.72.0	21	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	IN TO-S-2020-0298 Malicious Email Activity
114.31.156.71	24	RR	None	2021-05-23 00:00:00	2021-08-21 00:00:00	None	SERVER-WEBAPP Cisco RV Series Routers information disclosure attempt- SourceFire (IP=71,IN)
114.31.159.13	24	RW	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	Nuclei Vulnerability Scanner - Fireeye IPS (IP=13,ID)
114.31.5.46	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	BD TO-S-2020-0331 Malicious Web Application Activity
114.31.50.130	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	KR TO-S-2020-0298 Malicious Email Activity
114.32.176.137	24	AR	None	2021-09-11 00:00:00	2021-12-10 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6Hr Failed Logons (IP=137,TW)
114.32.202.93	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=93,TW)
114.32.52.215	24	RB	None	2021-03-29 00:00:00	2021-06-27 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr web attacks (IP=215,TW)
114.32.67.185	24	WR	None	2021-06-17 00:00:00	2021-09-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=185,TW)
114.33.116.171	24	SW	None	2021-06-17 00:00:00	2021-09-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (1:42857:3) - Source Fire (IP=171,TW)
114.34.90.190	24	RB	None	2020-10-30 00:00:00	2021-01-28 00:00:00	None	INDICATORSCAN SSH brute force login attempt Sourcefire (IP=190,TW)
114.35.127.89	24	DT	None	2021-06-18 00:00:00	2021-09-16 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (1:42857:3) - Source Fire (IP=89,TW)
114.35.127.89	24	DT	None	2021-06-18 00:00:00	2021-09-16 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=89,TW)
114.35.179.55	24	RB	None	2020-11-02 00:00:00	2021-01-31 00:00:00	None	OS-OTHER Bash CGI environment variable injection attempt - Sourcefire (IP=55,TW)
114.35.223.18	24	RR	None	2020-11-03 00:00:00	2021-02-01 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - SourceFire (IP=18,TW)
114.35.92.134	24	DT	None	2021-06-21 00:00:00	2021-09-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (1:42857:3) - Source Fire (IP=134,TW)
114.36.208.19	24	KD	None	2021-06-04 00:00:00	2021-09-03 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt (1:19559:13)-Source Fire (IP=19,TW)
114.38.14.174	24	RR	None	2021-05-23 00:00:00	2021-08-21 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - Web Attacks (IP=174,CN)
114.38.149.152	24	JKC	None	2020-04-13 00:00:00	2021-04-13 00:00:00	None	CTR-20-0628 MALWARE CAMPAIGN HIVE CASE #2510 (IP=152, TW)
114.38.240.175	32	RW	None	2021-04-02 00:00:00	2021-07-02 00:00:00	None	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - TT# 21C00919 (IP=175,US)
114.39.104.107	24	WR	None	2021-08-18 00:00:00	2021-11-16 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - 6hr Web Attacks (IP=107,TW)
114.42.1.156	24	KD	None	2021-06-03 00:00:00	2021-09-03 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (1:42857:3)- Source Fire (IP=156,TW)
114.5.108.0	22	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	ID Hive Case 4187 TO-S-2021-0898 Malware Activity
114.5.209.210	24	KD	None	2021-08-24 00:00:00	2021-11-22 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6hr Failed Logons (IP=210,ID)
114.5.212.0	22	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,ID)
114.5.98.54	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	ID TO-S-2020-0303 Malicious Email Activity
114.55.100.17	32	srm	None	2021-03-30 00:00:00	2021-06-30 00:00:00	None	Firepower Suspicious Scan Activity (IP=17,CN)
114.55.114.117	24	RW	None	2021-03-25 00:00:00	2021-06-25 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=117,CN)
114.55.126.6	32	srm	None	2021-03-30 00:00:00	2021-06-30 00:00:00	None	Firepower Suspicious Scan Activity (IP=6,CN)
114.55.142.109	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	HIVE Case #Firepower Firepower (IP=109,CN)
114.55.164.60	32	srm	None	2021-03-30 00:00:00	2021-06-30 00:00:00	None	Firepower Suspicious Scan Activity (IP=60,CN)
114.55.168.61	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=61,CN)
114.55.209.25	32	srm	None	2021-04-07 00:00:00	2021-07-07 00:00:00	None	Firepower Suspicious Scan Activity (IP=25,CN)
114.55.210.28	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=28,CN)
114.55.252.37	24	GM	None	2021-03-29 00:00:00	2021-06-29 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=37,CN)
114.55.254.6	24	FT	None	2021-04-06 00:00:00	2021-07-05 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=6,CN)
114.6.60.0	22	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	ID Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
114.67.113.143	24	GM	None	2021-03-29 00:00:00	2021-06-29 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=143,CN)
114.67.125.228	24	BMP	None	2021-05-11 00:00:00	2021-08-09 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=228,CN)
114.67.125.228	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=228,CN)
114.67.22.128	24	RR	None	2021-05-19 00:00:00	2021-08-17 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - SourceFire (IP=128,CN)
114.67.22.128	24	RR	None	2021-05-19 00:00:00	2021-08-17 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - SourceFire (IP=128,CN) SERVER-WEBAPP PHPUnit PHP remote code execution attempt - SourceFire (IP=128,CN)
114.67.22.144	24	DT	None	2021-03-25 00:00:00	2021-06-23 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=144,CN)
114.69.224.0	19	TLM	None	2021-06-14 00:00:00	2021-12-14 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=0,IN)
114.69.227.26	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	IN TO-S-2020-0303 Malicious Email Activity
114.69.233.0	24	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	IN Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
114.69.32.65	32	srm	None	2021-01-29 00:00:00	2021-04-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=65,JP)
114.7.131.90	24	BMP	None	2021-05-27 00:00:00	2021-08-25 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - 6hr Web Attacks (IP=90,ID)
114.7.163.86	24	KD	None	2021-06-02 00:00:00	2021-09-03 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - Web Attacks (IP=86,ID)
114.79.145.0	24	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,IN)
114.79.151.0	24	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	IN Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
114.79.160.0	24	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	IN TO-S-2021-0941 Hive Case 4361 Malware Activity
114.80.232.12	24	GM	None	2021-03-11 00:00:00	2021-06-11 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=12,CN)
114.95.236.173	24	ZH	None	2021-08-28 00:00:00	2021-11-26 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) TT# 21C01626 (IP=173,CN)
114.96.16.180	24	RB	None	2021-05-09 00:00:00	2021-08-07 00:00:00	None	FTP Login Failed - 6hr failed logons (IP=180,CN)
114.96.17.184	24	RB	None	2021-05-09 00:00:00	2021-08-07 00:00:00	None	FTP Login Failed - 6hr failed logons (IP=184,CN)
114.96.18.196	24	RB	None	2021-05-09 00:00:00	2021-08-07 00:00:00	None	FTP Login Failed - 6hr failed logons (IP=196,CN)
114.96.19.130	24	RB	None	2021-05-09 00:00:00	2021-08-07 00:00:00	None	FTP Login Failed - 6hr failed logons (IP=130,CN)
114.96.66.24	24	RB	None	2021-04-07 00:00:00	2021-07-06 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability - 6hr web attacks (IP=24,CN)
115.112.49.62	24	GM	None	2020-10-25 00:00:00	2021-01-25 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=62,IN)
115.124.127.0	24	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	IN TO-S-2020-0838 Malicious Email Activity
115.124.66.13	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	ID TO-S-2020-0303 Malicious Email Activity
115.124.72.194	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	ID TO-S-2020-0331 Malicious Web Application Activity
115.124.76.130	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	ID TO-S-2020-0298 Malicious Email Activity
115.124.86.0	23	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	ID Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
115.124.86.154	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	ID TO-S-2020-0303 Malicious Email Activity
115.133.18.31	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	MY TO-S-2020-0298 Malicious Email Activity
115.133.220.155	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	MY TO-S-2020-0331 Malicious Web Application Activity
115.133.23.73	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	MY Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
115.134.116.18	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	MY TO-S-2020-0298 Malicious Email Activity
115.134.36.89	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	MY Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
115.135.107.151	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	MY Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
115.135.7.118	24	EE	None	2021-04-12 00:00:00	2021-07-11 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt (1:19559:13) - Sourcefire (IP=118,MY)
115.164.113.169	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=169,MY)
115.165.216.112	32	srm	None	2021-01-29 00:00:00	2021-04-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=112,TW)
115.165.224.0	21	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	TW Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
115.166.140.0	22	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	IN TO-S-2020-0331 Malicious Web Application Activity
115.167.67.213	24	KH	None	2021-08-06 00:00:00	2021-11-04 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt (1:19559:13) - Sourcefire (IP=213,PK)
115.178.24.0	22	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	KH TO-S-2020-0331 Malicious Web Application Activity
115.178.48.0	21	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	ID TO-S-2020-0331 Malicious Web Application Activity
115.178.96.0	21	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	IN TO-S-2020-0303 Malicious Email Activity
115.179.102.19	24	RW	None	2021-04-21 00:00:00	2021-07-21 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Sourcefire (IP=19,JP)
115.186.138.47	24	BMP	None	2021-02-03 00:00:00	2021-05-03 00:00:00	None	FTP Login Failed - 6hr Failed Logons (IP=47,PK)
115.186.175.47	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	HIVE Case #Firepower Firepower (IP=47,PK)
115.186.183.188	24	GM	None	2021-04-23 00:00:00	2021-07-23 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - Web Attacks (IP=188,US)
115.192.151.181	24	RB	None	2021-03-29 00:00:00	2021-06-27 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr web attacks (IP=181,CN)
115.193.84.226	24	BMP	None	2021-03-10 00:00:00	2021-06-10 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=226,CN)
115.194.117.33	24	EE	None	2021-03-27 00:00:00	2021-06-25 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=33,CN)
115.194.118.203	32	srm	None	2021-03-30 00:00:00	2021-06-30 00:00:00	None	Firepower Suspicious Scan Activity (IP=203,CN)
115.197.242.119	24	EE	None	2021-03-22 00:00:00	2021-06-20 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attack (IP=119,CN)
115.204.112.35	24	DT	None	2021-06-21 00:00:00	2021-09-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=35,CN)
115.217.242.205	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=205,CN)
115.217.243.49	24	RW	None	2021-03-06 00:00:00	2021-06-06 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=49,CN)
115.220.10.189	32	FT	None	2020-10-09 00:00:00	2021-01-09 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability
115.220.10.189	32	FT	None	2020-10-09 00:00:00	2021-01-09 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability
115.220.10.189	32	FT	None	2020-10-09 00:00:00	2021-01-09 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability
115.23.251.222	24	BMP	None	2021-01-19 00:00:00	2021-04-19 00:00:00	None	FTP Login Failed - 6hr Failed Logons (IP=222,KR)
115.236.92.218	24	GM	None	2021-03-29 00:00:00	2021-06-29 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=218,CN)
115.242.206.74	24	BMP	None	2021-01-08 00:00:00	2021-04-08 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6hr Failed Logons (IP=74,IN)
115.242.219.202	32	TLM	None	2021-06-17 00:00:00	2021-12-17 00:00:00	None	HIVE Case #5644 TO-S-2021-1352 (IP=202,IN)
115.254.39.21	32	dbc	None	2020-01-08 00:00:00	2021-01-08 00:00:00	None	IN TO-S-2020-0236 Malicious Email Activity
115.37.62.194	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	JP TO-S-2020-0331 Malicious Web Application Activity
115.42.47.36	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=36,IN)
115.46.151.206	32	srm	None	2021-05-04 00:00:00	2021-08-02 00:00:00	None	Firepower Suspicious Scan Activity (IP=206,CN)
115.48.215.121	24	FT	None	2020-10-19 00:00:00	2021-01-19 00:00:00	None	SERVER-WEBAPP Wordpress File Manager plugin elFinder remote code execution attempt (1:55778:1) - SourceFire (IP=121,CN)
115.48.5.221	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=221,CN)
115.49.212.72	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=72,CN)
115.49.46.97	24	GM	None	2020-10-31 00:00:00	2021-01-31 00:00:00	None	Generic URI Injection wget Attempt - FireEye CMS (IP=97,CN)
115.49.63.27	24	RR	None	2021-01-07 00:00:00	2021-04-07 00:00:00	None	Generic URI Injection wget Attempt - IPS Events (IP=27,CN)
115.50.1.208	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=208,CN)
115.50.220.126	24	GM	None	2020-11-29 00:00:00	2021-03-01 00:00:00	None	Generic URI Injection wget Attempt - FireEye CMS (IP=126,CN)
115.50.229.220	32	srm	None	2021-05-04 00:00:00	2021-08-02 00:00:00	None	Firepower Suspicious Scan Activity (IP=220,CN)
115.50.237.219	32	srm	None	2021-05-14 00:00:00	2021-08-12 00:00:00	None	Firepower Suspicious Scan Activity (IP=219,CN)
115.50.66.202	24	GM	None	2020-11-22 00:00:00	2021-02-22 00:00:00	None	Generic URI Injection wget Attempt - FireEye (IP=202,CN)
115.50.68.231	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=231,CN)
115.51.124.1	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=1,CN)
115.51.127.212	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=212,CN)
115.51.4.99	24	WR	None	2021-05-19 00:00:00	2021-08-17 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - 6hr web attacks (IP=99,CN)
115.52.245.47	32	srm	None	2021-04-27 00:00:00	2021-07-26 00:00:00	None	Firepower Suspicious Scan Activity (IP=47,CN)
115.54.230.138	32	wmp	None	2021-04-29 00:00:00	2021-07-29 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=138,CN)
115.54.242.11	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=11,CN)
115.54.253.208	32	wmp	None	2021-06-02 00:00:00	2021-09-02 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=208,CN)
115.55.146.54	24	GM	None	2021-02-04 00:00:00	2021-05-04 00:00:00	None	Generic URI Injection wget Attempt - FireEye CMS (IP=54,CN)
115.55.153.136	32	srm	None	2021-04-30 00:00:00	2021-07-30 00:00:00	None	Firepower Suspicious Scan Activity (IP=136,CN)
115.55.185.203	24	KH	None	2021-08-17 00:00:00	2021-11-15 00:00:00	None	Generic URI Injection wget Attempt
115.55.29.236	32	srm	None	2021-05-14 00:00:00	2021-08-12 00:00:00	None	Firepower Suspicious Scan Activity (IP=236,CN)
115.55.4.49	32	srm	None	2021-03-30 00:00:00	2021-06-30 00:00:00	None	Firepower Suspicious Scan Activity (IP=49,CN)
115.55.8.7	32	srm	None	2021-04-30 00:00:00	2021-07-30 00:00:00	None	Firepower Suspicious Scan Activity (IP=7,CN)
115.56.115.248	24	RB	None	2021-04-08 00:00:00	2021-09-11 00:00:00	None	SSH2 Failed Login Attempt - 6hr failed logons (IP=248,CN) | updated by RB Block expiration extended with reason SSH2 Failed Login Attempt - 6hr failed logons (IP=248,CN) SSH2 Failed Login Attempt - 6hr failed logons (IP=248,CN)
115.56.115.248	24	RB	None	2021-06-13 00:00:00	2021-09-11 00:00:00	None	SSH2 Failed Login Attempt - 6hr failed logons (IP=248,CN) | updated by RB Block expiration extended with reason SSH2 Failed Login Attempt - 6hr failed logons (IP=248,CN) SSH2 Failed Login Attempt - 6hr failed logons (IP=248,CN)
115.56.133.96	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=96,CN)
115.56.144.96	32	wmp	None	2021-05-11 00:00:00	2021-08-11 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=96,CN)
115.56.151.68	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=68,CN)
115.56.152.230	24	GM	None	2020-12-25 00:00:00	2021-03-25 00:00:00	None	Generic URI Injection wget Attempt - Web Attacks (IP=230,CN)
115.56.177.61	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=61,CN)
115.56.185.32	32	wmp	None	2021-04-19 00:00:00	2021-07-19 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=32,CN)
115.56.26.83	24	GM	None	2020-11-05 00:00:00	2021-02-05 00:00:00	None	Generic URI Injection wget Attempt - FireEye CMS (IP=83,CN)
115.56.99.195	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	HIVE Case #Firepower Firepower (IP=195,CN)
115.59.15.132	24	GM	None	2020-12-25 00:00:00	2021-03-25 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Web Attacks (IP=132,CN)
115.59.165.63	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	HIVE Case #Firepower Firepower (IP=63,CN)
115.59.234.204	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=204,CN)
115.59.54.165	32	wmp	None	2021-04-30 00:00:00	2021-07-30 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=165,CN)
115.60.198.5	24	KH	None	2021-08-27 00:00:00	2021-11-25 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Web attacks (IP=5,CN)
115.61.106.12	32	srm	None	2021-04-28 00:00:00	2021-07-27 00:00:00	None	Firepower Suspicious Scan Activity (IP=12,CN)
115.61.113.86	32	srm	None	2021-04-27 00:00:00	2021-07-26 00:00:00	None	Firepower Suspicious Scan Activity (IP=86,CN)
115.61.185.122	32	srm	None	2021-04-28 00:00:00	2021-07-27 00:00:00	None	Firepower Suspicious Scan Activity (IP=122,CN)
115.63.165.145	24	GM	None	2020-12-25 00:00:00	2021-03-25 00:00:00	None	Generic URI Injection wget Attempt - FireEye CMS (IP=145,CN)
115.66.180.80	24	RR	None	2021-01-07 00:00:00	2021-04-07 00:00:00	None	Suspicious Telerik UI Request - IPS Events (IP=80,AU)
115.68.187.140	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	KR Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
115.68.59.90	24	BMP	None	2021-06-01 00:00:00	2021-08-30 00:00:00	None	BROWSER-PLUGINS Microsoft Windows Scripting Host Shell ActiveX function call access (1:8068:17) - SourceFire (IP=90,KR)
115.73.216.65	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	VN TO-S-2020-0331 Malicious Web Application Activity
115.73.248.0	21	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	VN Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
115.73.3.105	24	SW	None	2021-07-24 00:00:00	2021-10-22 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt (1:19559:13) - SourceFire (IP=105,VN)
115.74.104.0	21	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	VN Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
115.74.192.0	20	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	VN TO-S-2021-1007 Unknown Malicious Activity
115.75.240.0	21	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	VN TO-S-2020-0298 Malicious Email Activity
115.75.64.0	20	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	VN TO-S-2020-0298 Malicious Email Activity
115.76.176.0	21	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	VN Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
115.77.112.0	21	jkc	None	2021-04-21 00:00:00	2021-10-21 00:00:00	None	Case # 5273 IOC_TO-S-2021-1233 Malicious callback IP
115.77.119.17	24	EE	None	2021-04-07 00:00:00	2021-07-06 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt (1:19559:13) - Sourcefire (IP=17,VN)
115.77.48.0	21	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5629 TO-S-2021-1303 (IP=0,VN)
115.77.56.0	21	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	VN Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
115.78.0.0	20	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	VN TO-S-2021-0876 Hive Case 4166 Malware Activity
115.78.224.0	20	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5629 TO-S-2021-1303 (IP=0,VN)
115.79.128.0	20	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	VN TO-S-2020-0298 Malicious Email Activity
115.79.192.0	21	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,VN)
115.79.192.0	20	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	VN Hive Case 4237 TO-S-2021-0910 Malware Activity
115.79.233.203	32	wmp	None	2021-01-27 00:00:00	2021-04-28 00:00:00	None	Firepower Suspicious Scan Activity (IP=203,VN) | updated by srm Block expiration extended with reason Firepower Suspicious Scan Activity (IP=203,VN)
115.79.32.0	20	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,VN)
115.79.4.151	32	jkc	None	2021-04-21 00:00:00	2021-10-21 00:00:00	None	Case # 5273 IOC_TO-S-2021-1233 Malicious callback IP
115.79.64.0	20	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	VN TO-S-2021-0949 Hive Case 4363 Malware Activity
115.79.91.80	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=80,VN)
115.84.114.54	24	RB	None	2021-03-02 00:00:00	2021-05-31 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - Sourcefire (IP=54,LA)
115.84.176.0	22	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,VN)
115.84.224.0	19	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,PH)
115.85.16.198	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	PH TO-S-2020-0298 Malicious Email Activity
115.86.216.16	24	WR	None	2021-06-17 00:00:00	2021-09-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=16,KR)
115.87.194.52	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	TH TO-S-2020-0331 Malicious Web Application Activity
115.87.244.81	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	TH TO-S-2020-0298 Malicious Email Activity
115.88.113.121	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=121,KR)
115.88.91.90	24	KD	None	2021-06-04 00:00:00	2021-09-03 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (1:42857:3)-Source Fire (IP=90,KR)
115.93.207.110	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	CN TO-S-2020-0303 Malicious Email Activity
115.96.119.241	32	srm	None	2021-04-27 00:00:00	2021-07-26 00:00:00	None	Firepower Suspicious Scan Activity (IP=241,IN)
115.96.132.196	32	srm	None	2021-04-28 00:00:00	2021-07-27 00:00:00	None	Firepower Suspicious Scan Activity (IP=196,IN)
115.96.144.91	24	FT	None	2020-10-19 00:00:00	2021-01-19 00:00:00	None	APP-DETECT SSH server detected on non-standard port (1:13586:5) - SourceFire (IP=91,IN)
115.96.253.148	24	EE	None	2021-01-21 00:00:00	2021-04-22 00:00:00	None	SERVER-WEBAPP Cisco ASA directory traversal attempt - 6 HR Web Attack (IP=148,IN)
115.96.77.44	24	RW	None	2021-02-27 00:00:00	2021-06-16 00:00:00	None	POLICY-OTHER SAP NetWeaver AS LM Configuration Wizard access detected - Sourcefire (IP=44,IN) | updated by RB Block expiration extended with reason SERVER-WEBAPP Fortigate SSL VPN cross site scripting attempt - 6hr web attacks (IP=44,IN)
115.99.142.72	24	FT	None	2020-10-05 00:00:00	2021-01-05 00:00:00	None	SERVER-WEBAPP vBulletin pre-authenticated command injection attempt - SourceFire (IP=137,IN)
115.99.230.250	24	BMP	None	2021-01-21 00:00:00	2021-04-21 00:00:00	None	Nuclei Vulnerability Scanner - FireEye CMS (IP=250,IN)
115.99.243.67	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	IN TO-S-2020-0535 Malicious Email Activity
115.99.247.195	24	JKC	None	2020-04-13 00:00:00	2021-04-13 00:00:00	None	CTR-20-0629 MALWARE CAMPAIGN HIVE CASE #2512 (IP=195, IN)
115.99.247.195	32	dbc	None	2020-06-10 00:00:00	2021-06-10 00:00:00	None	IN TO-S-2020-0601 Malware Activity
116.0.20.55	32	kmw	None	2020-01-02 00:00:00	2021-01-02 00:00:00	None	AU TO-S-2020-0228 Malicious Email Activity
116.0.21.14	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=14,AU)
116.101.40.0	21	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	VN Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
116.103.96.206	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	VN TO-S-2020-0331 Malicious Web Application Activity
116.104.192.0	21	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	VN Hive Case 4187 TO-S-2021-0898 Malware Activity
116.105.157.31	24	RR	None	2021-02-26 00:00:00	2021-05-27 00:00:00	None	FTP Login Failed - Failed Logons (IP=31,VN)
116.105.174.111	24	CR	None	2021-04-27 00:00:00	2021-07-26 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Web Attacks (IP=111,VN)
116.106.125.249	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	VN TO-S-2020-0331 Malicious Web Application Activity
116.106.152.0	21	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	VN Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
116.106.88.0	21	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	VN Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
116.108.8.0	21	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	VN Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
116.110.122.239	24	ZH	None	2021-08-29 00:00:00	2021-11-27 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6hr Failed logons (IP=239,VN)
116.110.13.254	32	BMP	None	2021-06-09 00:00:00	2021-09-07 00:00:00	None	Attempted Access - Inbound Brute Force - TT# 21C01277 (IP=254,VN)
116.110.148.161	24	BMP	None	2021-09-09 00:00:00	2021-12-08 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt (1:19559:13) - SourceFire (IP=161, VN)
116.110.201.222	24	RB	None	2021-01-18 00:00:00	2021-04-18 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - Sourcefire (IP=222,VN)
116.110.215.94	24	RR	None	2021-07-27 00:00:00	2021-10-25 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - SourceFire (IP=94,VN)
116.110.248.0	21	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	VN Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
116.110.41.19	24	RB	None	2021-09-01 00:00:00	2021-11-30 00:00:00	None	FILE-OTHER ExifTool DjVu metadata command injection injection attempt - Sourcefire (IP=19,VN)
116.110.68.228	32	RR	None	2021-05-11 00:00:00	2021-08-09 00:00:00	None	Attempted Access - Inbound Brute Force - TT# 21C01137 (IP=228,VN)
116.110.9.248	32	EE	None	2021-04-15 00:00:00	2021-07-14 00:00:00	None	Attempted Access - Inbound Brute Force - TT# 21C01015 (IP=74,VN)
116.12.200.194	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=194,SG)
116.12.55.127	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	SG TO-S-2020-0331 Malicious Email Activity
116.12.55.214	32	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	SG TO-S-2020-0315 Malicious Web Application Activity
116.193.130.9	24	BB	None	2021-07-26 00:00:00	2021-10-24 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - Failed Logon (IP=9,IN)
116.193.216.0	21	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,BD)
116.196.117.213	24	KH	None	2021-07-26 00:00:00	2021-10-24 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=213,CN)
116.196.124.172	24	RR	None	2020-10-22 00:00:00	2021-01-20 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=172,CN)
116.196.88.88	24	DT	None	2021-02-10 00:00:00	2021-05-10 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=88,CN)
116.198.207.33	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=33,CN)
116.2.35.140	32	wmp	None	2021-04-29 00:00:00	2021-07-29 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=140,CN)
116.202.171.151	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	DE Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
116.202.196.141	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	DE TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
116.202.234.171	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	HIVE Case #3941 TO-S-2020-0821 COLS-NA-TIP-20-0298 (IP=171,DE)
116.202.234.183	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	DE TO-S-2021-0876 Hive Case 4166 Malware Activity
116.202.82.235	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=235,DE)
116.203.19.38	24	SW	None	2021-09-13 00:00:00	2021-12-12 00:00:00	None	ColdFusion Error Reporting TT# 21C01837 (IP=38,DE)
116.203.244.229	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	DE TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
116.203.32.252	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	DE TO-S-2021-0876 Hive Case 4166 Malware Activity
116.203.50.115	32	kmw	None	2020-01-02 00:00:00	2021-01-02 00:00:00	None	DE TO-S-2020-0228 Malicious Email Activity
116.204.171.26	24	EE	None	2021-03-27 00:00:00	2021-06-25 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=26,CN)
116.204.181.48	24	RR	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=48,TH)
116.206.105.47	32	NAB	None	2021-03-08 00:00:00	2021-06-06 00:00:00	None	HIVE Case #5021 TO-S-2021-1116 COLS-NA-TIP-21-0047 (IP=47,SC)
116.206.196.0	23	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,ID)
116.206.212.0	22	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	ID TO-S-2020-0838 Malware Activity
116.206.213.0	24	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,ID)
116.206.8.0	24	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	ID TO-S-2021-0989 Hive Case # 4493 Malware Activity
116.206.92.115	24	BMP	None	2021-08-13 00:00:00	2021-11-11 00:00:00	None	SQL injection - 6hr Web Attacks (IP=115,CN)
116.207.70.52	32	srm	None	2021-05-17 00:00:00	2021-08-15 00:00:00	None	Firepower Suspicious Scan Activity (IP=52,CN)
116.212.128.0	19	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	KH Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
116.213.41.92	24	BMP	None	2021-03-25 00:00:00	2021-06-25 00:00:00	None	FE_Webshell_PHP_Generic_3.FEC2 - Hive case 5093 (IP=92,HK)
116.213.43.216	24	RB	None	2020-10-13 00:00:00	2021-01-11 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - Sourcefire (IP=216,HK)
116.227.169.82	24	EE	None	2021-04-02 00:00:00	2021-07-01 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=82,CN)
116.227.174.19	24	EE	None	2021-04-04 00:00:00	2021-07-03 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attack (IP=19,CN)
116.228.149.26	24	FT	None	2021-04-13 00:00:00	2021-07-12 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - 6hr web attacks (IP=26,CN)
116.228.233.91	24	RW	None	2021-03-06 00:00:00	2021-06-06 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=91,CN)
116.228.243.11	24	EE	None	2021-03-19 00:00:00	2021-06-17 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=11,CN)
116.228.243.2	24	RR	None	2021-05-14 00:00:00	2021-08-12 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=2,CN)
116.230.118.191	32	TLM	None	2021-06-14 00:00:00	2021-12-14 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=191,CN)
116.236.231.244	24	DT	None	2021-03-25 00:00:00	2021-06-23 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=244,CN) | updated by DT Block expiration extended with reason HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=244,CN) HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attack
116.236.231.244	24	GM	None	2021-03-09 00:00:00	2021-06-23 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=244,CN) | updated by DT Block expiration extended with reason HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=244,CN) HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attack
116.236.30.222	24	EE	None	2021-04-06 00:00:00	2021-07-05 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt (1:48837:6) - Sourcefire (IP=222,CN)
116.237.239.42	24	BMP	None	2020-12-04 00:00:00	2021-03-04 00:00:00	None	SSH2 Failed Login Attempt - 6hr Web Attacks (IP=239,CN)
116.24.83.27	24	GM	None	2020-10-25 00:00:00	2021-01-25 00:00:00	None	Generic URI Injection wget Attempt - FireEye CMS (IP=27,CN)
116.240.16.100	32	dbc	None	2020-05-22 00:00:00	2021-05-27 00:00:00	None	Unafilliated TO-S-2020-0559 Malicious Email Activity | updated by dbc Block expiration extended with reason Unafilliated TO-S-2020-0559.01 Malicious Email Activity
116.250.159.132	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	AU TO-S-2020-0298 Malicious Email Activity
116.251.204.0	22	NAB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HIVE Case #5136 TO-S-21-1197 TO-S-21-1197.01 (IP=0,HK)
116.30.5.144	24	KD	None	2021-06-03 00:00:00	2021-09-03 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (1:42857:3)- Source Fire (IP=144,CN)
116.45.216.223	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	KR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
116.48.233.234	24	EE	None	2021-04-20 00:00:00	2021-07-19 00:00:00	None	HIVE Case #6266 IOC_CVE-2021-22005 (IP=234,HK)
116.48.233.234	24	EE	None	2021-04-20 00:00:00	2021-07-19 00:00:00	None	HIVE Case #6266 IOC_CVE-2021-22005 (IP=234,HK)
116.48.233.234	24	EE	None	2021-04-20 00:00:00	2021-07-19 00:00:00	None	HIVE Case #6266 IOC_CVE-2021-22005 (IP=234,HK)
116.48.233.234	24	EE	None	2021-04-20 00:00:00	2021-07-19 00:00:00	None	HIVE Case #6266 IOC_CVE-2021-22005 (IP=234,HK)
116.48.233.234	24	EE	None	2021-04-20 00:00:00	2021-07-19 00:00:00	None	HIVE Case #6266 IOC_CVE-2021-22005 (IP=234,HK)
116.48.233.234	24	EE	None	2021-04-20 00:00:00	2021-07-19 00:00:00	None	HIVE Case #6266 IOC_CVE-2021-22005 (IP=234,HK)
116.49.90.145	24	RW	None	2021-09-27 00:00:00	2021-12-26 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - Web Attacks (IP=145,HK)
116.50.24.0	21	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	ID TO-S-2020-0303 Malicious Email Activity
116.50.85.155	32	dbc	None	2020-01-08 00:00:00	2021-01-08 00:00:00	None	IN TO-S-2020-0236 Malicious Email Activity
116.58.226.0	24	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	TH Hive Case 4237 TO-S-2021-0910 Malware Activity
116.59.25.201	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firep0wer Suspicious Scan Activity (IP=201,TW)
116.62.13.14	32	srm	None	2021-03-30 00:00:00	2021-06-30 00:00:00	None	Firepower Suspicious Scan Activity (IP=14,CN)
116.62.136.104	24	RB	None	2021-05-09 00:00:00	2021-08-07 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=104,CN)
116.62.140.161	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=161,CN)
116.62.15.54	32	wmp	None	2021-02-18 00:00:00	2021-05-18 00:00:00	None	Firepower Suspicious Scan Activity (IP=54,CN)
116.62.164.244	24	RR	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=244,CN)
116.62.171.217	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	HIVE Case #Firepower Firepower (IP=217,CN)
116.62.21.254	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=254,CN)
116.62.211.234	32	srm	None	2021-03-30 00:00:00	2021-06-30 00:00:00	None	Firepower Suspicious Scan Activity (IP=234,CN)
116.62.218.131	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=131,CN)
116.62.222.62	32	srm	None	2021-04-07 00:00:00	2021-07-07 00:00:00	None	Firepower Suspicious Scan Activity (IP=62,CN)
116.62.246.132	24	RB	None	2021-03-29 00:00:00	2021-06-27 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=132,CN)
116.62.54.83	24	RT	None	2021-07-16 00:00:00	2021-10-14 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - Sourcefire Report (IP=83,CN)
116.62.56.56	24	RR	None	2021-06-07 00:00:00	2021-09-05 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=56,CN)
116.62.56.56	32	wmp	None	2021-05-04 00:00:00	2021-08-04 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=56,CN)
116.62.70.164	24	EE	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attack (IP=164,CN)
116.63.141.184	32	DT	None	2021-08-31 00:00:00	2021-11-29 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 21C01684 (IP=184,CN)
116.63.142.72	24	BMP	None	2021-05-27 00:00:00	2021-08-25 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=72,CN)
116.63.144.6	32	srm	None	2021-03-30 00:00:00	2021-06-30 00:00:00	None	Firepower Suspicious Scan Activity (IP=6,CN)
116.63.158.39	24	RR	None	2021-06-07 00:00:00	2021-09-05 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=39,CN)
116.63.163.7	24	AR	None	2021-06-22 00:00:00	2021-09-20 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire Report (IP=7,CN)
116.63.164.61	24	DT	None	2021-03-21 00:00:00	2021-06-19 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=61,CN)
116.63.171.238	24	BMP	None	2021-05-14 00:00:00	2021-08-12 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - 6hr Web Attacks (IP=238,CN)
116.63.173.115	24	GM	None	2021-03-29 00:00:00	2021-06-29 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=115,CN)
116.63.175.31	24	RB	None	2021-05-17 00:00:00	2021-08-15 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - 6hr web attacks (IP=31,CN)
116.63.34.161	24	EE	None	2021-01-31 00:00:00	2021-04-30 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt (1:51395:1) - SourceFire (IP=161,CN)
116.63.55.211	24	DT	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr web attacks (IP=211,CN)
116.66.200.0	21	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	ID Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
116.68.110.187	32	srm	None	2021-04-27 00:00:00	2021-07-26 00:00:00	None	Firepower Suspicious Scan Activity (IP=187,IN)
116.68.111.109	24	SW	None	2021-06-01 00:00:00	2021-08-30 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Web Attacks(IP=109,IN)
116.68.111.115	32	srm	None	2021-04-28 00:00:00	2021-07-27 00:00:00	None	Firepower Suspicious Scan Activity (IP=115,IN)
116.68.85.103	32	RT	None	2021-07-09 00:00:00	2021-10-07 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6 HR Failed Logons (IP=103,IN)
116.68.85.103	24	RT	None	2021-07-09 00:00:00	2021-10-07 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt (1:19559:13) - Sourcefire Report (IP=103,IN)
116.68.96.118	32	srm	None	2021-04-22 00:00:00	2021-07-21 00:00:00	None	Firepower Suspicious Scan Activity (IP=118,IN)
116.68.96.20	32	wmp	None	2021-02-03 00:00:00	2021-05-03 00:00:00	None	Firepower Suspicious Scan Activity (IP=20,IN)
116.68.96.253	32	wmp	None	2021-04-27 00:00:00	2021-07-27 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=253,IN)
116.68.97.177	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=177,IN)
116.68.97.181	32	wmp	None	2021-02-03 00:00:00	2021-05-03 00:00:00	None	Firepower Suspicious Scan Activity (IP=181,IN)
116.68.97.204	32	srm	None	2021-03-30 00:00:00	2021-06-30 00:00:00	None	Firepower Suspicious Scan Activity (IP=204,IN)
116.68.97.228	32	srm	None	2021-03-30 00:00:00	2021-06-30 00:00:00	None	Firepower Suspicious Scan Activity (IP=228,IN)
116.68.97.251	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=251,IN)
116.68.98.126	32	wmp	None	2021-02-03 00:00:00	2021-05-03 00:00:00	None	Firepower Suspicious Scan Activity (IP=126,IN)
116.68.98.204	24	GM	None	2021-02-12 00:00:00	2021-05-12 00:00:00	None	Generic URI Injection wget Attempt - FireEyeCMS (IP=204,IN)
116.68.99.131	32	srm	None	2021-03-30 00:00:00	2021-06-30 00:00:00	None	Firepower Suspicious Scan Activity (IP=131,IN)
116.68.99.152	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=152,IN)
116.68.99.171	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=171,IN)
116.68.99.180	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=180,IN)
116.68.99.2	32	wmp	None	2021-02-03 00:00:00	2021-05-03 00:00:00	None	Firepower Suspicious Scan Activity (IP=2,IN)
116.68.99.211	32	srm	None	2021-04-26 00:00:00	2021-07-25 00:00:00	None	Firepower Suspicious Scan Activity (IP=211,IN)
116.68.99.237	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=237,IN)
116.72.202.44	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=44,IN)
116.72.82.83	32	dbc	None	2020-01-08 00:00:00	2021-01-08 00:00:00	None	IN TO-S-2020-0236 Malicious Reconnaissance Activity
116.73.208.0	21	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	IN Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
116.73.76.212	24	GM	None	2020-11-12 00:00:00	2021-02-12 00:00:00	None	FTP Login Failed - Failed Logons (IP=212,IN)
116.74.17.227	32	srm	None	2021-04-26 00:00:00	2021-07-25 00:00:00	None	Firepower Suspicious Scan Activity (IP=227,IN)
116.75.194.243	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=243,IN)
116.75.194.247	32	wmp	None	2021-04-27 00:00:00	2021-07-27 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=247,IN)
116.75.198.192	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=192,IN)
116.75.199.126	32	srm	None	2021-04-22 00:00:00	2021-07-21 00:00:00	None	Firepower Suspicious Scan Activity (IP=126,IN)
116.75.199.220	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=220,IN)
116.75.212.93	32	srm	None	2021-04-28 00:00:00	2021-07-27 00:00:00	None	Firepower Suspicious Scan Activity (IP=93,IN)
116.75.213.144	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=144,IN)
116.75.213.250	32	srm	None	2021-03-30 00:00:00	2021-06-30 00:00:00	None	Firepower Suspicious Scan Activity (IP=250,IN)
116.75.215.183	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=183,IN)
116.85.13.5	24	EE	None	2021-01-26 00:00:00	2021-04-27 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - 6 HR Web Attacks (IP=5,CN) | updated by RB Block expiration extended with reason SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Sourcefire (IP=5,TR)
116.85.44.231	24	GM	None	2021-01-29 00:00:00	2021-04-29 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Web Attacks (IP=231,CN)
116.85.70.114	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	HIVE Case #Firepower Firepower (IP=114,CN)
116.89.240.0	24	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,CN)
116.89.242.0	24	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	CN TO-S-2020-0838 Malicious Email Activity
116.89.249.217	24	FT	None	2020-10-25 00:00:00	2021-01-25 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr Web Attacks (IP=217,HK)
116.90.122.66	24	SW	None	2021-05-20 00:00:00	2021-08-19 00:00:00	None	FTP Login Failed - 6 Hour Failed Logons (IP=66,PK)
116.90.60.68	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	AU TO-S-2021-1007 Malicious Email Activity
116.92.219.202	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	HK TO-S-2020-0298 Malicious Email Activity
116.92.224.0	20	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	HK TO-S-2020-0298 Malicious Email Activity
116.96.73.136	32	jkc	None	2020-06-26 00:00:00	2021-06-26 00:00:00	None	Case # 3146 - IOC_ CTO 20-172 malicious callback IP (ip=136,VN)
116.97.130.245	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	US TO-S-2020-0303 Malicious Email Activity
116.97.29.89	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	VN TO-S-2020-0331 Malicious Web Application Activity
116.97.52.234	24	DT	None	2021-09-11 00:00:00	2021-12-10 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - Failed Logons (IP=234,VN)
116.97.64.0	21	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,VN)
116.98.160.0	19	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	VN TO-S-2020-0750 Malicious Email Activity
116.98.48.0	21	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	VN Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
117.1.174.39	24	RR	None	2021-05-28 00:00:00	2021-08-26 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - Failed Logons (IP=39,VN)
117.10.38.137	32	wmp	None	2021-05-28 00:00:00	2021-08-28 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=137,CN)
117.102.51.46	32	dbc	None	2020-06-10 00:00:00	2021-06-10 00:00:00	None	PK TO-S-2020-0601 Malware Activity
117.103.80.0	21	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	BD TO-S-2020-0331 Malicious Web Application Activity
117.11.195.177	32	srm	None	2021-04-07 00:00:00	2021-07-07 00:00:00	None	Firepower Suspicious Scan Activity (IP=177,CN)
117.11.234.35	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=35,CN)
117.111.1.52	32	wmp	None	2021-06-29 00:00:00	2021-09-29 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=52,KR)
117.111.1.82	24	RW	None	2021-03-24 00:00:00	2021-06-25 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6 hr failed logons (IP=82,KR) | updated by RW Block expiration extended with reason INDICATOR-SCAN SSH brute force login attempt - Sourcefire (IP=82,KR)
117.123.83.48	24	DT	None	2020-10-28 00:00:00	2021-01-26 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=48,US)
117.131.199.100	24	DT	None	2021-03-21 00:00:00	2021-06-19 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=100,CN)
117.131.199.100	32	RB	None	2021-09-03 00:00:00	2021-12-02 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - IR# 21C01748 (IP=100,CN)
117.139.169.7	24	RR	None	2021-03-30 00:00:00	2021-06-28 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt -SourceFire (IP=7,CN)
117.14.147.1	32	srm	None	2021-03-30 00:00:00	2021-06-30 00:00:00	None	Firepower Suspicious Scan Activity (IP=1,CN)
117.156.69.22	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=22,CN)
117.157.24.3	24	DT	None	2021-02-04 00:00:00	2021-05-04 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr Web Attacks (IP=3,CN)
117.157.80.47	24	DT	None	2021-03-23 00:00:00	2021-06-21 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=47,CN)
117.16.43.120	24	GM	None	2021-04-03 00:00:00	2021-07-03 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=120,KR)
117.172.119.2	24	DT	None	2020-12-29 00:00:00	2021-03-29 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt - Web Attacks (IP=2,CN)
117.18.108.132	24	GM	None	2021-03-11 00:00:00	2021-06-11 00:00:00	None	SERVER-WEBAPP Oracle WebLogic Server command injection attempt - Web Attacks (IP=132,HK)
117.18.108.84	24	RW	None	2021-03-13 00:00:00	2021-06-13 00:00:00	None	SERVER-WEBAPP Liferay arbitrary Java object deserialization attempt - Sourcefire (IP=84,HK)
117.18.114.47	32	dbc	None	2020-06-10 00:00:00	2021-06-10 00:00:00	None	Unaffiliated TO-S-2020-0601 Malicious Email Activity
117.18.228.0	22	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,MM)
117.18.4.0	24	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	HK TO-S-2020-0750 Malicious Email Activity
117.186.223.126	24	WR	None	2021-06-23 00:00:00	2021-09-21 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - Sourcefire Report (IP=126,CN)
117.187.32.193	24	ZH	None	2021-09-02 00:00:00	2021-12-01 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - IR# 21C01741 (IP=193,CN)
117.187.32.197	32	srm	None	2021-05-17 00:00:00	2021-08-15 00:00:00	None	Firepower Suspicious Scan Activity (IP=197,CN)
117.187.32.197	24	RW	None	2021-05-17 00:00:00	2021-08-15 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=197,CN)
117.189.6.48	24	RR	None	2021-03-06 00:00:00	2021-06-04 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=48,CN)
117.189.8.17	24	BMP	None	2021-03-07 00:00:00	2021-06-07 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=17,CN)
117.192.224.54	24	GM	None	2021-01-07 00:00:00	2021-04-07 00:00:00	None	Generic URI Injection wget Attempt - FireEye CMS (IP=54,IN)
117.192.225.112	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=112,IN)
117.192.225.112	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=112,IN)
117.192.225.112	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=112,IN)
117.192.225.24	32	srm	None	2021-05-17 00:00:00	2021-08-15 00:00:00	None	Firepower Suspicious Scan Activity (IP=24,IN)
117.192.226.219	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=219,IN)
117.192.227.173	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	HIVE Case #Firepower Firepower (IP=173,IN)
117.192.37.197	24	AR	None	2021-07-08 00:00:00	2021-10-06 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6 HR WEB ATTACK (IP=197,IN)
117.194.160.169	32	srm	None	2021-04-26 00:00:00	2021-07-25 00:00:00	None	Firepower Suspicious Scan Activity (IP=169,IN)
117.194.160.57	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=57,IN)
117.194.163.156	32	srm	None	2021-05-19 00:00:00	2021-08-17 00:00:00	None	Firepower Suspicious Scan Activity (IP=156,IN)
117.194.164.203	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=203,IN)
117.194.165.19	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=19,IN)
117.194.165.239	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=239,IN)
117.194.165.245	24	KH	None	2021-08-27 00:00:00	2021-11-25 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt (1:46624:2) - Sourcefire (IP=245,IN)
117.194.165.68	32	wmp	None	2021-04-22 00:00:00	2021-07-22 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=68,IN)
117.194.7.213	24	RR	None	2021-06-07 00:00:00	2021-09-05 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - Failed Logns (IP=213,IN)
117.196.51.87	24	GM	None	2020-11-21 00:00:00	2021-02-21 00:00:00	None	Generic URI Injection wget Attempt - FireEye CMS (IP=87,IN)
117.198.247.169	24	SW	None	2021-06-01 00:00:00	2021-08-30 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Web Attacks(IP=169,IN)
117.198.247.169	24	SW	None	2021-06-01 00:00:00	2021-08-30 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Web Attacks(IP=169,IN)
117.2.76.233	24	RR	None	2021-05-28 00:00:00	2021-08-26 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - Failed Logons (IP=233,VN)
117.201.193.102	32	srm	None	2021-05-14 00:00:00	2021-08-12 00:00:00	None	Firepower Suspicious Scan Activity (IP=102,IN)
117.201.198.174	32	srm	None	2021-05-11 00:00:00	2021-08-09 00:00:00	None	Firepower Suspicious Scan Activity (IP=174,IN)
117.201.203.245	32	srm	None	2021-04-26 00:00:00	2021-07-25 00:00:00	None	Firepower Suspicious Scan Activity (IP=245,IN)
117.201.203.77	32	wmp	None	2021-05-11 00:00:00	2021-08-11 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=77,IN)
117.201.206.229	24	RR	None	2021-05-12 00:00:00	2021-08-10 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Web Attacks (IP=229,IN)
117.202.66.27	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=27,IN)
117.202.67.237	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=237,IN)
117.202.68.205	24	GM	None	2021-01-26 00:00:00	2021-04-26 00:00:00	None	Generic URI Injection wget Attempt - FireEye CMS (IP=205,IN)
117.202.69.3	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=3,IN)
117.202.70.117	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=117,IN)
117.202.71.216	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=216,IN)
117.202.78.231	24	FT	None	2020-10-19 00:00:00	2021-01-19 00:00:00	None	APP-DETECT SSH server detected on non-standard port (1:13586:5) - SourceFire (IP=91,IN)
117.208.132.40	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=40,IN)
117.208.133.132	24	GM	None	2021-02-12 00:00:00	2021-05-12 00:00:00	None	Generic URI Injection wget Attempt - FireEyeCMS (IP=132,IN)
117.208.135.221	32	srm	None	2021-05-05 00:00:00	2021-08-03 00:00:00	None	Firepower Suspicious Scan Activity (IP=221,IN)
117.210.212.26	24	FT	None	2020-10-04 00:00:00	2021-01-04 00:00:00	None	HTTP SQL Injection Attempt - Web Attacks (IP=26,IN)
117.211.43.228	24	EE	None	2020-12-07 00:00:00	2021-03-07 00:00:00	None	INDICATOR-SCAN DNS - SourceFire (IP=228,IN)
117.213.124.42	24	BB	None	2021-07-26 00:00:00	2021-10-24 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt (1:19559:13) - SourceFire (IP=42,IN)
117.213.13.129	32	srm	None	2021-05-11 00:00:00	2021-08-09 00:00:00	None	Firepower Suspicious Scan Activity (IP=129,IN)
117.213.13.216	24	RW	None	2021-07-18 00:00:00	2021-10-16 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt (1:19559:13) - Sourcefire (IP=,IN)
117.213.15.199	32	wmp	None	2021-04-30 00:00:00	2021-07-30 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=199,IN)
117.213.15.44	32	srm	None	2021-04-30 00:00:00	2021-07-30 00:00:00	None	Firepower Suspicious Scan Activity (IP=44,IN)
117.213.182.239	24	ZH	None	2021-07-15 00:00:00	2021-10-13 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6hr Failed Logons (IP=239,IN)
117.213.40.186	32	srm	None	2021-05-17 00:00:00	2021-08-15 00:00:00	None	Firepower Suspicious Scan Activity (IP=186,IN)
117.213.40.215	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=215,IN)
117.213.41.206	24	GM	None	2021-03-03 00:00:00	2021-06-03 00:00:00	None	Generic URI Injection wget Attempt - FireEye CMS (IP=206,IN)
117.213.42.6	32	srm	None	2021-05-05 00:00:00	2021-08-03 00:00:00	None	Firepower Suspicious Scan Activity (IP=6,IN)
117.213.43.191	32	srm	None	2021-01-29 00:00:00	2021-04-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=191,IN)
117.213.44.224	32	wmp	None	2021-04-22 00:00:00	2021-07-22 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=224,IN)
117.213.45.124	32	srm	None	2021-04-23 00:00:00	2021-07-22 00:00:00	None	Firepower Suspicious Scan Activity (IP=124,IN)
117.213.45.159	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=159,IN)
117.213.45.207	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=207,IN)
117.213.45.250	32	srm	None	2021-01-29 00:00:00	2021-04-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=250,IN)
117.213.47.19	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=19,IN)
117.215.209.151	32	wmp	None	2021-05-14 00:00:00	2021-08-14 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=151,IN)
117.215.251.162	32	srm	None	2021-04-22 00:00:00	2021-07-21 00:00:00	None	Firepower Suspicious Scan Activity (IP=162,IN)
117.215.254.79	32	srm	None	2021-05-05 00:00:00	2021-08-03 00:00:00	None	Firepower Suspicious Scan Activity (IP=79,IN)
117.216.111.187	24	RR	None	2021-05-22 00:00:00	2021-08-20 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - SourceFire (IP=187,IN)
117.221.109.20	24	BMP	None	2021-03-08 00:00:00	2021-06-08 00:00:00	None	FTP Login Failed - 6hr Failed Logons (IP=20,IN)
117.221.176.48	24	KH	None	2021-08-27 00:00:00	2021-11-25 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Web attacks (IP=48,IN)
117.221.177.133	32	srm	None	2021-05-05 00:00:00	2021-08-03 00:00:00	None	Firepower Suspicious Scan Activity (IP=133,IN)
117.222.161.114	32	srm	None	2021-01-29 00:00:00	2021-04-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=114,IN)
117.222.161.81	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=81,IN)
117.222.162.180	24	GM	None	2021-03-03 00:00:00	2021-06-03 00:00:00	None	Generic URI Injection wget Attempt - FireEye CMS (IP=180,IN)
117.222.162.226	32	srm	None	2021-01-29 00:00:00	2021-04-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=226,IN)
117.222.163.144	32	srm	None	2021-01-29 00:00:00	2021-04-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=144,IN)
117.222.163.89	32	srm	None	2021-01-29 00:00:00	2021-04-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=89,IN)
117.222.164.213	32	srm	None	2021-01-29 00:00:00	2021-04-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=213,IN)
117.222.165.113	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=113,IN)
117.222.165.39	32	srm	None	2021-05-04 00:00:00	2021-08-02 00:00:00	None	Firepower Suspicious Scan Activity (IP=39,IN)
117.222.165.92	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=92,IN)
117.222.166.175	24	GM	None	2020-12-25 00:00:00	2021-03-25 00:00:00	None	Generic URI Injection wget Attempt - FireEye CMS (IP=175,IN)
117.222.168.170	24	GM	None	2021-02-12 00:00:00	2021-05-12 00:00:00	None	Generic URI Injection wget Attempt - FireEyeCMS (IP=170,IN)
117.222.170.106	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=106,IN)
117.222.170.60	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=60,IN)
117.222.171.128	32	srm	None	2021-03-30 00:00:00	2021-06-30 00:00:00	None	Firepower Suspicious Scan Activity (IP=128,IN)
117.222.171.97	32	wmp	None	2021-04-29 00:00:00	2021-07-29 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=97,IN)
117.222.172.96	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	HIVE Case #Firepower Firepower (IP=96,IN)
117.222.173.235	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=235,IN)
117.222.175.165	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=165,IN)
117.222.179.26	32	srm	None	2021-05-11 00:00:00	2021-08-09 00:00:00	None	Firepower Suspicious Scan Activity (IP=26,IN)
117.241.49.107	32	srm	None	2021-05-17 00:00:00	2021-08-15 00:00:00	None	Firepower Suspicious Scan Activity (IP=107,IN)
117.241.64.54	32	srm	None	2021-01-29 00:00:00	2021-04-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=54,IN)
117.242.139.145	24	CR	None	2021-06-29 00:00:00	2021-09-27 00:00:00	None	ESM High Attacker Suspicious Scan Activity (IP=145,IN)
117.242.208.101	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	HIVE Case #Firepower Firepower (IP=101,IN)
117.242.209.237	32	srm	None	2021-01-29 00:00:00	2021-04-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=237,IN)
117.242.209.84	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=84,IN)
117.242.210.238	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=238,IN)
117.242.211.0	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=0,IN)
117.242.211.192	32	srm	None	2021-03-30 00:00:00	2021-06-30 00:00:00	None	Firepower Suspicious Scan Activity (IP=192,IN)
117.242.211.26	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=26,IN)
117.242.39.208	24	AR	None	2021-07-28 00:00:00	2021-10-26 00:00:00	None	SQL injection - 6Hr Web Attacks (IP=208,IN)
117.247.200.229	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	HIVE Case #Firepower Firepower (IP=229,IN)
117.247.203.202	32	srm	None	2021-05-14 00:00:00	2021-08-12 00:00:00	None	Firepower Suspicious Scan Activity (IP=202,IN)
117.247.205.96	32	srm	None	2021-05-04 00:00:00	2021-08-02 00:00:00	None	Firepower Suspicious Scan Activity (IP=96,IN)
117.247.207.31	32	srm	None	2021-05-05 00:00:00	2021-08-03 00:00:00	None	Firepower Suspicious Scan Activity (IP=31,IN)
117.248.164.155	24	SW	None	2021-08-01 00:00:00	2021-10-30 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt (1:19559:13) - SourceFire (IP=155, IO)
117.248.168.212	24	DT	None	2021-03-14 00:00:00	2021-06-14 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - Failed Logons (IP=212,IN)
117.248.249.70	24	KH	None	2021-07-12 00:00:00	2021-10-10 00:00:00	None	SSH2 Failed Login Attempt - 6 hr Failed Logons (IP=70,IN)
117.251.18.111	24	GM	None	2020-12-08 00:00:00	2021-03-08 00:00:00	None	Generic URI Injection wget Attempt - FireEye CMS (IP=111,IN)
117.251.27.89	24	RR	None	2021-04-15 00:00:00	2021-07-14 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - Failed Logons (IP=89,IN)
117.251.56.154	24	FT	None	2020-11-09 00:00:00	2021-02-09 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - 6hr web attacks (IP=154,IN)
117.251.57.148	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=148,IN)
117.251.57.199	32	srm	None	2021-01-29 00:00:00	2021-04-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=199,IN)
117.251.59.155	24	GM	None	2020-12-25 00:00:00	2021-03-25 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Web Attacks (IP=155,IN)
117.251.60.183	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	HIVE Case #Firepower Firepower (IP=183,IN)
117.252.29.33	24	RW	None	2021-01-15 00:00:00	2021-04-15 00:00:00	None	SERVER-WEBAPP Cisco Adaptive Security Appliance directory traversal attempt - 6hr web attacks (IP=33,IN)
117.254.90.97	24	EE	None	2021-04-19 00:00:00	2021-07-19 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt (1:50182:1) - Sourcefire (IP=97,IN) | updated by RW Block expiration extended with reason INDICATOR-SCAN PHP backdoor scan attempt - Sourcefire (IP=97,IN)
117.26.110.103	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=103,CN)
117.28.134.147	24	BMP	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=147,CN)
117.35.54.98	24	BMP	None	2020-10-12 00:00:00	2021-01-12 00:00:00	None	HTTP: SQL Injection Attempt Detected - 6hr Web Attacks (IP=98,CN)
117.44.187.203	24	RR	None	2021-05-14 00:00:00	2021-08-12 00:00:00	None	FTP Login Failed - Web Attacks (IP=203,CN)
117.48.234.141	24	RW	None	2021-01-03 00:00:00	2021-04-03 00:00:00	None	Authentication Failure - Web Attacks (IP=141,CN)
117.50.42.55	24	RR	None	2020-12-18 00:00:00	2021-03-18 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - SourceFire (IP=55,CN)
117.50.61.118	24	DT	None	2020-07-06 00:00:00	2021-08-29 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=118,CN) | updated by UA Block was inactive. Reactivated on 20210531 with reason SERVER-WEBAPP Joomla JDatabaseDriverMysqli - Exploit - Web Attacks (IP=118,CN) SERVER-WEBAPP Joom
117.50.61.118	24	RB	None	2020-07-06 00:00:00	2021-08-29 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=118,CN) | updated by UA Block was inactive. Reactivated on 20210531 with reason SERVER-WEBAPP Joomla JDatabaseDriverMysqli - Exploit - Web Attacks (IP=118,CN) SERVER-WEBAPP Joom
117.50.61.118	24	UA	None	2021-05-31 00:00:00	2021-08-29 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=118,CN) | updated by UA Block was inactive. Reactivated on 20210531 with reason SERVER-WEBAPP Joomla JDatabaseDriverMysqli - Exploit - Web Attacks (IP=118,CN) SERVER-WEBAPP Joom
117.50.61.118	24	CR	None	2021-05-31 00:00:00	2021-08-29 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - Sourcefire (IP=118,CN)
117.50.93.75	24	BMP	None	2021-05-14 00:00:00	2021-08-12 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire (IP=75,CN)
117.51.137.28	24	FT	None	2020-10-24 00:00:00	2021-01-21 00:00:00	None	SERVER-WEBAPP vBulletin template rendering arbitrary PHP code execution attempt - 6hr Web Attacks (IP=28,CN)
117.51.142.20	24	ZH	None	2021-06-27 00:00:00	2021-09-25 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt (1:48837:6) - Sourcefire Rpt (IP=20,CN)
117.52.173.138	24	EE	None	2021-03-27 00:00:00	2021-06-25 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=138,KR)
117.53.45.250	24	DT	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr web attacks (IP=250,ID)
117.53.45.250	24	DT	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr web attacks (IP=250,ID)
117.54.124.236	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	ID TO-S-2020-0303 Malicious Email Activity
117.54.134.0	24	TLM	None	2021-06-17 00:00:00	2021-12-17 00:00:00	None	HIVE Case #5644 TO-S-2021-1352 (IP=0,ID)
117.6.192.99	24	RR	None	2021-05-28 00:00:00	2021-08-26 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - SourceFire (IP=99,VN)
117.67.4.204	24	RB	None	2021-05-09 00:00:00	2021-08-07 00:00:00	None	FTP Login Failed - 6hr failed logons (IP=204,CN)
117.67.5.95	24	RB	None	2021-05-09 00:00:00	2021-08-07 00:00:00	None	FTP Login Failed - 6hr failed logons (IP=95,CN)
117.67.72.179	24	RB	None	2021-05-09 00:00:00	2021-08-07 00:00:00	None	FTP Login Failed - 6hr failed logons (IP=179,CN)
117.67.73.13	24	RB	None	2021-05-09 00:00:00	2021-08-07 00:00:00	None	FTP Login Failed - 6hr failed logons (IP=13,CN)
117.73.10.191	24	GM	None	2021-04-03 00:00:00	2021-07-03 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=191,CN)
117.73.12.175	24	FT	None	2021-03-14 00:00:00	2021-06-14 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=175,CN)
117.73.13.191	24	RR	None	2021-03-04 00:00:00	2021-06-02 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=191,CN)
117.73.8.163	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	HIVE Case #Firepower Firepower (IP=163,CN)
117.73.8.241	24	RB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Sourcefire (IP=241,CN)
117.74.136.106	24	GM	None	2020-11-27 00:00:00	2021-02-27 00:00:00	None	SERVER-WEBAPP ZyXEL P660HN ADSL Router viewlog.asp command injection attempt - Web Attacks (IP=106,CN)
117.78.16.59	24	BB	None	2021-07-26 00:00:00	2021-10-24 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=59,CN)
117.78.36.108	32	KH	None	2021-09-29 00:00:00	2021-12-28 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 21C02009 (IP=108,CN)
117.78.41.49	24	EE	None	2021-03-27 00:00:00	2021-06-25 00:00:00	None	SERVER WEBAPP JBoss JMX console access attempt - Web Attacks (IP=49,CN)
117.80.117.149	24	FT	None	2021-04-13 00:00:00	2021-07-12 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=149,CN)
117.89.174.70	24	RW	None	2021-03-25 00:00:00	2021-06-25 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=70,CN)
117.94.201.17	24	UA	None	2021-08-30 00:00:00	2021-11-28 00:00:00	None	Attempted Access - Inbound Brute Force - TT# 21C01674 (IP=17,CN)
117.97.128.178	24	BMP	None	2021-06-18 00:00:00	2021-09-16 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6hr Failed Logons (IP=178,IN)
117.97.144.0	20	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	IN TO-S-2020-0838 Malware Activity
118.100.195.7	24	EE	None	2020-12-23 00:00:00	2021-03-23 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6 HR FAILED LOGONS (IP=7,MY)
118.100.53.39	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	MY Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
118.101.107.59	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	MY Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
118.101.186.194	24	RB	None	2021-03-09 00:00:00	2021-06-07 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - Sourcefire (IP=194,MY)
118.101.226.137	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	MY Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
118.101.246.107	24	EE	None	2021-03-27 00:00:00	2021-06-25 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=107,MY)
118.103.233.140	32	dbc	None	2020-05-22 00:00:00	2021-05-27 00:00:00	None	Unafilliated TO-S-2020-0559 Malicious Email Activity | updated by dbc Block expiration extended with reason Unafilliated TO-S-2020-0559.01 Malicious Email Activity
118.107.13.0	24	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,HK)
118.107.14.0	24	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	HK TO-S-2020-0838 Malicious Email Activity
118.107.14.139	32	dbc	None	2020-09-17 00:00:00	2021-09-17 00:00:00	None	SG TO-S-2020-0805 Malicious Email Activity
118.107.14.26	32	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	SG TO-S-2020-0838 Malicious Email Activity
118.107.181.193	24	RR	None	2020-12-13 00:00:00	2021-03-13 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Web Attacks (IP=193,HK)
118.107.60.187	32	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5629 TO-S-2021-1303 (IP=187,SG)
118.108.153.212	24	BB	None	2021-08-17 00:00:00	2021-11-15 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt (1:19559:13) - SourceFire (IP=212,JP)
118.122.118.189	24	RB	None	2021-06-13 00:00:00	2021-09-11 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attcks (IP=189,CN) | updated by RB Block was inactive. Reactivated on 20210613 with reason Hello Peppa Scan - IPS Events (IP=189,CN) Hello Peppa Scan - IPS Events (IP=189,CN)
118.122.118.189	24	RR	None	2020-11-03 00:00:00	2021-09-11 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attcks (IP=189,CN) | updated by RB Block was inactive. Reactivated on 20210613 with reason Hello Peppa Scan - IPS Events (IP=189,CN) Hello Peppa Scan - IPS Events (IP=189,CN)
118.122.118.189	24	RR	None	2021-06-13 00:00:00	2021-09-11 00:00:00	None	SERVER-WEBAPP vBulletin pre-authenticated command injection attempt - Web Attacks (IP=189,CN)
118.122.98.172	24	RW	None	2021-03-25 00:00:00	2021-06-25 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Sourcefire (IP=172,CN)
118.126.115.222	24	GM	None	2021-03-09 00:00:00	2021-06-07 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=222,CN)
118.126.115.253	32	BMP	None	2020-10-11 00:00:00	2021-01-11 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 21C00101 (IP=253,CN)
118.127.28.57	32	wmp	None	2020-08-20 00:00:00	2021-10-08 00:00:00	None	HIVE Case #3601 COLS-NA-TIP-20-0260 (IP=57,AU) | updated by dbc Block expiration extended with reason HIVE Case #4064 TO-S-2020-0859 (IP=57,AU)
118.128.193.253	24	EE	None	2021-01-13 00:00:00	2021-04-13 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt (1:50182:1) - SOURCEFIRE (IP=253,KR)
118.143.0.0	19	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	HK Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
118.150.160.0	19	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	TW Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
118.150.224.0	22	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	TW Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
118.151.208.0	22	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	IN TO-S-2020-0838 Malware Activity
118.161.209.66	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	TW Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
118.161.81.65	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	TW Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
118.163.181.98	24	JKC	None	2020-04-13 00:00:00	2021-04-13 00:00:00	None	CTR-20-0628 MALWARE CAMPAIGN HIVE CASE #2510 (IP=98, TW)
118.163.85.184	24	BMP	None	2021-02-20 00:00:00	2021-05-20 00:00:00	None	FTP Login Failed - 6hr Failed Logons (IP=184,TW)
118.166.138.56	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	TW Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
118.166.25.61	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	TW TO-S-2021-0941 Hive Case 4361 Malware Activity
118.167.135.170	32	TLM	None	2021-07-29 00:00:00	2021-10-27 00:00:00	None	HIVE Case #5884 TO-S-2021-1435 (IP=170,TW)
118.167.54.27	32	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5629 TO-S-2021-1303 (IP=27,TW)
118.169.79.129	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	TW Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
118.172.131.149	24	BMP	None	2021-03-08 00:00:00	2021-06-08 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6hr Failed Logons (IP=149,TH)
118.172.172.129	24	RR	None	2021-05-06 00:00:00	2021-08-04 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - Failed Logons (IP=129,TH)
118.172.29.180	32	TLM	None	2021-06-10 00:00:00	2021-12-10 00:00:00	None	HIVE CASE #5606 TO-S-2021-1338
118.172.54.181	24	BMP	None	2021-02-28 00:00:00	2021-05-28 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6hr Failed Logons (IP=181,TH)
118.172.96.0	19	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	TH Hive Case 4237 TO-S-2021-0910 Malware Activity
118.173.235.65	24	EE	None	2021-04-19 00:00:00	2021-07-19 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt (1:19559:13) - Sourcefire (IP=65,TH) | updated by RW Block expiration extended with reason INDICATOR-SCAN SSH brute force login attempt - Sourcefire (IP=65,TH)
118.173.96.0	19	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	TH TO-S-2021-0989 Hive Case # 4493 Malicious Web Application Activity
118.175.16.0	21	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	TH Hive Case 4237 TO-S-2021-0910 Malware Activity
118.178.122.215	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	HIVE Case #Firepower Firepower (IP=215,CN)
118.178.255.26	24	RR	None	2021-02-27 00:00:00	2021-05-28 00:00:00	None	SERVER-WEBAPP JBoss JMXInvokerServlet access attempt - Web Attacks (IP=26,CN)
118.179.192.0	19	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	BD TO-S-2021-0989 Hive Case # 4493 Malware Activity
118.179.212.0	24	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	BD Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
118.179.81.45	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	BD Hive Case 4187 TO-S-2021-0898 Malware Activity
118.179.83.0	24	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	BD Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
118.186.208.126	24	RR	None	2020-10-21 00:00:00	2021-01-19 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=126,CN)
118.186.5.13	32	srm	None	2021-03-30 00:00:00	2021-06-30 00:00:00	None	Firepower Suspicious Scan Activity (IP=13,CN)
118.190.134.217	24	CR	None	2021-05-04 00:00:00	2021-08-04 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt_6 hr web attacks (IP=217,CN)
118.190.141.150	32	srm	None	2021-04-07 00:00:00	2021-07-07 00:00:00	None	Firepower Suspicious Scan Activity (IP=150,CN)
118.190.152.144	24	AR	None	2021-08-06 00:00:00	2021-11-04 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6Hr Web Attack (IP=144,CN)
118.190.216.219	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=219,CN)
118.190.216.9	32	srm	None	2021-04-07 00:00:00	2021-07-07 00:00:00	None	Firepower Suspicious Scan Activity (IP=9,CN)
118.190.88.12	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=12,CN)
118.195.148.230	24	GLM	None	2021-04-04 00:00:00	2021-07-03 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=230,CN)
118.195.178.158	24	EE	None	2021-04-20 00:00:00	2021-07-19 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attack (IP=158,CN)
118.195.183.58	24	RR	None	2021-04-27 00:00:00	2021-07-26 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=58,CN)
118.218.186.184	24	KH	None	2021-07-16 00:00:00	2021-10-14 00:00:00	None	SERVER-WEBAPP Microsoft Exchange Server server side request forgery attempt - SourceFire (IP=184,KR)
118.232.0.0	19	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	TW Hive Case 4237 TO-S-2021-0910 Malware Activity
118.232.214.72	32	srm	None	2021-01-29 00:00:00	2021-04-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=72,TW)
118.233.221.128	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=128,TW)
118.233.63.194	32	srm	None	2021-01-29 00:00:00	2021-04-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=194,TW)
118.239.25.172	24	GM	None	2021-01-30 00:00:00	2021-04-30 00:00:00	None	Generic URI Injection wget Attempt - FireEye CMS (IP=172,CN)
118.24.107.87	24	EE	None	2021-03-27 00:00:00	2021-06-25 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=87,CN)
118.24.115.185	32	srm	None	2021-04-23 00:00:00	2021-07-22 00:00:00	None	Firepower Suspicious Scan Activity (IP=185,CN)
118.24.136.188	24	RR	None	2020-12-29 00:00:00	2021-03-29 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - SourceFire (IP=188,CN)
118.24.146.184	24	BMP	None	2021-06-10 00:00:00	2021-09-08 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=184,CN)
118.24.150.145	24	RW	None	2021-01-03 00:00:00	2021-04-03 00:00:00	None	Authentication Failure - Web Attacks (IP=145,CN)
118.24.150.145	24	RW	None	2021-01-03 00:00:00	2021-04-03 00:00:00	None	Authentication Failure - Web Attacks (IP=145,CN)
118.24.172.185	24	BMP	None	2021-03-25 00:00:00	2021-06-23 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=185,CN)
118.24.214.215	24	DT	None	2021-08-04 00:00:00	2021-11-02 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt (1:19559:13) - Source Fire (IP=215,CN)
118.24.232.236	24	DT	None	2021-03-21 00:00:00	2021-06-19 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=207,SG)
118.24.42.244	24	RB	None	2019-06-23 00:00:00	2021-01-04 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt_Sourcefire (IP=244 CN) | updated by FT Block was inactive. Reactivated on 20201004 with reason SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=244,CN)
118.24.58.174	24	DT	None	2020-10-21 00:00:00	2021-01-21 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Sourcefire (IP=174,CN)
118.24.58.174	24	DT	None	2020-10-21 00:00:00	2021-01-19 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=174,CN)
118.249.80.66	32	wmp	None	2021-01-29 00:00:00	2021-04-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=66,CN)
118.25.211.189	24	UA	None	2021-05-31 00:00:00	2021-08-29 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Exploit - Web Attacks (IP=189,CN)
118.25.211.189	24	UA	None	2021-05-31 00:00:00	2021-08-29 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Exploit - Web Attacks (IP=189,CN)
118.25.40.64	24	AR	None	2021-06-09 00:00:00	2021-09-07 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6 HR Web Attack (IP=64,CN)
118.25.43.126	24	GM	None	2020-11-01 00:00:00	2021-02-01 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=126,CN)
118.25.47.17	24	EE	None	2021-01-22 00:00:00	2021-04-22 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt (1:51395:1) - SourceFire (IP=17,CN)
118.25.8.234	24	CR	None	2020-12-29 00:00:00	2021-03-29 00:00:00	None	SSH User Authentication Brute Force Attempt - 6 hr failed logon (IP=234,CN)
118.250.154.234	24	RB	None	2021-04-16 00:00:00	2021-07-15 00:00:00	None	Generic URI Injection wget Attempt - IPS Events (IP=234,CN)
118.250.29.35	24	GM	None	2020-11-22 00:00:00	2021-02-22 00:00:00	None	Generic URI Injection wget Attempt - FireEye (IP=35,CN)
118.250.30.85	32	srm	None	2021-04-26 00:00:00	2021-07-25 00:00:00	None	Firepower Suspicious Scan Activity (IP=85,CN)
118.250.31.49	24	GM	None	2021-03-03 00:00:00	2021-06-03 00:00:00	None	Generic URI Injection wget Attempt - FireEye CMS (IP=49,CN)
118.255.176.223	32	srm	None	2021-03-30 00:00:00	2021-06-30 00:00:00	None	Firepower Suspicious Scan Activity (IP=223,CN)
118.26.36.169	32	wmp	None	2021-06-22 00:00:00	2021-09-22 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=169,HK)
118.27.0.110	24	RB	None	2021-04-06 00:00:00	2021-07-05 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr web attacks (IP=110,JP)
118.27.104.117	24	EE	None	2021-03-19 00:00:00	2021-06-17 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attack (IP=117,JP)
118.27.107.45	32	NAB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HIVE Case #5136 TO-S-21-1197 TO-S-21-1197.01 (IP=45,JP)
118.27.11.135	24	GM	None	2021-03-29 00:00:00	2021-06-29 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=135,JP)
118.27.115.238	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=238,JP)
118.27.117.163	32	NAB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HIVE Case #5136 TO-S-21-1197 TO-S-21-1197.01 (IP=163,JP)
118.27.119.202	24	FT	None	2021-03-30 00:00:00	2021-06-28 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=202,JP)
118.27.17.18	32	dbc	None	2020-09-23 00:00:00	2021-09-23 00:00:00	None	JP TO-S-2020-0826 Hive Case 3950 Malicious Email Activity
118.27.28.16	32	wmp	None	2020-07-10 00:00:00	2021-09-17 00:00:00	None	HIVE Case #3270 COLS-NA-TIP-20-0210 (IP=16,JP) | updated by dbc Block expiration extended with reason JP TO-S-2020-0805 Malicious Email Activity
118.27.29.134	24	FT	None	2021-03-27 00:00:00	2021-06-25 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=134,JP)
118.27.3.233	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	JP TO-S-2020-0750 Malicious Email Activity
118.27.95.22	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	JP TO-S-2020-0698 Malware Activity
118.31.38.5	24	EE	None	2021-04-02 00:00:00	2021-07-01 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=5,CN)
118.31.60.151	24	EE	None	2021-03-27 00:00:00	2021-06-25 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=151,CN)
118.31.73.149	24	EE	None	2021-03-28 00:00:00	2021-06-26 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=149,CN)
118.33.118.27	24	BMP	None	2021-03-27 00:00:00	2021-06-25 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=27,KR)
118.40.100.81	24	RB	None	2021-04-05 00:00:00	2021-07-04 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=81,KR)
118.44.22.150	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	KR TO-S-2020-0298 Malicious Email Activity
118.67.208.0	20	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	BD TO-S-2020-0303 Malicious Email Activity
118.67.244.0	24	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,IN)
118.68.106.53	24	KH	None	2021-07-26 00:00:00	2021-10-24 00:00:00	None	SQL injection - Web Attacks (IP=53,VN)
118.68.144.0	20	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	VN Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
118.68.64.0	20	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	VN Hive Case 4187 TO-S-2021-0898 Malicious Web Application Activity
118.69.178.166	24	RB	None	2021-02-22 00:00:00	2021-05-23 00:00:00	None	Hive Case #4937 (IP=166,VN)
118.69.224.0	20	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	VN TO-S-2020-0750 Malicious Email Activity
118.69.65.68	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	VN TO-S-2020-0331 Malicious Web Application Activity
118.69.74.7	24	BB	None	2021-08-19 00:00:00	2021-11-17 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - SourceFire (IP=7,VN )
118.69.77.93	32	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5637 TO-S-2021-1321 (IP=93,VN)
118.70.0.0	20	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	VN TO-S-2021-0876 Hive Case 4166 Malware Activity
118.70.109.133	24	GM	None	2020-01-02 00:00:00	2021-01-02 00:00:00	None	SERVER-OTHER Spring Data Commons remote code execution attempt - Sourcefire (IP=133,VN)
118.70.128.0	20	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	VN Hive Case 4187 TO-S-2021-0898 Malware Activity
118.70.144.0	20	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	VN TO-S-2020-0298 Malicious Email Activity
118.70.150.42	24	AR	None	2021-08-22 00:00:00	2021-11-20 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6Hr Failed Logons (IP=42,VN)
118.70.160.0	20	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	VN TO-S-2021-0989 Hive Case # 4493 Malware Activity
118.70.176.0	20	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=0,VN)
118.70.203.68	32	TLM	None	2021-06-17 00:00:00	2021-12-17 00:00:00	None	HIVE Case #5644 TO-S-2021-1352 (IP=68,VN)
118.70.224.0	20	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,VN)
118.70.33.123	32	TLM	None	2021-06-10 00:00:00	2021-12-10 00:00:00	None	HIVE CASE #5606 TO-S-2021-1338
118.70.44.192	24	RB	None	2021-04-27 00:00:00	2021-07-26 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - 6hr web attacks (IP=192,VN)
118.70.74.156	32	TLM	None	2021-06-10 00:00:00	2021-12-10 00:00:00	None	HIVE CASE #5606 TO-S-2021-1338
118.71.161.134	24	DT	None	2021-09-06 00:00:00	2021-12-05 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt (1:19559:13) - Source Fire (IP=134,VN)
118.71.170.176	24	RR	None	2020-11-15 00:00:00	2021-02-13 00:00:00	None	SERVER-WEBAPP Apache Tomcat FileStore directory traversal attempt - SourceFire (IP=176,VN)
118.71.22.56	24	BMP	None	2021-05-26 00:00:00	2021-08-24 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6hr Failed Logon (IP=56,VN)
118.71.224.220	32	TLM	None	2021-06-10 00:00:00	2021-12-10 00:00:00	None	HIVE CASE #5606 TO-S-2021-1338
118.71.227.172	24	RB	None	2021-05-02 00:00:00	2021-08-02 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=172,VN)
118.75.200.198	32	srm	None	2021-03-30 00:00:00	2021-06-30 00:00:00	None	Firepower Suspicious Scan Activity (IP=198,CN)
118.79.125.92	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=92,CN)
118.79.146.123	32	wmp	None	2021-04-20 00:00:00	2021-07-20 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=123,CN)
118.79.218.213	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=213,CN)
118.79.253.108	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=108,CN)
118.79.71.137	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=137,CN)
118.79.72.120	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=120,CN)
118.79.89.246	32	wmp	None	2021-04-29 00:00:00	2021-07-29 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=246,CN)
118.89.119.250	24	BMP	None	2020-11-17 00:00:00	2021-02-15 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - 6hr Web Attacks (IP=250,CN)
118.89.170.250	24	GM	None	2021-03-29 00:00:00	2021-06-29 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=250,CN)
118.89.188.219	24	GM	None	2020-11-01 00:00:00	2021-02-01 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=219,CN)
118.89.219.29	24	FT	None	2021-01-29 00:00:00	2021-04-29 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt (1:50182:1) - SourceFire (IP=29,CN)
118.89.226.174	32	wmp	None	2021-01-29 00:00:00	2021-04-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=174,CN)
118.89.239.121	24	RW	None	2021-03-07 00:00:00	2021-06-07 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=121,CN)
118.89.47.236	24	RB	None	2021-03-05 00:00:00	2021-06-03 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Failed Logons (IP=236,CN)
118.89.65.15	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=15,CN)
118.89.65.15	24	BMP	None	2020-12-13 00:00:00	2021-03-13 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - 6hr Web Attacks (IP=15,CN)
118.91.160.0	20	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	NP TO-S-2020-0298 Malicious Email Activity
118.96.149.125	24	BMP	None	2021-03-27 00:00:00	2021-06-25 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6hr Failed Logons (IP=125,ID)
118.97.187.60	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	ID TO-S-2020-0331 Malicious Web Application Activity
118.97.198.195	24	FT	None	2021-02-26 00:00:00	2021-05-26 00:00:00	None	SUSPICIOUS.URL- Case 4972 (IP=195,ID)
118.97.201.186	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	ID TO-S-2020-0331 Malicious Web Application Activity
118.99.102.0	23	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	ID Hive Case 4237 TO-S-2021-0910 Malware Activity
119.10.116.225	32	srm	None	2021-02-02 00:00:00	2021-05-03 00:00:00	None	Firepwer Suspicious Scan Activity (IP=225,CN)
119.109.23.14	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=14,CN)
119.110.198.116	32	dbc	None	2020-05-22 00:00:00	2021-05-27 00:00:00	None	Unafilliated TO-S-2020-0559 Malicious Email Activity | updated by dbc Block expiration extended with reason Unafilliated TO-S-2020-0559.01 Malicious Email Activity
119.113.138.30	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=30,CN)
119.123.175.55	24	RT	None	2021-05-27 00:00:00	2021-08-25 00:00:00	None	SERVER-APACHE Apache Struts remote code execution attempt - Sourcefire Report (IP=55,CN)
119.123.218.203	24	GM	None	2020-10-25 00:00:00	2021-01-25 00:00:00	None	Generic URI Injection wget Attempt - FireEye CMS (IP=203,CN)
119.123.242.34	24	EE	None	2021-03-28 00:00:00	2021-06-26 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=34,CN)
119.14.161.235	32	wmp	None	2021-05-10 00:00:00	2021-08-10 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=235,TW)
119.147.104.143	24	DT	None	2021-08-16 00:00:00	2021-11-14 00:00:00	None	Attempted Access - Inbound Brute Force - TT# 21C01558 (IP=143,CN)
119.160.101.62	24	RR	None	2021-06-12 00:00:00	2021-09-10 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - SourceFire (IP=62,PK)
119.160.192.0	21	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	IN TO-S-2020-0303 Malicious Email Activity
119.160.219.61	24	EE	None	2021-03-28 00:00:00	2021-06-26 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=61,TH)
119.160.65.180	24	GM	None	2020-10-16 00:00:00	2021-01-16 00:00:00	None	FTP Login Failed - Failed Logons (IP=180,PK)
119.163.93.20	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	HIVE Case #Firepower Firepower (IP=20,CN)
119.165.163.220	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=220,CN)
119.165.27.77	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=77,CN)
119.165.4.243	32	srm	None	2021-03-30 00:00:00	2021-06-30 00:00:00	None	Firepower Suspicious Scan Activity (IP=243,CN)
119.17.151.110	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	AU Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
119.17.192.102	24	AR	None	2021-09-03 00:00:00	2021-12-02 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6Hr Failed Logons (IP=102,VN)
119.17.192.77	24	RB	None	2021-01-27 00:00:00	2021-04-27 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - Sourcefire (IP=77,TR)
119.178.18.116	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=116,CN)
119.178.201.188	32	srm	None	2021-03-30 00:00:00	2021-06-30 00:00:00	None	Firepower Suspicious Scan Activity (IP=188,CN)
119.178.240.159	32	srm	None	2021-01-29 00:00:00	2021-04-29 00:00:00	None	Firepwer Suspicious Scan Activity (IP=159,CN)
119.179.187.152	32	srm	None	2021-03-30 00:00:00	2021-06-30 00:00:00	None	Firepower Suspicious Scan Activity (IP=152,CN)
119.179.190.97	24	GM	None	2020-11-29 00:00:00	2021-03-01 00:00:00	None	Generic URI Injection wget Attempt - FireEye CMS (IP=97,CN)
119.179.239.141	32	wmp	None	2021-05-14 00:00:00	2021-08-14 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=141,CN)
119.179.255.2	24	BMP	None	2021-08-23 00:00:00	2021-11-21 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - 6hr Web Attacks (IP=2,CN)
119.179.43.1	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=1,CN)
119.18.146.0	23	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	BD Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
119.18.48.0	20	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	IN TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
119.180.101.151	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=151,CN)
119.180.108.79	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=79,CN)
119.180.206.5	32	wmp	None	2021-05-03 00:00:00	2021-08-03 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=5,CN)
119.180.69.252	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=252,CN)
119.182.60.91	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=91,CN)
119.184.13.55	32	srm	None	2021-03-30 00:00:00	2021-06-30 00:00:00	None	Firepower Suspicious Scan Activity (IP=55,CN)
119.185.82.73	24	KH	None	2021-07-27 00:00:00	2021-10-25 00:00:00	None	Generic URI Injection wget Attempt - FE IPS (IP=73,CN)
119.186.209.220	32	wmp	None	2021-05-21 00:00:00	2021-08-21 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=220,CN)
119.186.22.245	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=245,CN)
119.187.108.245	24	KH	None	2021-08-17 00:00:00	2021-11-15 00:00:00	None	Generic URI Injection wget Attempt
119.187.220.115	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=115,CN)
119.187.226.34	24	DT	None	2021-06-24 00:00:00	2021-09-22 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=34,CN)
119.188.240.46	24	FT	None	2020-10-14 00:00:00	2021-01-12 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=46,CN)
119.189.227.244	32	wmp	None	2021-05-05 00:00:00	2021-08-05 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=244,CN)
119.190.191.46	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=46,CN)
119.190.34.246	24	GM	None	2020-10-24 00:00:00	2021-01-24 00:00:00	None	SERVER-WEBAPP vBulletin pre-authenticated command injection attempt - Web Attacks (IP=246,CN)
119.191.146.194	24	BB	None	2021-07-13 00:00:00	2021-10-11 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Web Attacks (IP=194,CN)
119.191.187.206	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=206,CN)
119.196.154.6	24	BMP	None	2021-05-26 00:00:00	2021-08-24 00:00:00	None	SERVER-APACHE Apache Struts remote code execution attempt (1:49376:3) - SourceFire (IP=6,KR)
119.202.67.213	24	BB	None	2021-07-25 00:00:00	2021-10-23 00:00:00	None	ABC SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - ABC Report (IP=213,KR)
119.23.129.64	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=64,CN)
119.23.208.141	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	HIVE Case #Firepower Firepower (IP=141,CN)
119.23.208.43	24	ZH	None	2021-08-26 00:00:00	2021-11-24 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - 6 hr Web Attacks (IP=43,CN)
119.23.209.206	32	wmp	None	2021-01-29 00:00:00	2021-04-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=206,CN)
119.23.217.51	24	KH	None	2021-07-26 00:00:00	2021-10-24 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=51,CN)
119.23.240.246	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=246,CN)
119.23.250.117	32	srm	None	2021-03-30 00:00:00	2021-06-30 00:00:00	None	Firepower Suspicious Scan Activity (IP=117,CN)
119.23.251.120	24	KD	None	2021-06-16 00:00:00	2021-09-15 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=120,CN)
119.235.248.0	21	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,ID)
119.235.48.0	21	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=0,IN)
119.236.125.57	24	GM	None	2021-02-12 00:00:00	2021-05-12 00:00:00	None	SERVER-WEBAPP LifeRay arbitrary Java object deserialization attempt - Web Attack (IP=57,HK)
119.252.160.0	20	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	ID TO-S-2020-0303 Malicious Email Activity
119.27.160.85	24	RR	None	2020-10-22 00:00:00	2021-01-20 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - SourceFire (IP=85,CN)
119.27.171.113	24	EE	None	2021-03-28 00:00:00	2021-06-26 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks(IP=113,CN)
119.28.100.67	24	KD	None	2021-05-28 00:00:00	2021-08-27 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=67,HK)
119.28.100.67	24	SW	None	2021-05-26 00:00:00	2021-08-24 00:00:00	None	INDICATOR-SCAN DNS version.bind
119.28.100.67	24	SW	None	2021-05-26 00:00:00	2021-08-24 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - SourceFire (IP=67,HK)
119.28.115.130	24	BMP	None	2021-06-24 00:00:00	2021-09-22 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire (IP=130,HK)
119.28.134.222	24	RW	None	2021-03-18 00:00:00	2021-06-18 00:00:00	None	SSH2 Failed Login Attempt - 6 hr failed logons (IP=222,HK)
119.28.152.247	24	RR	None	2019-09-19 00:00:00	2021-09-25 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (IP=152,CN) | updated by ZH Block was inactive. Reactivated on 20210627 with reason INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire Rpt
119.28.157.230	24	RB	None	2019-09-21 00:00:00	2021-09-23 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt_Sourcefire (IP=230,KR) | updated by RW Block was inactive. Reactivated on 20210625 with reason INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourc
119.28.160.239	24	KD	None	2021-05-28 00:00:00	2021-08-27 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=239,HK)
119.28.163.155	24	GM	None	2019-09-27 00:00:00	2021-09-10 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=155,CN) | updated by BMP Block was inactive. Reactivated on 20210612 with reason INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) -
119.28.234.30	24	RR	None	2019-09-19 00:00:00	2021-09-30 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (IP=234,CN) | updated by RR Block was inactive. Reactivated on 20210702 with reason INDICATOR-SCAN DNS version.bind string information disclosure attempt - SourceFire (IP=30,HK)
119.28.239.222	24	RR	None	2019-09-19 00:00:00	2021-08-26 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (IP=239,CN) | updated by SW Block was inactive. Reactivated on 20210525 with reason INDICATOR-SCAN DNS version.bind | updated by SW Block expiration extended with reason INDICATOR-
119.28.250.59	24	RT	None	2021-07-07 00:00:00	2021-10-05 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire Report (IP=59,IN)
119.28.94.125	24	GM	None	2021-03-29 00:00:00	2021-06-29 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=125,HK)
119.29.14.147	24	GM	None	2021-03-27 00:00:00	2021-06-25 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=147,CN)
119.29.141.57	24	RW	None	2020-12-27 00:00:00	2021-03-27 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr web attacks (IP=57,CN)
119.29.148.168	24	RR	None	2021-06-06 00:00:00	2021-09-04 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=168,CN) | updated by RW Block was inactive. Reactivated on 20210520 with reason HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6 hr web attacks (IP=168,CN) HTTP: Detect PHP-CGI
119.29.148.168	24	RR	None	2021-05-22 00:00:00	2021-09-04 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=168,CN) | updated by RW Block was inactive. Reactivated on 20210520 with reason HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6 hr web attacks (IP=168,CN) HTTP: Detect PHP-CGI
119.29.148.168	24	FT	None	2020-08-25 00:00:00	2021-09-04 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=168,CN) | updated by RW Block was inactive. Reactivated on 20210520 with reason HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6 hr web attacks (IP=168,CN) HTTP: Detect PHP-CGI
119.29.148.168	24	RW	None	2021-05-20 00:00:00	2021-09-04 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=168,CN) | updated by RW Block was inactive. Reactivated on 20210520 with reason HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6 hr web attacks (IP=168,CN) HTTP: Detect PHP-CGI
119.29.185.198	24	RB	None	2021-04-05 00:00:00	2021-07-04 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr web attacks (IP=198,CN)
119.29.192.195	24	RR	None	2021-02-20 00:00:00	2021-05-21 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt - Web Attacks (IP=195,CN)
119.29.194.178	24	RB	None	2021-02-13 00:00:00	2021-05-14 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks
119.29.196.201	24	RR	None	2021-03-30 00:00:00	2021-06-28 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=201,CN)
119.29.34.253	24	GM	None	2021-02-14 00:00:00	2021-05-14 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=253,CN)
119.29.62.180	24	ZH	None	2021-05-26 00:00:00	2021-08-24 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=180,CN)
119.29.62.180	24	ZH	None	2021-05-26 00:00:00	2021-08-24 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=180,CN)
119.29.90.144	32	RW	None	2020-12-02 00:00:00	2021-03-02 00:00:00	None	SERVER-WEBAPP ZyXEL P660HN ADSL Router viewlog.asp command injection attempt - Sourcefire (IP=144,CN)
119.3.109.51	24	KD	None	2021-06-03 00:00:00	2021-09-04 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=51,CN)
119.3.127.43	24	RW	None	2021-03-25 00:00:00	2021-06-25 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Sourcefire (IP=43,CN)
119.3.154.224	24	RB	None	2021-04-01 00:00:00	2021-06-30 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=224,CN)
119.3.168.69	24	AR	None	2021-07-12 00:00:00	2021-10-10 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=69,CN)
119.3.182.80	24	BMP	None	2021-08-15 00:00:00	2021-11-13 00:00:00	None	SERVER-APACHE Apache Struts remote code execution attempt (1:49377:1) - SoureFire (IP=80,CN)
119.3.205.226	24	KD	None	2021-09-23 00:00:00	2021-12-22 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=226,CN)
119.3.208.170	24	BB	None	2021-08-01 00:00:00	2021-10-30 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=170,CN)
119.3.21.25	24	AR	None	2021-08-13 00:00:00	2021-11-11 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - 6hr Web Attacks (IP=25,CN)
119.3.220.27	24	RB	None	2021-07-27 00:00:00	2021-10-25 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr web attacks (IP=27,CN)
119.3.222.62	24	RB	None	2021-03-24 00:00:00	2021-06-22 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Sourcefire (IP=62,CN)
119.3.222.62	24	RB	None	2021-03-24 00:00:00	2021-06-22 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr web attacks (IP=62 CN)
119.3.28.39	24	RB	None	2021-06-20 00:00:00	2021-09-18 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=39,CN)
119.3.3.120	32	BB	None	2021-09-07 00:00:00	2021-12-06 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 21C01774 (IP=120,US)
119.37.192.104	24	RW	None	2021-03-25 00:00:00	2021-06-25 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=104,CN)
119.4.225.21	24	BMP	None	2021-03-13 00:00:00	2021-06-11 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=21,CN)
119.42.70.0	24	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	TH Hive Case 4237 TO-S-2021-0910 Malware Activity
119.42.73.17	24	BMP	None	2021-03-25 00:00:00	2021-06-25 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6hr Failed Logons (IP=17,TH)
119.45.11.28	24	FT	None	2020-11-14 00:00:00	2021-02-22 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - 6hr Web Attacks (IP=28,CN)
119.45.139.186	24	EE	None	2021-03-17 00:00:00	2021-06-17 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt (1:51395:1) - SourceFire (IP=186,CN)
119.45.144.153	24	DT	None	2020-11-09 00:00:00	2021-02-08 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Web Attacks (IP=153,CN)
119.45.145.184	24	FT	None	2020-10-31 00:00:00	2021-01-31 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt (1:51395:1) - SourceFire (IP=184,CN)
119.45.15.27	32	wmp	None	2021-02-19 00:00:00	2021-05-19 00:00:00	None	Firepower Suspicious Scan Activity (IP=27,CN)
119.45.156.190	24	FT	None	2020-10-30 00:00:00	2021-01-30 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt (1:51395:1) - Sourcefire (IP=190,CN)
119.45.164.83	24	DT	None	2021-01-17 00:00:00	2021-04-17 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Web Attacks (IP=83,CN)
119.45.168.153	24	GM	None	2020-11-27 00:00:00	2021-02-27 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=153,CN)
119.45.17.159	24	DT	None	2021-02-21 00:00:00	2021-05-22 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - SourceFire (IP=159,CN)
119.45.189.18	24	RR	None	2020-12-14 00:00:00	2021-12-13 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt (1:48837:6) - SourceFire (IP=18,CN) | updated by RB Block expiration extended with reason SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Sourcefire (IP=18,CN)
119.45.190.53	24	FT	None	2021-03-21 00:00:00	2021-06-19 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=53,CN)
119.45.196.53	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	HIVE Case #Firepower Firepower (IP=53,CN)
119.45.203.88	24	EE	None	2021-01-09 00:00:00	2021-04-10 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - 6 HR Web Attack (IP=88,CN) | updated by RB Block expiration extended with reason SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Sourcefire (IP=88,CN)
119.45.207.135	24	RR	None	2021-03-11 00:00:00	2021-06-09 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Web Attacks (IP=135,CN)
119.45.208.164	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=164,CN)
119.45.209.13	24	EE	None	2020-12-15 00:00:00	2021-03-15 00:00:00	None	SERVER-WEBAPP vBulletin PHP code execution attempt - 6 Hr Web Attack (IP=13,CN)
119.45.21.243	24	BMP	None	2020-10-23 00:00:00	2021-01-21 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=243,CN)
119.45.210.252	24	GM	None	2021-03-27 00:00:00	2021-06-25 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=252,CN)
119.45.211.254	24	RR	None	2021-04-15 00:00:00	2021-07-14 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt ) - SourceFire (IP=254,CN)
119.45.220.234	24	RR	None	2020-11-15 00:00:00	2021-02-13 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - SourceFire (IP=234,CN)
119.45.230.66	24	GM	None	2021-03-29 00:00:00	2021-06-29 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=66,CN)
119.45.246.129	32	srm	None	2021-04-07 00:00:00	2021-07-07 00:00:00	None	Firepower Suspicious Scan Activity (IP=129,CN)
119.45.250.54	24	RR	None	2021-02-20 00:00:00	2021-05-21 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt - SourceFire (IP=54,CN)
119.45.34.92	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=92,CN)
119.45.45.202	24	RB	None	2021-02-05 00:00:00	2021-05-05 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt- 6hr web attacks (IP=202,CN)
119.45.48.246	24	EE	None	2021-03-27 00:00:00	2021-06-25 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=246,CN)
119.45.49.175	24	RW	None	2021-03-13 00:00:00	2021-06-13 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=175,CN)
119.45.53.62	24	GM	None	2021-03-29 00:00:00	2021-06-29 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=62,CN)
119.56.215.162	32	wmp	None	2021-04-23 00:00:00	2021-07-23 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=162,KR)
119.57.47.54	24	AR	None	2021-07-04 00:00:00	2021-10-02 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=54,CN)
119.59.82.132	24	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=132,AF)
119.60.5.37	32	wmp	None	2021-04-16 00:00:00	2021-07-16 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=37,CN)
119.62.212.189	24	GM	None	2021-02-20 00:00:00	2021-05-21 00:00:00	None	HTTP: Apache mod_cgi Bash Environment Variable Code Injection - Web Attacks (IP=189,CN)
119.73.112.204	24	RW	None	2021-04-28 00:00:00	2021-07-28 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6 hr failed logons (IP=204,PK)
119.76.37.25	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	TH Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
119.8.7.84	24	RB	None	2021-03-29 00:00:00	2021-06-27 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=84,CN)
119.90.63.50	24	FT	None	2021-03-14 00:00:00	2021-06-14 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=50,CN)
119.92.151.213	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=213,PH)
119.92.196.243	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	PH Hive Case 4237 TO-S-2021-0910 Malware Activity
119.92.233.36	32	srm	None	2021-04-30 00:00:00	2021-07-30 00:00:00	None	Firepower Suspicious Scan Activity (IP=36,PH)
119.93.148.45	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	PH Hive Case 4187 TO-S-2021-0898 Malware Activity
119.93.227.101	32	srm	None	2021-01-29 00:00:00	2021-04-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=101,PH)
119.93.243.114	32	srm	None	2021-01-29 00:00:00	2021-04-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=114,PH)
119.94.3.179	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=179,PH)
119.96.242.51	32	RT	None	2021-09-01 00:00:00	2021-11-30 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) TT# 21C01734 (IP=51,CN)
119.99.232.62	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=62,CN)
12.11.76.10	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=10,US)
12.12.238.2	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=2,US)
12.126.75.38	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=38,US)
12.129.64.198	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=198,US)
12.14.30.98	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=98,US)
12.161.69.22	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=22,US)
12.162.84.2	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malware Activity
12.164.173.82	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=82,US)
12.168.132.167	32	dbc	None	2020-05-22 00:00:00	2021-05-27 00:00:00	None	Unafilliated TO-S-2020-0559 Malicious Email Activity | updated by dbc Block expiration extended with reason Unafilliated TO-S-2020-0559.01 Malicious Email Activity
12.176.154.122	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=122,US)
12.180.59.159	32	dbc	None	2020-06-08 00:00:00	2021-06-08 00:00:00	None	Unafiliated TO-S-2020-0592 Malicious Email Activity
12.185.52.82	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=82,US)
12.201.170.162	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=162,US)
12.202.78.210	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=210,US)
12.205.96.102	24	RW	None	2020-12-10 00:00:00	2021-03-10 00:00:00	None	SSH User Authentication Brute Force Attempt - 6hr Failed Logon(IP=102,PR)
12.216.216.78	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	Unaffiliated TO-S-2020-0535 Malicious Email Activity
12.222.170.186	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	US TO-S-2020-0750 Malicious Email Activity
12.227.25.18	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=18,US)
12.244.181.218	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=218,US)
12.246.213.102	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=102,US)
12.27.150.250	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=250,US)
12.34.55.84	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	Unaffiliated TO-S-2020-0535 Malware Activity
12.37.176.162	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=162,US)
12.39.198.204	32	dbc	None	2020-05-22 00:00:00	2021-05-27 00:00:00	None	Unafilliated TO-S-2020-0559 Malicious Email Activity | updated by dbc Block expiration extended with reason Unafilliated TO-S-2020-0559.01 Malicious Email Activity
12.41.112.68	32	JKC	None	2021-06-08 00:00:00	2021-06-08 00:00:00	None	Malicious IP Hive Case 2977 TIPPER 20-0172 (ip=68, US)
12.50.2.233	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=233,US)
12.88.195.178	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=178,US)
120.131.7.252	24	BMP	None	2021-04-02 00:00:00	2021-07-01 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=252,CN)
120.132.101.202	24	RW	None	2021-03-31 00:00:00	2021-06-30 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability - 6hr web attacks (IP=202,CN)
120.132.12.21	24	BMP	None	2021-03-30 00:00:00	2021-06-28 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=21,CN)
120.132.17.195	24	BB	None	2021-08-17 00:00:00	2021-11-15 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Web Attacks (IP=195,CN)
120.133.21.12	24	BMP	None	2021-03-25 00:00:00	2021-06-23 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - SourceFire (IP=12,CN)
120.133.27.132	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=132,CN)
120.138.121.0	24	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	IN TO-S-2020-0331 Malware Activity
120.138.121.26	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	IN TO-S-2020-0331 Malicious Reconnaissance Activity
120.138.15.140	24	KH	None	2021-07-27 00:00:00	2021-10-25 00:00:00	None	Generic URI Injection wget Attempt - FE IPS (IP=140,IN)
120.148.156.123	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	AU TO-S-2020-0331 Malicious Web Application Activity
120.149.172.67	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	AU Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
120.15.87.58	24	SW	None	2021-06-17 00:00:00	2021-09-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=58,CN)
120.150.193.200	32	dbc	None	2020-01-08 00:00:00	2021-01-08 00:00:00	None	AU TO-S-2020-0236 Malicious Email Activity
120.150.52.66	32	wmp	None	2021-03-16 00:00:00	2021-06-16 00:00:00	None	FireEye IPS Hello Peppa Scan (IP=66,AU)
120.151.146.70	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	AU TO-S-2020-0331 Malicious Web Application Activity
120.193.91.193	24	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepwer Suspicious Scan Activity (IP=193,CN)
120.193.91.213	32	srm	None	2021-02-02 00:00:00	2021-05-03 00:00:00	None	Firepwer Suspicious Scan Activity (IP=213,CN)
120.193.93.227	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=227,CN)
120.195.203.8	24	SW	None	2021-06-22 00:00:00	2021-09-22 00:00:00	None	Attempted Access - Inbound Brute Force - TT# 21C01354(IP=8, CN)
120.196.182.41	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firep0wer Suspicious Scan Activity (IP=41,CN)
120.197.53.216	24	FT	None	2021-03-21 00:00:00	2021-06-19 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=216,CN)
120.205.11.94	24	RW	None	2020-11-18 00:00:00	2021-02-18 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=94,CN)
120.209.126.243	24	GM	None	2020-10-08 00:00:00	2021-01-08 00:00:00	None	Generic URI Injection wget Attempt - FE CMS/IPS alerts (IP=243,CN)
120.209.127.187	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=187,CN)
120.209.127.79	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=79,CN)
120.209.98.100	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=100,CN)
120.210.89.79	32	srm	None	2021-02-02 00:00:00	2021-05-03 00:00:00	None	Firepwer Suspicious Scan Activity (IP=79,CN)
120.224.48.33	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=33,CN)
120.224.50.233	24	EE	None	2020-12-18 00:00:00	2021-09-24 00:00:00	None	SSH2 Failed Login Attempt - 6 HR Failed Logons (IP=233,CN) | updated by RR Block was inactive. Reactivated on 20210528 with reason SSH2 Failed Login Attempt - Failed Logons (IP=233,CN) | updated by WR Block expiration extended with reason SSH2 Failed L
120.226.28.62	32	srm	None	2021-04-27 00:00:00	2021-07-26 00:00:00	None	Firepower Suspicious Scan Activity (IP=62,CN)
120.227.22.24	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=24,CN)
120.229.2.201	24	KH	None	2021-08-31 00:00:00	2021-11-29 00:00:00	None	Generic URI Injection wget Attempt - FE IPS (IP=201,CN)
120.232.41.85	24	BMP	None	2021-05-27 00:00:00	2021-08-25 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=85,CN)
120.237.152.78	24	RR	None	2021-05-14 00:00:00	2021-08-12 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=78,CN)
120.237.156.248	24	FT	None	2021-01-11 00:00:00	2021-04-11 00:00:00	None	SERVER-WEBAPP vBulletin template rendering arbitrary PHP code execution attempt - Web Attacks (IP=248,CN)
120.26.57.137	32	RT	None	2021-09-25 00:00:00	2021-12-24 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - TT# 21C01953(IP=137,US)
120.27.197.82	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=82,CN)
120.27.238.42	24	RW	None	2021-04-02 00:00:00	2021-07-02 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability - 6hr web attacks (IP=42,CN)
120.27.40.112	32	AR	None	2021-09-03 00:00:00	2021-12-02 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) TT #21C01746 (IP=112,US)
120.27.92.112	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	HIVE Case #Firepower Firepower (IP=112,CN)
120.28.33.124	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	PH TO-S-2020-0750 Malicious Email Activity
120.29.113.243	32	jkc	None	2020-06-26 00:00:00	2021-06-26 00:00:00	None	Case # 3146 - IOC_ CTO 20-172 malicious callback IP (ip=243,PH)
120.29.123.152	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	PH TO-S-2020-0493 Malware Activity
120.29.152.0	21	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	ID TO-S-2020-0298 Malicious Email Activity
120.29.59.2	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	AU TO-S-2020-0331 Malicious Web Application Activity
120.29.76.178	32	wmp	None	2021-04-27 00:00:00	2021-07-27 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=178,PH)
120.29.76.232	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	PH TO-S-2020-0298 Malicious Email Activity
120.29.86.0	24	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5629 TO-S-2021-1303 (IP=0,PH)
120.32.18.22	32	jkc	None	2020-06-26 00:00:00	2021-06-26 00:00:00	None	Case # 3146 - IOC_ CTO 20-172 malicious callback IP (ip=22,CN)
120.34.174.134	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	HIVE Case #Firepower Firepower (IP=134,CN)
120.4.56.235	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=235,CN)
120.43.100.218	32	srm	None	2021-04-28 00:00:00	2021-07-27 00:00:00	None	Firepower Suspicious Scan Activity (IP=218,CN)
120.43.54.213	32	wmp	None	2021-05-04 00:00:00	2021-08-04 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=213,CN)
120.46.138.214	24	KH	None	2021-07-26 00:00:00	2021-10-24 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=214,CN)
120.46.153.213	24	RR	None	2021-06-20 00:00:00	2021-09-18 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=213,CN)
120.48.18.30	24	BMP	None	2021-06-12 00:00:00	2021-09-10 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=30,CN)
120.48.27.178	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepwer Suspicious Scan Activity (IP=178,CN)
120.48.6.165	24	EE	None	2021-03-28 00:00:00	2021-06-26 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=165,CN)
120.48.7.60	24	BMP	None	2021-01-13 00:00:00	2021-04-13 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt (1:48837:6) - Sourcefire (IP=60,CN)
120.52.152.3	32	wmp	None	2021-05-27 00:00:00	2021-08-27 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=3,CN)
120.53.13.169	24	GM	None	2021-01-03 00:00:00	2021-04-03 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Web Attacks (IP=169,CN)
120.53.229.221	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=221,CN)
120.53.238.43	24	BMP	None	2020-10-30 00:00:00	2021-01-30 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - SourceFire (IP=43,CN)
120.53.242.11	32	srm	None	2021-04-07 00:00:00	2021-07-07 00:00:00	None	Firepower Suspicious Scan Activity (IP=11,CN)
120.53.242.172	24	RB	None	2021-04-07 00:00:00	2021-07-06 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Sourcefire (IP=172,CN)
120.55.124.138	24	EE	None	2021-03-27 00:00:00	2021-06-25 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=138,CN)
120.55.47.169	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=169,CN)
120.57.208.0	20	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,IN)
120.57.96.224	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=224,IN)
120.7.244.188	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=188,CN)
120.70.99.161	24	EE	None	2020-12-31 00:00:00	2021-03-31 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=161,CN)
120.71.180.113	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=113,CN)
120.72.21.106	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	PH TO-S-2020-0298 Malicious Email Activity
120.72.26.179	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	PH TO-S-2020-0331 Malicious Web Application Activity
120.77.201.193	24	DT	None	2021-01-05 00:00:00	2021-04-05 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - 6hr Web Attacks (IP=193,CN)
120.77.208.205	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=205,CN)
120.77.213.134	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=134,CN)
120.77.248.108	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=108,CN)
120.77.43.120	24	EE	None	2021-04-02 00:00:00	2021-07-01 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=120,CN)
120.78.12.25	24	SW	None	2021-07-25 00:00:00	2021-10-23 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=25, CN)
120.78.2.189	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=189,CN)
120.78.88.239	24	ZH	None	2021-07-24 00:00:00	2021-10-22 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23-5.1.31 command injection attempt - 6hr Web Attacks (IP=239,CN)
120.79.144.147	32	wmp	None	2021-04-20 00:00:00	2021-07-20 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=147,CN)
120.79.156.8	24	DT	None	2021-03-30 00:00:00	2021-06-28 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=8,CN)
120.79.194.12	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=12,CN)
120.79.198.191	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=191,CN)
120.79.56.155	24	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	TCP: SYN Host Sweep (IP=155,CN)
120.79.71.223	32	RR	None	2021-09-15 00:00:00	2021-12-14 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 21C01866 (IP=223,CN)
120.79.85.199	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=199,CN)
120.8.223.57	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=57,CN)
120.84.113.136	24	KH	None	2021-08-06 00:00:00	2021-11-04 00:00:00	None	Generic URI Injection wget Attempt - FE IPS (IP=136,CN)
120.85.112.94	24	GM	None	2021-03-03 00:00:00	2021-06-03 00:00:00	None	Generic URI Injection wget Attempt - FireEye CMS (IP=94,CN)
120.85.113.105	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=105,CN)
120.85.113.117	24	DT	None	2021-06-24 00:00:00	2021-09-22 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Web Attacks (IP=117,CN)
120.85.113.158	32	srm	None	2021-05-05 00:00:00	2021-08-03 00:00:00	None	Firepower Suspicious Scan Activity (IP=158,CN)
120.85.113.186	32	srm	None	2021-04-23 00:00:00	2021-07-22 00:00:00	None	Firepower Suspicious Scan Activity (IP=186,CN)
120.85.113.199	32	srm	None	2021-05-14 00:00:00	2021-08-12 00:00:00	None	Firepower Suspicious Scan Activity (IP=199,CN)
120.85.113.78	32	srm	None	2021-04-07 00:00:00	2021-07-07 00:00:00	None	Firepower Suspicious Scan Activity (IP=78,CN)
120.85.113.93	32	srm	None	2021-03-30 00:00:00	2021-06-30 00:00:00	None	Firepower Suspicious Scan Activity (IP=93,CN)
120.85.114.0	32	srm	None	2021-05-14 00:00:00	2021-08-12 00:00:00	None	Firepower Suspicious Scan Activity (IP=0,CN)
120.85.114.115	24	KH	None	2021-08-27 00:00:00	2021-11-25 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt (1:46624:2) - Sourcefire (IP=115,CN)
120.85.114.148	32	srm	None	2021-05-14 00:00:00	2021-08-12 00:00:00	None	Firepower Suspicious Scan Activity (IP=148,CN)
120.85.114.178	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=178,CN)
120.85.114.21	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=21,CN)
120.85.114.93	32	srm	None	2021-04-22 00:00:00	2021-07-21 00:00:00	None	Firepower Suspicious Scan Activity (IP=93,CN)
120.85.115.104	32	srm	None	2021-05-04 00:00:00	2021-08-02 00:00:00	None	Firepower Suspicious Scan Activity (IP=104,CN)
120.85.115.122	32	srm	None	2021-04-07 00:00:00	2021-07-07 00:00:00	None	Firepower Suspicious Scan Activity (IP=122,CN)
120.85.115.178	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=178,CN)
120.85.115.183	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=183,CN)
120.85.115.191	32	srm	None	2021-05-17 00:00:00	2021-08-15 00:00:00	None	Firepower Suspicious Scan Activity (IP=191,CN)
120.85.115.59	32	srm	None	2021-04-20 00:00:00	2021-07-19 00:00:00	None	Firepower Suspicious Scan Activity (IP=59,CN)
120.85.116.112	32	srm	None	2021-05-17 00:00:00	2021-08-15 00:00:00	None	Firepower Suspicious Scan Activity (IP=112,CN)
120.85.116.188	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=188,CN)
120.85.116.39	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	HIVE Case #Firepower Firepower (IP=39,CN)
120.85.116.89	32	srm	None	2021-04-22 00:00:00	2021-07-21 00:00:00	None	Firepower Suspicious Scan Activity (IP=89,CN)
120.85.117.101	32	srm	None	2021-04-23 00:00:00	2021-07-22 00:00:00	None	Firepower Suspicious Scan Activity (IP=101,CN)
120.85.117.126	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=126,CN)
120.85.117.15	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=15,CN)
120.85.117.194	32	srm	None	2021-04-07 00:00:00	2021-07-07 00:00:00	None	Firepower Suspicious Scan Activity (IP=194,CN)
120.85.117.249	32	srm	None	2021-04-22 00:00:00	2021-07-21 00:00:00	None	Firepower Suspicious Scan Activity (IP=249,CN)
120.85.117.28	24	SW	None	2021-06-01 00:00:00	2021-08-30 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Web Attacks(IP=28,CN)
120.85.118.125	32	srm	None	2021-03-30 00:00:00	2021-06-30 00:00:00	None	Firepower Suspicious Scan Activity (IP=125,CN)
120.85.118.158	32	srm	None	2021-05-05 00:00:00	2021-08-03 00:00:00	None	Firepower Suspicious Scan Activity (IP=158,CN)
120.85.118.35	32	srm	None	2021-05-17 00:00:00	2021-08-15 00:00:00	None	Firepower Suspicious Scan Activity (IP=35,CN)
120.85.118.71	32	srm	None	2021-04-20 00:00:00	2021-07-19 00:00:00	None	Firepower Suspicious Scan Activity (IP=71,CN)
120.85.119.73	24	GM	None	2021-01-28 00:00:00	2021-04-28 00:00:00	None	Generic URI Injection wget Attempt - FireEye CMS (IP=73,CN)
120.85.147.78	24	KH	None	2021-07-27 00:00:00	2021-10-25 00:00:00	None	Generic URI Injection wget Attempt - FE IPS (IP=78,CN)
120.85.149.224	24	KH	None	2021-07-27 00:00:00	2021-10-25 00:00:00	None	Generic URI Injection wget Attempt - FE IPS (IP=224,CN)
120.85.149.72	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=72,CN)
120.85.164.76	32	srm	None	2021-04-22 00:00:00	2021-07-21 00:00:00	None	Firepower Suspicious Scan Activity (IP=76,CN)
120.85.171.243	32	wmp	None	2021-04-28 00:00:00	2021-07-28 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=243,CN)
120.85.198.91	32	srm	None	2021-05-05 00:00:00	2021-08-03 00:00:00	None	Firepower Suspicious Scan Activity (IP=91,CN)
120.85.209.208	32	srm	None	2021-04-07 00:00:00	2021-07-07 00:00:00	None	Firepower Suspicious Scan Activity (IP=208,CN)
120.85.236.176	32	srm	None	2021-05-04 00:00:00	2021-08-02 00:00:00	None	Firepower Suspicious Scan Activity (IP=176,CN)
120.85.236.39	32	wmp	None	2021-05-21 00:00:00	2021-08-21 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=39,CN)
120.85.236.77	32	srm	None	2021-04-28 00:00:00	2021-07-27 00:00:00	None	Firepower Suspicious Scan Activity (IP=77,CN)
120.85.254.110	32	srm	None	2021-05-17 00:00:00	2021-08-15 00:00:00	None	Firepower Suspicious Scan Activity (IP=110,CN)
120.85.91.158	32	srm	None	2021-05-14 00:00:00	2021-08-12 00:00:00	None	Firepower Suspicious Scan Activity (IP=158,CN)
120.85.91.29	24	GM	None	2021-01-28 00:00:00	2021-04-28 00:00:00	None	Generic URI Injection wget Attempt - FireEye CMS (IP=29,CN)
120.85.92.129	32	srm	None	2021-04-28 00:00:00	2021-07-27 00:00:00	None	Firepower Suspicious Scan Activity (IP=129,CN)
120.85.92.140	32	srm	None	2021-04-23 00:00:00	2021-07-22 00:00:00	None	Firepower Suspicious Scan Activity (IP=140,CN)
120.85.92.196	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=196,CN)
120.85.92.224	24	WR	None	2021-05-19 00:00:00	2021-08-17 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - 6hr web attacks (IP=224,CN)
120.85.92.232	32	wmp	None	2021-01-29 00:00:00	2021-04-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=232,CN)
120.85.92.242	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	HIVE Case #Firepower Firepower (IP=242,CN)
120.85.92.73	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=73,CN)
120.85.93.146	32	srm	None	2021-04-07 00:00:00	2021-07-07 00:00:00	None	Firepower Suspicious Scan Activity (IP=146,CN)
120.85.93.170	24	KH	None	2021-08-27 00:00:00	2021-11-25 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt (1:46624:2) - Sourcefire (IP=170,CN)
120.85.93.181	32	srm	None	2021-05-14 00:00:00	2021-08-12 00:00:00	None	Firepower Suspicious Scan Activity (IP=181,CN)
120.85.94.171	32	srm	None	2021-03-30 00:00:00	2021-06-30 00:00:00	None	Firepower Suspicious Scan Activity (IP=171,CN)
120.85.94.92	32	srm	None	2021-05-17 00:00:00	2021-08-15 00:00:00	None	Firepower Suspicious Scan Activity (IP=92,CN)
120.85.96.107	32	srm	None	2021-05-04 00:00:00	2021-08-02 00:00:00	None	Firepower Suspicious Scan Activity (IP=107,CN)
120.85.97.158	32	srm	None	2021-04-26 00:00:00	2021-07-25 00:00:00	None	Firepower Suspicious Scan Activity (IP=158,CN)
120.85.97.32	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=32,CN)
120.85.97.43	32	srm	None	2021-05-19 00:00:00	2021-08-17 00:00:00	None	Firepower Suspicious Scan Activity (IP=43,CN)
120.85.98.134	24	KH	None	2021-08-23 00:00:00	2021-11-21 00:00:00	None	Generic URI Injection wget Attempt - FE IPS (IP=134,CN)
120.85.99.11	32	srm	None	2021-04-26 00:00:00	2021-07-25 00:00:00	None	Firepower Suspicious Scan Activity (IP=11,CN)
120.86.147.79	32	srm	None	2021-05-05 00:00:00	2021-08-03 00:00:00	None	Firepower Suspicious Scan Activity (IP=79,CN)
120.86.185.220	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=220,CN)
120.86.185.222	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=222,CN)
120.87.106.56	32	srm	None	2021-05-05 00:00:00	2021-08-03 00:00:00	None	Firepower Suspicious Scan Activity (IP=56,CN)
120.87.197.123	24	KH	None	2021-08-06 00:00:00	2021-11-04 00:00:00	None	Generic URI Injection wget Attempt - FE IPS (IP=123,CN)
120.87.49.151	32	srm	None	2021-04-27 00:00:00	2021-07-26 00:00:00	None	Firepower Suspicious Scan Activity (IP=151,CN)
120.89.74.103	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=103,IN)
120.89.74.119	32	srm	None	2021-05-11 00:00:00	2021-08-09 00:00:00	None	Firepower Suspicious Scan Activity (IP=119,IN)
120.89.74.133	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=133,IN)
120.89.74.45	32	srm	None	2021-03-30 00:00:00	2021-06-30 00:00:00	None	Firepower Suspicious Scan Activity (IP=45,IN)
120.9.32.51	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=51,CN)
120.92.132.94	24	CR	None	2021-05-04 00:00:00	2021-08-04 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability_6 hr web attacks (IP=94,CN)
120.92.141.163	24	EE	None	2021-03-12 00:00:00	2021-06-10 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=163,CN)
120.92.144.60	24	RW	None	2021-04-02 00:00:00	2021-07-02 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability - 6hr web attacks (IP=60,CN)
120.92.154.209	24	RB	None	2020-10-15 00:00:00	2021-01-13 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt - 6hr web attack (IP=209,CN)
120.92.21.93	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=93,CN)
120.92.72.52	24	GM	None	2020-10-31 00:00:00	2021-01-31 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=52,CN)
120.92.80.41	24	RR	None	2020-11-08 00:00:00	2021-02-06 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=41,CN)
120.92.91.40	24	CR	None	2021-04-28 00:00:00	2021-07-28 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - Sourcefire (IP=40,CN)
120.92.94.22	24	GM	None	2021-03-29 00:00:00	2021-06-29 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=22,CN)
121.100.19.69	24	RR	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=69,ID)
121.115.224.51	24	RR	None	2021-05-23 00:00:00	2021-08-21 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - SourceFire (IP=51,JP)
121.120.86.182	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=182,MY)
121.121.38.141	32	dbc	None	2020-05-22 00:00:00	2021-05-27 00:00:00	None	Unafilliated TO-S-2020-0559 Malicious Email Activity | updated by dbc Block expiration extended with reason Unafilliated TO-S-2020-0559.01 Malicious Email Activity
121.121.42.138	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=138,MY)
121.121.5.1	24	RW	None	2021-03-25 00:00:00	2021-06-25 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr web attacks (IP=1,MY)
121.122.168.103	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	MY TO-S-2020-0298 Malicious Email Activity
121.122.48.193	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	MY TO-S-2021-0876 Hive Case 4166 Malware Activity
121.122.71.122	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=122,MY)
121.123.29.62	24	EE	None	2021-04-02 00:00:00	2021-11-25 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=62,MY) | updated by ZH Block was inactive. Reactivated on 20210827 with reason HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 21C01616 (IP=62,MY)
121.123.65.240	24	CR	None	2021-05-29 00:00:00	2021-08-27 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - 6hr Web Attacks (IP=240,MY)
121.123.81.96	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	MY TO-S-2020-0303 Malicious Email Activity
121.124.124.40	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	KR TO-S-2021-0876 Hive Case 4166 Malware Activity
121.124.127.169	24	RB	None	2021-03-29 00:00:00	2021-06-27 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr web attacks (IP=169,KR)
121.128.31.213	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	KR TO-S-2020-0331 Malware Activity
121.131.147.86	24	GM	None	2021-02-12 00:00:00	2021-05-12 00:00:00	None	Generic URI Injection wget Attempt - FireEyeCMS (IP=86,KR)
121.131.90.142	24	KD	None	2021-09-01 00:00:00	2021-12-01 00:00:00	None	PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841)- TT# 21C01709 (IP=142,KR)
121.148.171.23	24	DT	None	2021-06-18 00:00:00	2021-09-16 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (1:42857:3) - Source Fire (IP=23,KR)
121.149.81.90	24	SW	None	2021-05-26 00:00:00	2021-08-24 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell
121.151.217.125	24	WR	None	2021-06-27 00:00:00	2021-09-25 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt (1:19559:13) - SourceFire (IP=125,KR)
121.152.10.179	24	RR	None	2021-08-20 00:00:00	2021-11-18 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - Web Attacks (IP=179,KR)
121.158.170.190	24	DT	None	2021-06-25 00:00:00	2021-09-23 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=190,KR)
121.158.244.233	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	KR Hive Case 4237 TO-S-2021-0910 Malicious Web Application Activity
121.159.172.93	32	wmp	None	2021-05-11 00:00:00	2021-08-11 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=93,KR)
121.159.225.204	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	KR TO-S-2020-0303 Malicious Email Activity
121.164.27.232	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	KR TO-S-2020-0298 Malicious Email Activity
121.169.34.16	32	AR	None	2021-07-08 00:00:00	2021-10-06 00:00:00	None	Attempted Access - Inbound Brute Force / SSH: SSH Login - TT# 21C01412 (IP=16,US)
121.17.26.20	24	EE	None	2020-11-19 00:00:00	2021-02-19 00:00:00	None	HTTP: Detect PHP-CGI Remote code Exe vul - 6HR Web Attack (IP=20,CN)
121.170.154.95	24	WR	None	2021-05-27 00:00:00	2021-08-25 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (1:42857:3) - SourceFire (IP=95,KR)
121.171.33.120	24	GM	None	2021-02-24 00:00:00	2021-06-24 00:00:00	None	SERVER-WEBAPP JBoss JMX console access attempt - Sourcefire (IP=120,KR)
121.175.211.197	24	DT	None	2021-08-26 00:00:00	2021-11-24 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt (1:19559:13) - Source Fire (IP=124,KR)
121.179.218.62	24	KH	None	2021-07-27 00:00:00	2021-10-25 00:00:00	None	Nmap Scanner Traffic Detected - FE IPS (IP=62,KR)
121.181.183.110	24	DT	None	2021-06-24 00:00:00	2021-09-22 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=110,KR)
121.190.92.17	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	KR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
121.196.108.185	24	RB	None	2021-04-01 00:00:00	2021-06-30 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=185,CN)
121.196.145.171	24	GM	None	2021-04-03 00:00:00	2021-07-03 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=171,CN)
121.196.150.30	24	FT	None	2021-03-30 00:00:00	2021-06-28 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=30,CN)
121.196.155.84	24	DT	None	2021-01-30 00:00:00	2021-04-30 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - 6hr Web Attacks (IP=84,CN)
121.196.158.30	24	RR	None	2021-06-19 00:00:00	2021-09-17 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Web Attacks (IP=30,CN)
121.196.162.134	24	EE	None	2021-03-27 00:00:00	2021-06-25 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=134,CN)
121.196.163.228	24	BB	None	2021-07-31 00:00:00	2021-10-29 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt (1:51395:1) - SourceFire (IP=228,CN)
121.196.166.9	24	CR	None	2021-04-27 00:00:00	2021-07-26 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Web Attacks (IP=9,CN)
121.196.169.191	24	RW	None	2021-04-11 00:00:00	2021-07-11 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Sourcefire (IP=191,CN)
121.196.170.159	32	RR	None	2021-05-23 00:00:00	2021-08-21 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=159,US)
121.196.171.117	24	RB	None	2021-08-04 00:00:00	2021-11-02 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=117,CN)
121.196.179.171	24	EE	None	2021-04-04 00:00:00	2021-07-03 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attack (IP=171,CN)
121.196.182.176	24	EE	None	2021-04-06 00:00:00	2021-07-05 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability Web Attack (IP=176,CN)
121.196.182.183	24	UA	None	2021-08-26 00:00:00	2021-11-24 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=183,CN)
121.196.214.192	24	BMP	None	2021-08-07 00:00:00	2021-11-05 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=192,CN)
121.196.217.35	24	RB	None	2021-03-30 00:00:00	2021-06-28 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr web attacks (IP=35,CN)
121.196.24.122	24	EE	None	2021-03-28 00:00:00	2021-06-26 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=122,CN)
121.196.46.62	24	DT	None	2021-04-09 00:00:00	2021-07-08 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr web attacks (IP=62,CN)
121.196.55.74	24	GM	None	2021-03-27 00:00:00	2021-06-25 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=74,CN)
121.199.29.156	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=156,CN)
121.199.29.156	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=156,CN)
121.199.29.156	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=156,CN)
121.199.71.232	24	RR	None	2021-04-27 00:00:00	2021-07-26 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=232,CN)
121.201.38.124	24	FT	None	2021-03-27 00:00:00	2021-06-25 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=124,CN)
121.201.91.135	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=135,CN)
121.204.142.58	24	FT	None	2021-03-09 00:00:00	2021-06-07 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=58,CN)
121.204.161.39	24	EE	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=39,CN)
121.206.166.144	24	KH	None	2021-08-06 00:00:00	2021-11-04 00:00:00	None	Generic URI Injection wget Attempt - FE IPS (IP=144,CN)
121.206.24.7	24	RR	None	2021-01-07 00:00:00	2021-04-07 00:00:00	None	Generic URI Injection wget Attempt - IPS Events (IP=7,AU)
121.229.12.184	32	FT	None	2020-10-05 00:00:00	2021-01-05 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) (IP=81,CN) - TT# 21C00029 (IP=184,US)
121.23.155.2	24	FT	None	2020-10-31 00:00:00	2021-01-31 00:00:00	None	SERVER-OTHER Mikrotik RouterOS directory traversal attempt (3:47684:1) - SourceFire (IP=155,CN)
121.23.5.214	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=214,CN)
121.237.226.190	24	EE	None	2021-03-22 00:00:00	2021-06-20 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attack(IP=190,CN)
121.243.16.0	21	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	IN TO-S-2020-0331 Malware Activity
121.243.22.130	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	IN TO-S-2020-0331 Malicious Reconnaissance Activity
121.244.147.149	32	dbc	None	2020-01-08 00:00:00	2021-01-08 00:00:00	None	IN TO-S-2020-0236 Malicious Reconnaissance Activity
121.25.28.213	24	KD	None	2021-05-28 00:00:00	2021-08-27 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (1:42857:3) -Sourcefire (IP=213,CN)
121.25.54.241	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=241,CN)
121.25.63.46	32	wmp	None	2021-05-03 00:00:00	2021-08-03 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=46,CN)
121.254.64.91	32	NAB	None	2020-10-30 00:00:00	2021-01-28 00:00:00	None	HIVE Case #4238 COLS-NA-TIP-20-0344 (IP=91,TW)
121.28.15.100	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=100,CN)
121.28.15.5	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=5,CN)
121.28.4.186	24	RW	None	2021-08-02 00:00:00	2021-10-31 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=186,CN)
121.3.89.180	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	JP TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
121.33.221.46	24	GM	None	2021-03-27 00:00:00	2021-06-25 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=46,CN)
121.36.10.31	24	FT	None	2021-03-20 00:00:00	2021-06-18 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=31,CN)
121.36.203.138	24	UA	None	2021-08-04 00:00:00	2021-11-02 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=138,CN)
121.36.226.37	24	RW	None	2021-04-09 00:00:00	2021-07-09 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Sourcefire (IP=37,CN)
121.36.248.248	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=248,CN)
121.36.30.38	24	BMP	None	2021-07-03 00:00:00	2021-10-01 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=38,CN)
121.36.36.200	24	AR	None	2021-07-19 00:00:00	2021-10-17 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=200,CN)
121.36.38.8	24	RR	None	2021-06-12 00:00:00	2021-09-10 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - SourceFire (IP=8,CN)
121.36.5.69	24	BB	None	2021-07-31 00:00:00	2021-10-29 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=69,CN)
121.36.8.130	24	BMP	None	2021-06-22 00:00:00	2021-09-20 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=130,CN)
121.37.153.61	24	RR	None	2021-05-01 00:00:00	2021-07-30 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - SourceFire (IP=61,CN)
121.37.158.191	24	BMP	None	2021-06-23 00:00:00	2021-09-21 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=191,CN)
121.37.163.200	24	FT	None	2021-03-20 00:00:00	2021-06-18 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=200,CN)
121.37.167.217	24	RR	None	2021-05-29 00:00:00	2021-08-27 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - SourceFire (IP=217,CN)
121.37.168.149	24	EE	None	2021-03-19 00:00:00	2021-06-17 00:00:00	None	SERVER-WEBAPP JBoss JMXInvokerServlet access attempt (1:24343:4) - SourceFire (IP=149,CN)
121.37.180.242	24	AR	None	2021-08-29 00:00:00	2021-11-27 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attack (IP=242,CN)
121.37.189.43	24	BMP	None	2021-05-26 00:00:00	2021-08-24 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=43,CN)
121.37.232.215	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=215,CN)
121.37.234.98	24	BB	None	2021-08-23 00:00:00	2021-11-22 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=98,CN) | updated by KD Block expiration extended with reason SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=98,CN)
121.37.254.147	24	GM	None	2021-03-29 00:00:00	2021-06-29 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=147,CN)
121.4.101.46	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=46,CN)
121.4.106.243	24	RB	None	2021-04-04 00:00:00	2021-07-03 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6hr failed logons (IP=243,CN)
121.4.108.59	24	EE	None	2021-03-28 00:00:00	2021-06-26 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks(IP=59,CN)
121.4.116.148	32	DT	None	2021-08-31 00:00:00	2021-11-29 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 21C01683 (IP=148,CN)
121.4.131.160	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=160,CN)
121.4.134.97	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=97,CN)
121.4.137.30	24	BMP	None	2021-03-13 00:00:00	2021-06-11 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=30,CN)
121.4.140.5	24	EE	None	2021-03-27 00:00:00	2021-06-25 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=5,CN)
121.4.154.34	24	EE	None	2021-03-28 00:00:00	2021-06-26 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=34,CN)
121.4.158.157	24	ZH	None	2021-08-19 00:00:00	2021-11-17 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - 6hr web attacks (IP=157,CN)
121.4.167.79	24	BMP	None	2021-03-27 00:00:00	2021-06-25 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=79,CN)
121.4.181.178	24	RB	None	2021-05-15 00:00:00	2021-08-13 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - 6hr web attacks (IP=178,CN)
121.4.243.18	24	RR	None	2021-06-06 00:00:00	2021-09-04 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - SourceFire (IP=18,CN)
121.4.253.21	24	RW	None	2021-04-10 00:00:00	2021-07-10 00:00:00	None	SSH User Authentication Brute Force Attempt - 6 hr failed logons (IP=21,CN)
121.4.55.249	24	RB	None	2021-03-30 00:00:00	2021-09-04 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr web attacks (IP=249,CN) | updated by KD Block expiration extended with reason HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=249,CN)
121.4.62.98	24	RB	None	2021-03-26 00:00:00	2021-09-11 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Sourcefire (IP=98,CN) | updated by RR Block expiration extended with reason HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=98,CN) | updated by RR Block expi
121.4.73.203	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=203,CN)
121.4.74.39	24	DT	None	2021-03-13 00:00:00	2021-06-13 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=39,CN)
121.4.89.228	24	GM	None	2021-03-29 00:00:00	2021-06-29 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=228,CN)
121.4.97.243	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=243,CN)
121.42.229.189	24	RB	None	2021-03-24 00:00:00	2021-06-22 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attack (IP=189,CN)
121.44.201.67	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	AU TO-S-2020-0303 Malicious Email Activity
121.46.232.68	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=68,CN)
121.46.25.189	24	GM	None	2021-02-13 00:00:00	2021-05-13 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=189,CN)
121.46.31.172	32	FT	None	2020-10-31 00:00:00	2021-01-31 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Atacks (IP=172,CN)
121.46.31.173	24	DT	None	2020-11-06 00:00:00	2021-02-06 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - 6hr Web Attacks (IP=173,CN)
121.5.109.30	24	FT	None	2021-03-21 00:00:00	2021-06-19 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=30,CN)
121.5.110.95	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	HIVE Case #Firepower Firepower (IP=95,CN)
121.5.116.110	24	RW	None	2021-03-31 00:00:00	2021-06-30 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Sourcefire (IP=110,CN)
121.5.123.44	32	srm	None	2021-03-30 00:00:00	2021-06-30 00:00:00	None	Firepower Suspicious Scan Activity (IP=44,CN)
121.5.147.119	24	EE	None	2021-04-06 00:00:00	2021-07-05 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attack (IP=119,CN)
121.5.149.222	24	EE	None	2021-04-06 00:00:00	2021-07-05 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - Sourcefire (IP=222,CN)
121.5.155.158	24	BB	None	2021-07-05 00:00:00	2021-10-03 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=158,CN)
121.5.184.126	24	KD	None	2021-06-02 00:00:00	2021-08-31 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt- Web Attacks (IP=126,CN)
121.5.190.22	24	AR	None	2021-08-30 00:00:00	2021-11-28 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt – 6hr Web Attack (IP=22,CN)
121.5.200.77	24	DT	None	2021-04-04 00:00:00	2021-07-03 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841)- 6hr Web Attacks (IP=77,CN)
121.5.202.31	24	BMP	None	2021-03-23 00:00:00	2021-06-21 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - 6hr Web Attacks (IP=31,CN)
121.5.219.20	24	RR	None	2021-03-30 00:00:00	2021-06-28 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=20,CN)
121.5.223.121	24	FT	None	2021-04-13 00:00:00	2021-07-12 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr web attacks (IP=121,CN)
121.5.226.36	24	FT	None	2021-04-19 00:00:00	2021-07-18 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=36,CN)
121.5.24.19	24	RW	None	2021-03-13 00:00:00	2021-06-13 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=19,CN)
121.5.250.245	24	RB	None	2021-04-05 00:00:00	2021-08-14 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr web attacks (IP=245,CN) | updated by RW Block expiration extended with reason HTTP: ThinkPHP CMS Getshell Vulnerability - web attacks (IP=245,CN)
121.5.26.33	24	DT	None	2021-03-25 00:00:00	2021-06-23 00:00:00	None	TCP: SYN Host Sweep (IP=33,CN)
121.5.3.85	24	GM	None	2021-03-24 00:00:00	2021-06-24 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=85,CN)
121.5.44.33	24	EE	None	2021-03-27 00:00:00	2021-09-07 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=33,CN) | updated by RB Block expiration extended with reason HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=33,CN) | updated by RR Block expiration extended wit
121.5.48.232	32	srm	None	2021-03-30 00:00:00	2021-06-30 00:00:00	None	Firepower Suspicious Scan Activity (IP=232,CN)
121.5.52.238	24	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	TCP: SYN Host Sweep (IP=238,CN)
121.5.72.228	24	RW	None	2021-02-03 00:00:00	2021-05-03 00:00:00	None	Authentication Failure - 6 hr failed logons (IP=228,CN)
121.52.136.0	21	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	ID TO-S-2020-0331 Malicious Web Application Activity
121.54.196.32	24	RR	None	2021-08-24 00:00:00	2021-11-22 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=32, KR)
121.58.199.68	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	PH TO-S-2021-0876 Hive Case 4166 Malicious Web Application Activity
121.58.216.21	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	PH Hive Case 4237 TO-S-2021-0910 Malware Activity
121.58.241.230	24	BMP	None	2021-03-13 00:00:00	2021-06-13 00:00:00	None	SERVER-WEBAPP Liferay arbitrary Java object deserialization attempt - 6hr Web Attacks (IP=230,PH)
121.60.116.123	24	RW	None	2020-12-05 00:00:00	2021-03-05 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 12 hour ET Scans (IP=123,CN)
121.67.47.146	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	KR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
121.7.10.122	24	RB	None	2021-02-26 00:00:00	2021-05-27 00:00:00	None	Hive Case #4984 (IP=122,SG)
121.7.25.23	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	SG TO-S-2020-0303 Malicious Email Activity
121.7.36.20	24	RW	None	2020-11-30 00:00:00	2021-03-02 00:00:00	None	SERVER-WEBAPP ZyXEL P660HN ADSL Router viewlog.asp command injection attempt - Sourcefire (IP=20,SG)
121.78.3.145	24	RR	None	2020-10-29 00:00:00	2021-01-27 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attcks (IP=145,KR)
121.8.107.214	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=214,CN)
121.8.107.214	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=214,CN)
121.8.107.214	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=214,CN)
121.89.166.69	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=69,CN)
121.89.174.221	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	HIVE Case #Firepower Firepower (IP=221,CN)
121.89.197.20	32	srm	None	2021-03-30 00:00:00	2021-06-30 00:00:00	None	Firepower Suspicious Scan Activity (IP=20,CN)
121.89.214.68	24	RR	None	2021-06-14 00:00:00	2021-09-13 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - SourceFire (IP=68,CN) | updated by KD Block expiration extended with reason SERVER-WEBAPP PHPUnit PHP remote code execution attempt- Web Attacks (IP=68,CN)
121.96.64.66	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	PH Hive Case 4237 TO-S-2021-0910 Malware Activity
122.102.24.0	21	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	IN TO-S-2020-0303 Malicious Email Activity
122.112.171.163	24	KD	None	2021-06-15 00:00:00	2021-09-14 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt- Web Attacks (IP=163,CN)
122.112.192.235	24	FT	None	2021-01-31 00:00:00	2021-05-01 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - 6hr Web Attacks (IP=235,CN)
122.112.219.38	24	AR	None	2021-06-26 00:00:00	2021-09-24 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=38,CN)
122.112.220.13	24	RW	None	2021-03-07 00:00:00	2021-06-07 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=13,CN)
122.112.238.25	24	KH	None	2021-07-12 00:00:00	2021-10-10 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6 hr Web Attacks (IP=25,CN)
122.112.247.76	24	KD	None	2021-06-15 00:00:00	2021-09-14 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability- Web Attacks (IP=76,CN)
122.116.190.233	24	RT	None	2021-07-30 00:00:00	2021-10-28 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - 6 HR WebAttack (IP=233,TW)
122.118.18.78	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	TW Hive Case 4237 TO-S-2021-0910 Malware Activity
122.128.78.243	24	RR	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=243,KR)
122.132.23.90	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	JP TO-S-2020-0459 Malware Activity
122.134.254.224	32	kmw	None	2020-01-02 00:00:00	2021-01-02 00:00:00	None	JP TO-S-2020-0228 Malicious Email Activity
122.139.63.154	24	FT	None	2021-03-14 00:00:00	2021-06-30 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=154,CN) | updated by RB Block expiration extended with reason HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=154,CN)
122.14.195.57	24	RT	None	2021-06-08 00:00:00	2021-09-06 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt (1:37078:4) - SourceFire Report (IP=57,CN)
122.14.209.13	24	RW	None	2021-05-16 00:00:00	2021-08-14 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - 6hr web attacks (IP=13,CN) | updated by RW Block expiration extended with reason HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=13,CN) HTTP: Det
122.14.209.13	24	RB	None	2021-05-10 00:00:00	2021-08-14 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - 6hr web attacks (IP=13,CN) | updated by RW Block expiration extended with reason HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=13,CN) HTTP: Det
122.14.210.163	24	GM	None	None	2021-08-15 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - Sourcefire (IP=163,KR) | updated by RB Block was inactive. Reactivated on 20210517 with reason HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr web attacks (IP=163,CN)
122.143.132.79	32	srm	None	2021-04-07 00:00:00	2021-07-07 00:00:00	None	Firepower Suspicious Scan Activity (IP=79,CN)
122.144.8.0	21	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	BD TO-S-2020-0298 Malicious Email Activity
122.147.5.170	24	EE	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attack (IP=170,TW)
122.152.201.86	24	BMP	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=86,CN)
122.152.213.156	24	RW	None	2021-02-02 00:00:00	2021-05-02 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - 6hr web attacks (IP=156,CN)
122.154.225.242	24	EE	None	2020-12-26 00:00:00	2021-03-26 00:00:00	None	SERVER-WEBAPP vBulletin pre-authenticated command injection attempt - 6 HR Web Attack (IP=242,TH)
122.176.116.0	22	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	IN Hive Case 4187 TO-S-2021-0898 Malware Activity
122.176.157.110	32	dbc	None	2020-01-08 00:00:00	2021-01-08 00:00:00	None	IN TO-S-2020-0236 Malicious Email Activity
122.176.240.0	21	TLM	None	2021-06-10 00:00:00	2021-12-10 00:00:00	None	HIVE CASE #5606 TO-S-2021-1338
122.176.64.0	22	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,IN)
122.176.74.247	32	srm	None	2021-01-29 00:00:00	2021-04-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=247,IN)
122.176.87.173	24	BMP	None	2021-04-01 00:00:00	2021-06-30 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=173,IN)
122.176.96.0	22	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,IN)
122.177.157.91	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	IN TO-S-2020-0298 Malicious Email Activity
122.179.224.0	20	TLM	None	2021-07-29 00:00:00	2021-10-27 00:00:00	None	HIVE Case #5884 TO-S-2021-1435 (IP=0,IN)
122.180.187.103	24	EE	None	2021-04-15 00:00:00	2021-07-14 00:00:00	None	OS-OTHER Bash CGI environment variable injection attempt - Web Attack (IP=103,IN)
122.180.251.163	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	IN TO-S-2021-0989 Hive Case # 4493 Unknown Malicious Activity
122.180.254.0	24	TLM	None	2021-06-17 00:00:00	2021-12-17 00:00:00	None	HIVE Case #5644 TO-S-2021-1352 (IP=0,IN)
122.186.68.182	24	RR	None	2021-04-01 00:00:00	2021-07-01 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt -SourceFire (IP=182,IN) | updated by BMP Block expiration extended with reason SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=182,IN)
122.188.86.126	24	KH	None	2021-08-06 00:00:00	2021-11-04 00:00:00	None	Generic URI Injection wget Attempt - FE IPS (IP=126,CN)
122.195.197.163	24	KD	None	2021-06-04 00:00:00	2021-09-03 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (1:42857:3)- Source Fire (IP=163,CN)
122.201.19.99	32	dbc	None	2020-05-27 00:00:00	2021-05-27 00:00:00	None	Unafilliated TO-S-2020-0559.01 Malicious Email Activity
122.201.19.99	32	dbc	None	2020-05-22 00:00:00	2021-05-22 00:00:00	None	Unafilliated TO-S-2020-0559 Malicious Email Activity
122.201.80.143	32	TLM	None	2021-06-17 00:00:00	2021-12-17 00:00:00	None	HIVE Case #5644 TO-S-2021-1352 (IP=143,AU)
122.208.115.158	32	wmp	None	2021-04-15 00:00:00	2021-07-15 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=158,JP)
122.227.85.157	32	RT	None	2021-09-01 00:00:00	2021-11-30 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) TT# 21C01736 (IP=157,CN)
122.229.141.249	24	KD	None	2021-06-04 00:00:00	2021-09-03 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt (1:48837:6)- Source Fire (IP=249,CN)
122.248.227.109	24	RR	None	2021-03-29 00:00:00	2021-06-27 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt -SourceFire (IP=109,SG)
122.252.238.0	24	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5629 TO-S-2021-1303 (IP=0,IN)
122.252.250.22	32	srm	None	2021-01-29 00:00:00	2021-04-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=22,IN)
122.3.191.247	24	BMP	None	2021-03-23 00:00:00	2021-06-21 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6hr Failed Logons (IP=247,PH)
122.3.236.210	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	PH TO-S-2020-0459 Malware Activity
122.3.51.124	24	RW	None	2021-05-02 00:00:00	2021-08-02 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - Sourcefire (IP=124,PL)
122.51.129.198	32	wmp	None	2021-02-19 00:00:00	2021-05-19 00:00:00	None	Firepower Suspicious Scan Activity (IP=198,CN)
122.51.133.129	24	RR	None	2021-04-01 00:00:00	2021-06-30 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt -SourceFire (IP=129,CN)
122.51.180.30	24	FT	None	2020-11-14 00:00:00	2021-02-22 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=30,CN)
122.51.185.241	24	RW	None	2020-11-09 00:00:00	2021-02-09 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Sourcefire (IP=241,CN)
122.51.207.156	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	srm Firepwer Suspicious Scan Activity (IP=156,CN)
122.51.226.155	24	RB	None	2021-02-26 00:00:00	2021-05-27 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - 6hr web attacks (IP=155,CN)
122.51.230.234	24	BMP	None	2019-12-26 00:00:00	2021-08-10 00:00:00	None	HTTP: SQL Injection Attempt Detected - 6hr Web Attacks (IP=234, CN) | updated by KF Block expiration extended with reason HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability - TT# 20C01823 (IP=234,CN) | updated by Rw Block was inactive. Reacti
122.51.241.15	24	DT	None	2020-05-12 00:00:00	2021-09-27 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - SourceFire (IP=15,CN) | updated by KH Block was inactive. Reactivated on 20210629 with reason HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=15,BR)
122.51.243.251	24	GM	None	2020-11-27 00:00:00	2021-02-27 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Sourcefire (IP=251,CN)
122.51.248.146	24	RB	None	2020-12-09 00:00:00	2021-03-09 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - 6hr web attacks (IP=146,CN)
122.51.253.32	32	DT	None	2020-10-03 00:00:00	2021-01-03 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT # 21C00014 (IP=32,CN)
122.51.90.196	24	RW	None	2021-01-19 00:00:00	2021-04-19 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=196,CN)
122.52.123.120	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	PH TO-S-2020-0303 Malicious Email Activity
122.52.160.0	19	TLM	None	2021-07-29 00:00:00	2021-10-27 00:00:00	None	HIVE Case #5884 TO-S-2021-1435 (IP=0,PH)
122.52.183.184	32	srm	None	2021-01-29 00:00:00	2021-04-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=184,PH)
122.53.122.236	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	PH TO-S-2021-0941 Hive Case 4361 Malware Activity
122.53.127.2	32	TLM	None	2021-06-10 00:00:00	2021-12-10 00:00:00	None	HIVE CASE #5606 TO-S-2021-1338
122.53.144.77	24	EE	None	2021-03-27 00:00:00	2021-06-25 00:00:00	None	SERVER WEBAPP JBoss JMXInvokerServlet access attempt - Web Attacks (IP=77,PH)
122.53.98.240	24	EE	None	2021-02-07 00:00:00	2021-05-07 00:00:00	None	HTTP: SQL Injection Attempt Detected - 6 HR Web Attack (IP=240,PH)
122.54.121.224	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	PH Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
122.55.231.219	24	FT	None	2021-03-21 00:00:00	2021-06-19 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=219,PH)
122.70.128.168	24	GM	None	2021-02-12 00:00:00	2021-05-12 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=168,CN)
122.77.252.55	32	wmp	None	2021-06-17 00:00:00	2021-09-17 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=55,CN)
122.9.138.252	24	GM	None	2021-04-03 00:00:00	2021-07-03 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=252,HK)
122.9.146.72	24	EE	None	2021-03-10 00:00:00	2021-06-10 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6 HR Web Attack (IP=72,HK)
122.9.150.233	24	ZH	None	2021-07-05 00:00:00	2021-10-03 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - Sourcefire Rpt (IP=233,HK)
122.9.160.189	24	BMP	None	2021-06-17 00:00:00	2021-09-15 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=189,HK)
122.9.41.55	24	AR	None	2021-07-12 00:00:00	2021-10-10 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6 Hr Web Attacks (IP=55,HK)
122.9.44.173	24	AR	None	2021-07-10 00:00:00	2021-10-08 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6 Hr Web Attack (IP=173,CN)
122.9.44.73	24	GM	None	2020-11-01 00:00:00	2021-02-01 00:00:00	None	HTTP: SQL Injection Attempt Detected - Web Attacks (IP=73,CN)
122.9.45.139	24	RW	None	2021-04-29 00:00:00	2021-07-29 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Sourcefire (IP=139,VN)
122.9.69.198	24	ZH	None	2021-08-29 00:00:00	2021-11-27 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web attacks (IP=198,CN)
123.1.161.209	32	NAB	None	2021-05-06 00:00:00	2021-11-06 00:00:00	None	HIVE Case #5404 TO-S-21-1270 COLS-NA-TIP-21-0144 (IP=209,HK)
123.10.133.103	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=103,CN)
123.10.33.127	32	srm	None	2021-05-19 00:00:00	2021-08-17 00:00:00	None	Firepower Suspicious Scan Activity (IP=127,CN)
123.100.226.3	24	RB	None	2021-03-01 00:00:00	2021-05-30 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=3,MY)
123.108.161.60	24	GM	None	2020-11-29 00:00:00	2021-03-01 00:00:00	None	Generic URI Injection wget Attempt - FireEye CMS (IP=60,KR)
123.108.201.91	24	GM	None	2020-10-31 00:00:00	2021-01-31 00:00:00	None	HTTP: SQL Injection Attempt Detected - Web Attacks (IP=91,IN)
123.108.248.0	21	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	KH TO-S-2020-0331 Malicious Web Application Activity
123.109.127.53	24	GM	None	2021-01-30 00:00:00	2021-04-30 00:00:00	None	Generic URI Injection wget Attempt - FireEye CMS (IP=53,KR)
123.11.11.101	24	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=101,CN)
123.11.39.213	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=213,CN)
123.12.245.122	24	KH	None	2021-08-06 00:00:00	2021-11-04 00:00:00	None	Generic URI Injection wget Attempt - FE IPS (IP=122,CN)
123.12.6.120	32	wmp	None	2021-05-04 00:00:00	2021-08-04 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=120,CN)
123.121.155.66	24	DT	None	2021-03-22 00:00:00	2021-06-20 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=66,CN)
123.122.162.47	24	RR	None	2021-03-11 00:00:00	2021-06-11 00:00:00	None	FTP Login Failed - Failed Logons (IP=47,CN) | updated by RR Block expiration extended with reason FTP Login Failed - Failed Logons (IP=47,CN)
123.122.179.9	32	jkc	None	2020-06-26 00:00:00	2021-06-26 00:00:00	None	Case # 3146 - IOC_ CTO 20-172 malicious callback IP (ip=9,CN)
123.128.128.205	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=205,CN)
123.128.133.91	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=91,CN)
123.128.236.143	32	srm	None	2021-01-29 00:00:00	2021-04-29 00:00:00	None	Firepwer Suspicious Scan Activity (IP=143,CN)
123.129.2.28	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=28,CN)
123.129.217.182	24	GM	None	2020-10-31 00:00:00	2021-01-31 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Sourcefire (IP=182,CN)
123.129.84.36	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=36,CN)
123.130.166.151	24	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepwer Suspicious Scan Activity (IP=151,CN)
123.130.211.159	24	SW	None	2021-06-01 00:00:00	2021-08-30 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Web Attacks(IP=159,CN)
123.130.38.57	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=57,CN)
123.130.61.210	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=210,CN)
123.130.77.225	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=225,CN)
123.131.186.250	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=250,CN)
123.132.219.147	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=147,CN)
123.136.195.206	24	RW	None	2021-04-09 00:00:00	2021-07-09 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - Sourcefire (IP=206,IN)
123.14.114.227	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=227,CN)
123.14.199.130	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=130,CN)
123.140.238.40	24	RKM	None	2020-08-10 00:00:00	2021-11-08 00:00:00	None	HIVE Case #3529 IOC_PowerShell EMPIRE and PowerShell EMPYRE Samples and C&C Infrastructure (IP=40,KR)
123.159.113.52	32	srm	None	2021-04-07 00:00:00	2021-07-07 00:00:00	None	Firepower Suspicious Scan Activity (IP=52,CN)
123.159.125.229	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	HIVE Case #Firepower Firepower (IP=229,CN)
123.160.221.25	32	wmp	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=25,CN)
123.160.221.27	32	wmp	None	2021-04-26 00:00:00	2021-07-26 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=27,CN)
123.160.221.7	32	wmp	None	2021-06-29 00:00:00	2021-09-29 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=7,CN)
123.172.49.73	24	KD	None	2021-06-03 00:00:00	2021-09-04 00:00:00	None	HTTP: php.cgi Buffer Overflow - Web Attacks (IP=73,CN)
123.172.81.234	24	RR	None	2021-05-23 00:00:00	2021-08-21 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - SourceFire (IP=234,CN)
123.188.255.60	24	BMP	None	2021-03-10 00:00:00	2021-06-10 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=60,CN)
123.189.75.230	24	UA	None	2021-05-31 00:00:00	2021-08-29 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell - Exploit - Web Attacks (IP=230,CN)
123.191.164.92	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=92,CN)
123.192.232.0	22	TLM	None	2021-07-29 00:00:00	2021-10-27 00:00:00	None	HIVE Case #5884 TO-S-2021-1435 (IP=0,TW)
123.193.224.0	19	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,TW)
123.194.18.151	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	TW Hive Case 4237 TO-S-2021-0910 Malware Activity
123.194.20.91	32	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5629 TO-S-2021-1303 (IP=91,TW)
123.194.22.76	32	dbc	None	2020-05-22 00:00:00	2021-05-27 00:00:00	None	Unafilliated TO-S-2020-0559 Malicious Email Activity | updated by dbc Block expiration extended with reason Unafilliated TO-S-2020-0559.01 Malicious Email Activity
123.194.52.79	32	srm	None	2021-01-29 00:00:00	2021-04-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=79,TW)
123.195.21.158	32	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5629 TO-S-2021-1303 (IP=158,TW)
123.195.98.141	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=141,TW)
123.200.6.58	24	ZH	None	2021-07-13 00:00:00	2021-10-11 00:00:00	None	SQL injection - 6hr Web Attacks (IP=58,BD)
123.201.140.0	24	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,IN)
123.202.194.67	24	WR	None	2021-06-23 00:00:00	2021-09-21 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (1:42857:3) - Sourcefire Report (IP=67,HK)
123.205.112.0	20	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	TW Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
123.205.80.0	20	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	TW TO-S-2020-0298 Malicious Email Activity
123.206.203.71	24	RR	None	2020-12-04 00:00:00	2021-03-04 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=71,CN)
123.206.255.39	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=39,CN)
123.207.137.22	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=22,CN)
123.207.137.22	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=22,CN)
123.207.151.66	24	DT	None	2020-10-21 00:00:00	2021-01-21 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Sourcefire (IP=66,CN)
123.207.201.105	24	KH	None	2021-07-06 00:00:00	2021-10-04 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6 hr web attacks (IP=105,CN)
123.207.214.174	24	EE	None	2021-04-02 00:00:00	2021-07-01 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=174,CN)
123.207.222.213	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=213,CN)
123.219.209.86	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	JP TO-S-2020-0303 Malicious Email Activity
123.22.161.248	24	RT	None	2021-07-16 00:00:00	2021-10-14 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6HR Failed Logons (IP=248,VN)
123.231.124.73	24	BMP	None	2021-02-11 00:00:00	2021-05-11 00:00:00	None	SQL injection - 6 HR Web Attacks (IP=73,LK)
123.231.184.0	24	TLM	None	2021-06-17 00:00:00	2021-12-17 00:00:00	None	HIVE Case #5644 TO-S-2021-1352 (IP=0,ID)
123.231.199.0	24	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	ID Hive Case 4187 TO-S-2021-0898 Malware Activity
123.231.210.0	24	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	ID TO-S-2021-1007 Malware Activity
123.231.224.0	20	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	ID TO-S-2020-0303 Malicious Email Activity
123.231.240.0	20	dbc	None	2020-09-17 00:00:00	2021-09-17 00:00:00	None	ID TO-S-2020-0805 Malicious Web Application Activity
123.233.152.249	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=249,CN)
123.234.168.174	24	KH	None	2021-08-06 00:00:00	2021-11-04 00:00:00	None	Generic URI Injection wget Attempt - FE IPS (IP=174,CN)
123.234.184.57	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=57,CN)
123.235.120.142	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=142,CN)
123.235.187.135	24	WR	None	2021-06-23 00:00:00	2021-09-21 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (1:42857:3) - Sourcefire Report (IP=135,CN)
123.245.10.97	24	GM	None	2020-11-29 00:00:00	2021-03-01 00:00:00	None	Generic URI Injection wget Attempt - FireEye CMS (IP=97,CN)
123.25.240.123	24	BB	None	2021-07-05 00:00:00	2021-10-03 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - SourceFire (IP=123,CN)
123.252.222.226	24	KD	None	2021-06-03 00:00:00	2021-09-04 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - Web Attacks (IP=226,IN)
123.27.26.244	24	CR	None	2021-05-11 00:00:00	2021-08-11 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt_Sourcefire (IP=244,VN)
123.28.73.55	24	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepwer Suspicious Scan Activity (IP=55,VN)
123.4.248.174	24	FT	None	2020-10-05 00:00:00	2021-01-05 00:00:00	None	SERVER-WEBAPP Atlassian OAuth plugin multiple versions server side request forgery attempt - SourceFire (IP=174,CN)
123.4.79.48	24	GM	None	2021-01-26 00:00:00	2021-04-26 00:00:00	None	Generic URI Injection wget Attempt - FireEye CMS (IP=48,CN)
123.5.116.110	32	srm	None	2021-04-28 00:00:00	2021-07-27 00:00:00	None	Firepower Suspicious Scan Activity (IP=110,CN)
123.5.140.90	32	srm	None	2021-04-07 00:00:00	2021-07-07 00:00:00	None	Firepower Suspicious Scan Activity (IP=90,CN)
123.5.15.57	24	SW	None	2021-06-09 00:00:00	2021-09-07 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Web Attacks(IP=57, CN)
123.5.5.242	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=242,CN)
123.51.239.121	24	RW	None	2020-11-22 00:00:00	2021-02-22 00:00:00	None	SERVER-APACHE Apache Struts remote code execution attempt - Sourcefire (IP=121,TW)
123.56.1.226	32	srm	None	2021-03-30 00:00:00	2021-06-30 00:00:00	None	Firepower Suspicious Scan Activity (IP=226,CN)
123.56.133.182	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=182,CN)
123.56.170.247	24	RW	None	2021-04-19 00:00:00	2021-07-19 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web attacks (IP=247,CN)
123.56.2.135	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=135,CN)
123.56.222.65	24	AR	None	2021-05-29 00:00:00	2021-08-27 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attack (IP= 65,CN)
123.56.234.0	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	HIVE Case #Firepower Firepower (IP=0,CN)
123.56.69.2	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	HIVE Case #Firepower Firepower (IP=2,CN)
123.56.93.156	32	srm	None	2021-03-30 00:00:00	2021-06-30 00:00:00	None	Firepower Suspicious Scan Activity (IP=156,CN)
123.58.209.89	32	wmp	None	2021-06-22 00:00:00	2021-09-22 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=89,HK)
123.58.210.35	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=35,HK)
123.58.242.2	24	FT	None	2021-03-09 00:00:00	2021-06-07 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=2,CN)
123.58.4.233	24	RR	None	2021-05-14 00:00:00	2021-08-12 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=233,CN)
123.58.4.233	32	srm	None	2021-05-14 00:00:00	2021-08-12 00:00:00	None	Firepower Suspicious Scan Activity (IP=233,CN)
123.58.4.233	24	RB	None	2021-05-14 00:00:00	2021-08-12 00:00:00	None	SERVER-WEBAPP vBulletin pre-authenticated command injection attempt - 6hr web attacks (IP=233,CN)
123.60.0.73	24	RR	None	2021-05-30 00:00:00	2021-08-28 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - SourceFire (IP=73,HK)
123.60.18.58	24	AR	None	2021-08-29 00:00:00	2021-11-27 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attack (IP=58,CN)
123.60.30.72	24	BMP	None	2021-04-02 00:00:00	2021-07-01 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=72,HK)
123.60.47.174	24	SW	None	2021-09-06 00:00:00	2021-12-05 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=174,CN)
123.60.6.77	24	DT	None	2021-03-25 00:00:00	2021-06-23 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=77,HK)
123.63.93.242	24	RB	None	2021-03-24 00:00:00	2021-06-22 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=242 IN)
123.8.28.186	32	srm	None	2021-05-14 00:00:00	2021-08-12 00:00:00	None	Firepower Suspicious Scan Activity (IP=186,CN)
123.8.32.51	24	SW	None	2021-06-01 00:00:00	2021-08-30 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Web Attacks(IP=51,CN)
123.9.197.228	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=228,CN)
123.9.97.143	32	srm	None	2021-03-30 00:00:00	2021-06-30 00:00:00	None	Firepower Suspicious Scan Activity (IP=143,CN)
123.97.157.47	24	DT	None	2021-06-24 00:00:00	2021-09-22 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Web Attacks (IP=47,CN)
124.105.102.249	24	DT	None	2021-03-14 00:00:00	2021-06-14 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=249,PH)
124.105.105.222	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=222,PH)
124.105.192.0	19	TLM	None	2021-07-29 00:00:00	2021-10-27 00:00:00	None	HIVE Case #5884 TO-S-2021-1435 (IP=0,PH)
124.105.224.0	19	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	PH TO-S-2021-0989 Hive Case # 4493 Malware Activity
124.105.32.0	19	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	PH TO-S-2021-0876 Hive Case 4166 Malware Activity
124.106.81.205	32	dbc	None	2020-05-22 00:00:00	2021-05-27 00:00:00	None	Unafilliated TO-S-2020-0559 Malicious Email Activity | updated by dbc Block expiration extended with reason Unafilliated TO-S-2020-0559.01 Malicious Email Activity
124.106.92.226	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	PH Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
124.107.11.115	24	GM	None	2021-01-07 00:00:00	2021-04-07 00:00:00	None	Generic URI Injection wget Attempt - FireEye CMS (IP=115,PH)
124.107.124.210	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=210,PH)
124.107.245.229	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	PH Hive Case 4237 TO-S-2021-0910 Malware Activity
124.107.47.203	32	jkc	None	2021-04-21 00:00:00	2021-10-21 00:00:00	None	Case # 5273 IOC_TO-S-2021-1233 Malicious callback IP
124.107.71.63	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	PH Hive Case 4237 TO-S-2021-0910 Malware Activity
124.112.88.11	24	RB	None	2021-05-09 00:00:00	2021-08-07 00:00:00	None	FTP Login Failed - 6hr failed logons (IP=11,CN)
124.112.89.165	24	RB	None	2021-05-09 00:00:00	2021-08-07 00:00:00	None	FTP Login Failed - 6hr failed logons (IP=165,CN)
124.112.90.57	24	RB	None	2021-05-09 00:00:00	2021-08-07 00:00:00	None	FTP Login Failed - 6hr failed logons (IP=57,CN)
124.112.91.120	24	RB	None	2021-05-09 00:00:00	2021-08-07 00:00:00	None	FTP Login Failed - 6hr failed logons (IP=120,CN)
124.119.135.74	24	GM	None	2021-01-30 00:00:00	2021-04-30 00:00:00	None	Generic URI Injection wget Attempt - FireEye CMS (IP=74,CN)
124.123.184.0	21	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,IN)
124.123.40.0	21	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	IN TO-S-2021-0949 Hive Case 4363 Malware Activity
124.127.102.1	24	DT	None	2021-03-21 00:00:00	2021-06-19 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=1,CN)
124.127.75.2	24	GM	None	2021-03-20 00:00:00	2021-06-18 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=2,CN)
124.129.199.177	24	KH	None	2021-08-06 00:00:00	2021-11-04 00:00:00	None	Generic URI Injection wget Attempt - FE IPS (IP=177,CN)
124.129.221.150	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=150,CN)
124.130.40.31	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=31,CN)
124.131.116.45	24	RW	None	2020-10-03 00:00:00	2021-01-03 00:00:00	None	Malicious IP - Fireeye NX (IP=45,CN)
124.131.117.51	24	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepwer Suspicious Scan Activity (IP=51,CN)
124.131.130.137	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=137,CN)
124.131.131.105	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=105,CN)
124.131.21.137	24	FT	None	2020-10-19 00:00:00	2021-01-19 00:00:00	None	APP-DETECT SSH server detected on non-standard port (1:13586:5) - SourceFire (IP=137,CN)
124.131.54.33	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=33,CN)
124.132.110.150	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=150,CN)
124.132.7.220	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=220,CN)
124.135.71.64	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=64,CN)
124.145.128.44	24	Rw	None	2021-05-10 00:00:00	2021-08-10 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - Sourcefire (IP=44,JP)
124.146.62.207	24	DT	None	2021-06-25 00:00:00	2021-09-23 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=207,KR)
124.150.83.14	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	AU TO-S-2020-0303 Malicious Email Activity
124.156.178.58	24	FT	None	2020-10-24 00:00:00	2021-01-24 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=58,HK)
124.156.18.58	24	RT	None	2021-06-29 00:00:00	2021-09-27 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire Report (IP=58,IN)
124.156.183.97	24	RB	None	2021-03-24 00:00:00	2021-06-22 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Sourcefire (IP=97,HK)
124.156.183.97	24	RB	None	2021-03-24 00:00:00	2021-06-22 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr web attacks (IP=97 HK)
124.156.192.221	24	RT	None	2021-06-04 00:00:00	2021-09-02 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) -Sourcefire Report (IP=221,SG)
124.156.197.29	24	SW	None	2021-06-17 00:00:00	2021-09-15 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Source Fire (IP=29,SG)
124.156.198.92	24	CR	None	2019-06-18 00:00:00	2021-09-22 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - SourceFire (IP=92,SG) | updated by DT Block was inactive. Reactivated on 20210624 with reason INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - So
124.156.200.106	24	GM	None	2019-06-17 00:00:00	2021-08-11 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=106,CN) | updated by GM with reason HTTP: Joomla HTTP Header Unauthenticated Remote Code Execution - 20C00652 (IP=56,US) | updated by CR Block was inactive. Reacti
124.156.200.106	24	CR	None	2021-05-11 00:00:00	2021-08-11 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=106,CN) | updated by GM with reason HTTP: Joomla HTTP Header Unauthenticated Remote Code Execution - 20C00652 (IP=56,US) | updated by CR Block was inactive. Reacti
124.156.204.178	24	RT	None	2021-06-23 00:00:00	2021-09-21 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire Report (IP=178,SG)
124.156.208.90	24	RB	None	2019-06-14 00:00:00	2021-09-06 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt_SourceFire (IP=90,JP) | updated by RT Block was inactive. Reactivated on 20210608 with reason INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sour
124.156.210.250	24	WR	None	2021-06-23 00:00:00	2021-09-22 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire Report (IP=250,JP) | updated by ZH Block expiration extended with reason INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - S
124.156.210.250	24	ZH	None	2021-06-24 00:00:00	2021-09-22 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire Report (IP=250,JP) | updated by ZH Block expiration extended with reason INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - S
124.156.211.97	24	RB	None	2019-06-14 00:00:00	2021-08-30 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt_SourceFire (IP=97,JP) | updated by RB with reason INDICATOR-SCAN DNS version.bind string information disclosure attempt_Sourcefire (IP=107,JP) | 2020-01-03 | 2019-09-12 | updated b
124.156.218.232	24	CR	None	2019-06-14 00:00:00	2021-09-06 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt- SourceFire (IP=232,SG) | updated by BMP Block was inactive. Reactivated on 20210608 with reason INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - S
124.156.240.215	24	CR	None	2021-05-13 00:00:00	2021-08-11 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=215,TH)
124.156.241.236	32	srm	None	2021-05-14 00:00:00	2021-08-12 00:00:00	None	Firepower Suspicious Scan Activity (IP=236,TH)
124.156.241.237	24	UA	None	2021-05-18 00:00:00	2021-08-16 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=237,TH)
124.156.244.21	24	KD	None	2021-06-03 00:00:00	2021-09-04 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Source Fire (IP=21,TH)
124.156.245.194	24	CR	None	2021-05-11 00:00:00	2021-08-11 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=194,TH)
124.156.50.108	24	CR	None	2021-05-11 00:00:00	2021-08-11 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt _Sourcefire (IP=108,IN)
124.156.51.16	24	CR	None	2019-10-14 00:00:00	2021-08-24 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt_Sourcefire (IP=16,SG) | updated by PS Block was inactive. Reactivated on 20210526 with reason INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (1:4278
124.156.54.190	24	SW	None	2021-05-19 00:00:00	2021-08-17 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (IP=190,IN)
124.156.54.209	32	srm	None	2021-05-14 00:00:00	2021-08-12 00:00:00	None	Firepower Suspicious Scan Activity (IP=209,IN)
124.156.55.172	32	srm	None	2021-05-17 00:00:00	2021-08-15 00:00:00	None	Firepower Suspicious Scan Activity (IP=172,IN)
124.156.55.214	24	AR	None	2021-05-25 00:00:00	2021-08-23 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire Report(IP=214,IN)
124.156.55.244	32	srm	None	2021-05-17 00:00:00	2021-08-15 00:00:00	None	Firepower Suspicious Scan Activity (IP=244,IN)
124.156.55.36	32	srm	None	2021-05-19 00:00:00	2021-08-17 00:00:00	None	Firepower Suspicious Scan Activity (IP=36,IN)
124.156.55.99	32	srm	None	2021-05-17 00:00:00	2021-08-15 00:00:00	None	Firepower Suspicious Scan Activity (IP=99,IN)
124.156.62.15	24	SW	None	2021-05-20 00:00:00	2021-08-19 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt SourceFire (IP=15,IN)
124.156.63.188	24	RB	None	2019-10-13 00:00:00	2021-08-11 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt_Sourcefire (IP=188 IN) | updated by CR Block was inactive. Reactivated on 20210513 with reason INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=18
124.156.64.22	24	CR	None	2021-05-11 00:00:00	2021-08-11 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt _Sourcefire (IP=22,IN)
124.158.160.0	20	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	ID TO-S-2020-0331 Malicious Web Application Activity
124.158.96.90	24	WR	None	2021-06-23 00:00:00	2021-09-21 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (1:42857:3) - Sourcefire Report (IP=90,MN)
124.163.154.237	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=237,CN)
124.163.72.102	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=102,CN)
124.164.238.47	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=47,CN)
124.172.241.45	24	FT	None	2021-03-27 00:00:00	2021-06-25 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=241,CN)
124.176.110.146	24	RW	None	2020-11-21 00:00:00	2021-02-21 00:00:00	None	SERVER-WEBAPP Zyxel NAS devices command injection attempt - Sourcefire (IP=146,AU)
124.178.232.180	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	AU TO-S-2021-0941 Hive Case 4361 Malicious Web Application Activity
124.186.98.183	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	AU TO-S-2020-0459 Malware Activity
124.187.111.118	24	GM	None	2021-01-02 00:00:00	2021-04-02 00:00:00	None	SERVER-WEBAPP vBulletin pre-authenticated command injection attempt - Sourcefire (IP=118,AU)
124.187.111.139	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	AU TO-S-2021-0876 Hive Case 4166 Malicious Web Application Activity
124.187.245.53	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	AU Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
124.189.15.240	24	GM	None	2020-10-29 00:00:00	2021-01-29 00:00:00	None	SERVER-WEBAPP Zyxel NAS devices command injection attempt - Sourcefire (IP=240,AU)
124.189.47.28	24	GM	None	2020-11-01 00:00:00	2021-02-01 00:00:00	None	SERVER-WEBAPP Zyxel NAS devices command injection attempt - Sourcefire (IP=28,AU)
124.195.190.171	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=171,KR)
124.198.82.6	32	TLM	None	2021-06-10 00:00:00	2021-12-10 00:00:00	None	HIVE CASE #5606 TO-S-2021-1338
124.205.183.36	24	RT	None	2021-05-25 00:00:00	2021-08-23 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks(IP=36,CN)
124.219.104.0	22	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	TW TO-S-2020-0838 Malicious Web Application Activity
124.244.12.242	24	RR	None	2020-12-01 00:00:00	2021-03-01 00:00:00	None	SSH2 Failed Login Attempt - Failed Logon (IP=242,HK)
124.244.12.242	24	RR	None	2020-12-01 00:00:00	2021-03-01 00:00:00	None	SSH2 Failed Login Attempt - Failed Logon (IP=242,HK)
124.248.160.0	19	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	KH Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
124.251.112.36	24	EE	None	2021-03-28 00:00:00	2021-06-26 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks(IP=36,CN)
124.253.196.156	24	RR	None	2021-07-29 00:00:00	2021-10-27 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - SourceFire (IP=156,IN)
124.255.20.145	24	RR	None	2021-01-07 00:00:00	2021-04-07 00:00:00	None	Generic URI Injection wget Attempt - IPS Events (IP=145,JP)
124.42.41.15	32	RB	None	2021-02-22 00:00:00	2021-05-23 00:00:00	None	SERVER-WEBAPP vBulletin pre-authenticated command injection attempt - 6hr web attacks (IP=15,CN)
124.43.23.225	24	BMP	None	2021-03-18 00:00:00	2021-06-16 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6hr Failed Logons (IP=225,LK)
124.43.5.50	24	BB	None	2021-08-01 00:00:00	2021-10-30 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt (1:19559:13) - SourceFire (IP=50,LK)
124.5.74.161	24	GM	None	2020-11-12 00:00:00	2021-02-12 00:00:00	None	Generic URI Injection wget Attempt - FireEye CMS (IP=161,KR)
124.6.184.0	21	TLM	None	2021-07-29 00:00:00	2021-10-27 00:00:00	None	HIVE Case #5884 TO-S-2021-1435 (IP=0,PH)
124.62.159.2	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	KR TO-S-2020-0331 Malicious Web Application Activity
124.66.189.195	24	RW	None	2021-05-07 00:00:00	2021-08-07 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web attacks (IP=195,KR)
124.70.104.118	32	srm	None	2021-04-07 00:00:00	2021-07-07 00:00:00	None	Firepower Suspicious Scan Activity (IP=118,CN)
124.70.107.198	24	BB	None	2021-08-12 00:00:00	2021-11-10 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=198,CN)
124.70.143.149	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=149,CN)
124.70.143.149	24	RB	None	2021-03-11 00:00:00	2021-06-09 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=149,CN)
124.70.151.48	24	GM	None	2021-03-29 00:00:00	2021-06-29 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=22,CN)
124.70.161.23	24	RR	None	2021-03-23 00:00:00	2021-06-21 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt (1:37078:4) -SourceFire (IP=23,CN)
124.70.178.148	24	RR	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=148,CN)
124.70.185.9	24	EE	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attack (IP=9,CN)
124.70.187.83	24	WR	None	2021-06-26 00:00:00	2021-09-24 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6HR Web Attack (IP=83,CN)
124.70.192.62	24	UA	None	2021-07-11 00:00:00	2021-10-09 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6 Hr Web Attack (IP=80,CN)
124.70.205.37	24	BMP	None	2021-08-15 00:00:00	2021-11-13 00:00:00	None	SERVER-APACHE Apache Struts remote code execution attempt (1:49377:1) - SoureFire (IP=37,CN)
124.70.215.61	24	RR	None	2020-12-14 00:00:00	2021-03-14 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Web Attacks (IP=61,CN)
124.70.22.4	24	RR	None	2021-05-14 00:00:00	2021-08-12 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=4,CN)
124.70.25.98	24	KD	None	2021-06-14 00:00:00	2021-09-13 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt- Web Attacks (IP=98,CN)
124.70.27.137	24	RR	None	2021-06-06 00:00:00	2021-09-04 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - SourceFire (IP=137,CN)
124.70.33.191	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=191,CN)
124.70.42.30	24	RT	None	2021-07-21 00:00:00	2021-10-19 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - Sourcefire Report (IP=30,CN)
124.70.51.76	32	AR	None	2021-09-28 00:00:00	2021-12-27 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 21C01976 (IP=76,US)
124.71.107.9	24	BMP	None	2021-05-06 00:00:00	2021-08-05 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=9,CN)
124.71.112.216	24	AR	None	2021-05-29 00:00:00	2021-08-27 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire Report (IP=216,CN)
124.71.134.109	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=109,CN)
124.71.157.33	24	UA	None	2021-05-20 00:00:00	2021-08-19 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=33,CN)
124.71.170.105	24	KD	None	2021-06-15 00:00:00	2021-09-14 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt- Web Attacks (IP=105,CN)
124.71.203.74	24	ZH	None	2021-09-15 00:00:00	2021-12-14 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 21C01854 (IP=74,CN)
124.71.226.146	24	RT	None	2021-07-21 00:00:00	2021-10-19 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6HR Web Attack (IP=146,CN)
124.71.228.249	24	RR	None	2021-05-23 00:00:00	2021-08-21 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - SourceFire (IP=249,CN)
124.71.231.17	24	ZH	None	2021-07-04 00:00:00	2021-10-02 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - Sourcefire Rpt (IP=17,CN)
124.71.232.179	32	AR	None	2021-09-08 00:00:00	2021-12-07 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT#21C01777 (IP=179,US)
124.71.234.206	24	BMP	None	2021-06-10 00:00:00	2021-09-08 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=206,CN)
124.71.28.189	24	DT	None	2021-09-12 00:00:00	2021-12-11 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=189,CN)
124.71.29.33	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=33,CN)
124.71.31.119	24	DT	None	2021-06-25 00:00:00	2021-09-23 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web attacks (IP=119,CN)
124.74.246.230	24	EE	None	2020-11-27 00:00:00	2021-02-27 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=230,CN)
124.79.94.164	24	BMP	None	2021-04-27 00:00:00	2021-07-26 00:00:00	None	SQL injection - 6hr Web Attacks (IP=164,CN)
124.81.96.69	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=69,ID)
124.82.127.164	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	MY TO-S-2020-0298 Malicious Email Activity
124.82.52.181	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	MY Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
124.82.96.114	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	MY Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
124.83.98.238	32	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5629 TO-S-2021-1303 (IP=238,PH)
125.1.55.191	24	RR	None	2021-04-01 00:00:00	2021-06-30 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=191,JP)
125.107.60.99	24	RW	None	2021-04-17 00:00:00	2021-07-17 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web attacks (IP=99,CN)
125.120.52.210	24	EE	None	2021-03-27 00:00:00	2021-06-25 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=210,CN)
125.124.14.112	24	EE	None	2021-04-02 00:00:00	2021-07-01 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=112,CN)
125.124.39.244	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=244,CN)
125.124.79.251	24	FT	None	2020-11-12 00:00:00	2021-02-12 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - 6hr web attacks (IP=251,CN)
125.127.124.95	24	KH	None	2021-08-06 00:00:00	2021-11-04 00:00:00	None	Generic URI Injection wget Attempt - FE IPS (IP=95,CN)
125.143.58.236	32	FT	None	2020-10-03 00:00:00	2021-01-03 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability
125.160.66.252	24	RB	None	2020-10-13 00:00:00	2021-01-11 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - 6hr web attacks (IP=252,ID)
125.160.66.252	24	RB	None	2020-10-13 00:00:00	2021-01-11 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Sourcefire (IP=252,ID)
125.160.77.160	24	RR	None	2021-03-06 00:00:00	2021-06-04 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - SourceFire (IP=160,ID)
125.161.51.5	24	RW	None	2021-04-18 00:00:00	2021-07-18 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web attacks (IP=5,ID)
125.162.182.0	24	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	ID Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
125.162.212.236	24	BMP	None	2021-01-28 00:00:00	2021-04-28 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6hr Failed Logons (IP=236,ID)
125.162.213.128	24	UA	None	2021-05-27 00:00:00	2021-08-25 00:00:00	None	SQL injection - 6hr Web Attacks (IP=128,ID)
125.163.108.216	24	RB	None	2021-06-13 00:00:00	2021-09-11 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - Sourcefire (IP=247,CN)
125.163.22.46	24	BMP	None	2021-04-02 00:00:00	2021-07-01 00:00:00	None	HTTP: PHPUnit Remote Code ExecutionVulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=46,ID)
125.163.3.27	24	CR	None	2021-04-29 00:00:00	2021-07-29 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt _Failed Logon Report (IP=27,ID)
125.164.168.152	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	ID TO-S-2020-0298 Malicious Email Activity
125.164.174.20	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	ID TO-S-2020-0298 Malicious Email Activity
125.164.48.0	20	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	ID Hive Case 4187 TO-S-2021-0898 Malware Activity
125.165.106.169	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	ID TO-S-2020-0331 Malicious Web Application Activity
125.165.106.197	24	RB	None	2020-12-13 00:00:00	2021-12-13 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - 6hr failed logon (IP=197,ID)
125.165.134.169	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	ID TO-S-2020-0331 Malicious Web Application Activity
125.165.176.0	21	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	ID Hive Case 4237 TO-S-2021-0910 Malware Activity
125.165.186.0	23	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	ID Hive Case 4187 TO-S-2021-0898 Malware Activity
125.165.32.0	22	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,ID)
125.168.10.234	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=234,AU)
125.189.160.118	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	KR TO-S-2020-0303 Malicious Email Activity
125.209.192.0	18	dbc	None	2020-06-08 00:00:00	2021-06-08 00:00:00	None	CN TO-S-2020-0592 Malware Activity
125.209.235.168	32	dbc	None	2020-06-08 00:00:00	2021-06-08 00:00:00	None	KR TO-S-2020-0592 Malware Activity
125.21.227.6	24	DT	None	2021-03-23 00:00:00	2021-06-21 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=6,CN)
125.212.129.26	32	NAB	None	2021-04-05 00:00:00	2021-07-04 00:00:00	None	HIVE Case #5201 TO-S-21-1209 (IP=26,VN)
125.212.159.223	32	TLM	None	2021-06-10 00:00:00	2021-12-10 00:00:00	None	HIVE CASE #5606 TO-S-2021-1338
125.212.207.80	32	kmw	None	2020-01-02 00:00:00	2021-01-02 00:00:00	None	VN TO-S-2020-0228 Malicious Email Activity
125.212.240.0	20	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	VN Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
125.213.128.0	19	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	ID TO-S-2021-0989 Hive Case # 4493 Malware Activity
125.24.64.0	19	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	TH Hive Case 4187 TO-S-2021-0898 Malware Activity
125.24.64.82	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	TH TO-S-2020-0331 Malicious Web Application Activity
125.25.102.194	32	srm	None	2021-04-28 00:00:00	2021-07-27 00:00:00	None	Firepower Suspicious Scan Activity (IP=194,TH)
125.25.111.53	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	TH TO-S-2020-0331 Malicious Web Application Activity
125.25.160.0	19	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	TH TO-S-2021-0941 Hive Case 4361 Malware Activity
125.25.64.0	19	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	TH Hive Case 4237 TO-S-2021-0910 Malware Activity
125.25.89.92	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	TH TO-S-2020-0303 Malicious Email Activity
125.26.161.50	24	RB	None	2020-11-16 00:00:00	2021-02-14 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability - 6hr web attacks (IP=50,TH)
125.26.192.0	19	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	TH Hive Case 4187 TO-S-2021-0898 Malware Activity
125.26.23.10	32	TLM	None	2021-06-10 00:00:00	2021-12-10 00:00:00	None	HIVE CASE #5606 TO-S-2021-1338
125.26.234.109	24	KD	None	2021-06-08 00:00:00	2021-09-07 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt (1:19559:13)- Web Attacks (IP=109,TH)
125.26.8.157	24	RW	None	2021-04-23 00:00:00	2021-07-23 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - Sourcefire (IP=157,TH)
125.26.98.125	24	RT	None	2021-07-01 00:00:00	2021-09-29 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6 HR Failed Logons (IP=125,TH)
125.27.20.0	22	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=0,TH)
125.27.250.31	24	RW	None	2021-07-05 00:00:00	2021-10-03 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt (1:19559:13) - Sourcefire (IP=31,TH)
125.27.97.76	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	TH TO-S-2020-0331 Malicious Web Application Activity
125.35.118.6	24	RB	None	2021-03-24 00:00:00	2021-06-25 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - 6hr web attack (IP=6,CN) | updated by RW Block expiration extended with reason SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Sourcefire (IP=6,CN)
125.39.153.142	24	RR	None	2021-03-09 00:00:00	2021-06-07 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=142,CN)
125.40.113.66	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=66,CN)
125.40.74.153	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=153,CN)
125.40.74.185	32	srm	None	2021-05-17 00:00:00	2021-08-15 00:00:00	None	Firepower Suspicious Scan Activity (IP=185,CN)
125.41.137.239	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=239,CN)
125.41.207.165	24	GM	None	2020-11-20 00:00:00	2021-02-20 00:00:00	None	Generic URI Injection wget Attempt - FireEye CMS (IP=165,CN)
125.41.226.247	32	wmp	None	2021-05-14 00:00:00	2021-08-14 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=247,CN)
125.41.3.231	24	GM	None	2020-11-12 00:00:00	2021-02-12 00:00:00	None	Generic URI Injection wget Attempt - FireEye CMS (IP=231,CN)
125.41.6.126	32	wmp	None	2021-05-14 00:00:00	2021-08-14 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=126,CN)
125.41.76.244	32	srm	None	2021-04-20 00:00:00	2021-07-19 00:00:00	None	Firepower Suspicious Scan Activity (IP=244,CN)
125.41.76.255	32	srm	None	2021-04-07 00:00:00	2021-07-07 00:00:00	None	Firepower Suspicious Scan Activity (IP=255,CN)
125.41.81.84	24	RB	None	2021-03-02 00:00:00	2021-05-31 00:00:00	None	Generic URI Injection wget Attempt - IPS Events (IP=84,CN)
125.42.124.231	32	srm	None	2021-03-30 00:00:00	2021-06-30 00:00:00	None	Firepower Suspicious Scan Activity (IP=231,CN)
125.42.30.15	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=15,CN)
125.42.99.217	32	srm	None	2021-05-19 00:00:00	2021-08-17 00:00:00	None	Firepower Suspicious Scan Activity (IP=217,CN)
125.43.101.47	32	wmp	None	2021-05-13 00:00:00	2021-08-13 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=47,CN)
125.43.11.111	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=111,CN)
125.43.112.123	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=123,CN)
125.43.112.182	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=182,CN)
125.43.24.19	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=19,CN)
125.43.57.70	24	KH	None	2021-08-27 00:00:00	2021-11-25 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt (1:46624:2) - Sourcefire (IP=70,CN)
125.43.8.66	24	BB	None	2021-07-13 00:00:00	2021-10-11 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Web Attacks (IP=66,CN)
125.44.10.125	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=125,CN)
125.44.169.124	24	FT	None	2020-10-04 00:00:00	2021-01-04 00:00:00	None	SSH_EVENT_RESPOVERFLOW (128:1:2) - SourceFire (IP=244,CN)
125.44.172.92	24	GM	None	2020-11-28 00:00:00	2021-02-28 00:00:00	None	Generic URI Injection wget Attempt - FireEye CMS (IP=92,CN)
125.44.232.190	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=190,CN)
125.44.234.113	24	GM	None	2021-01-26 00:00:00	2021-04-26 00:00:00	None	Generic URI Injection wget Attempt - FireEye CMS (IP=113,CN)
125.44.55.170	32	srm	None	2021-04-28 00:00:00	2021-07-27 00:00:00	None	Firepower Suspicious Scan Activity (IP=170,CN)
125.45.40.46	24	KH	None	2021-08-27 00:00:00	2021-11-25 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt (1:46624:2) - Sourcefire (IP=46,CN)
125.45.65.11	32	wmp	None	2021-05-21 00:00:00	2021-08-21 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=11,CN)
125.45.67.119	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=119,CN)
125.45.97.84	32	srm	None	2021-05-14 00:00:00	2021-08-12 00:00:00	None	Firepower Suspicious Scan Activity (IP=84,CN)
125.46.206.160	32	srm	None	2021-03-30 00:00:00	2021-06-30 00:00:00	None	Firepower Suspicious Scan Activity (IP=160,CN)
125.47.202.200	32	srm	None	2021-04-20 00:00:00	2021-07-19 00:00:00	None	Firepower Suspicious Scan Activity (IP=200,CN)
125.47.248.135	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=135,CN)
125.47.250.98	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=98,CN)
125.47.74.96	32	wmp	None	2021-05-03 00:00:00	2021-08-03 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=96,CN)
125.58.253.109	24	KD	None	2021-06-07 00:00:00	2021-09-06 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt- Web Attacks (IP=109,CN)
125.63.107.154	24	SW	None	2021-08-20 00:00:00	2021-11-18 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=154, IN)
125.65.42.25	24	BMP	None	2020-10-01 00:00:00	2021-01-01 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=25,CN)
125.65.94.122	24	RB	None	2020-10-22 00:00:00	2021-01-20 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - 6hr web attacks (IP=54,CN)
125.69.24.87	24	KH	None	2021-08-03 00:00:00	2021-11-01 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt (1:19559:13) - Sourcefire (IP=87,CN)
125.72.96.242	24	BMP	None	2021-04-02 00:00:00	2021-07-01 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=242,CN)
125.74.197.100	24	FT	None	2020-11-09 00:00:00	2021-02-10 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - 6hr web attacks (IP=100,CN) | updated by GM Block expiration extended with reason SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Sourcefire (IP=100,CN)
125.74.48.85	24	EE	None	2020-12-15 00:00:00	2021-03-15 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6 Hr Web Attacks (IP=85,CN)
125.74.8.51	24	RW	None	2021-02-04 00:00:00	2021-05-04 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web attacks (IP=51,CN)
125.75.150.19	24	BMP	None	2021-04-02 00:00:00	2021-07-01 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=19,CN)
125.77.188.204	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=204,CN)
125.77.25.119	24	BMP	None	2020-12-24 00:00:00	2021-03-24 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6hr Failed Logons (IP=119,CN)
125.82.34.183	24	KH	None	2021-07-27 00:00:00	2021-10-25 00:00:00	None	Generic URI Injection wget Attempt - FE IPS (IP=183,CN)
125.82.36.141	24	GM	None	2020-11-22 00:00:00	2021-02-22 00:00:00	None	Generic URI Injection wget Attempt - FireEye (IP=141,CN)
125.85.167.151	24	RB	None	2021-05-23 00:00:00	2021-08-21 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability - 6hr web attacks (IP=151,CN)
125.89.95.139	24	FT	None	2021-03-19 00:00:00	2021-06-19 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=139,CN)
126.78.199.104	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	JP TO-S-2020-0698 Malware Activity
126.82.24.78	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	JP TO-S-2020-0303 Malicious Email Activity
128.0.183.226	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=226,CZ)
128.1.248.26	32	KH	None	2021-07-16 00:00:00	2021-12-31 00:00:00	None	Suspicious Telerik UI Request - FE IPS (IP=26,US) | updated by AR Block expiration extended with reason HTTP: Microsoft Windows HTTP.sys Remote Code Execution (CVE-2015-1635) - TT# 22C00013 (IP=26,US)
128.1.248.42	32	RB	None	2021-05-14 00:00:00	2021-08-12 00:00:00	None	HTTP: Microsoft Windows HTTP.sys Remote Code Execution (CVE-2015-1635) - TT# 21C01171 (IP=42,US)
128.106.136.112	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=112,SG)
128.106.166.8	24	RW	None	2020-11-30 00:00:00	2021-03-02 00:00:00	None	SERVER-WEBAPP ZyXEL P660HN ADSL Router viewlog.asp command injection attempt - Sourcefire (IP=8,SG)
128.106.223.10	24	EE	None	2021-02-12 00:00:00	2021-05-12 00:00:00	None	SERVER-WEBAPP LifeRay arbitrary Java object deserialization attempt - 6 HR Web Attack (IP=10,SG)
128.107.253.175	32	GM	None	2020-12-20 00:00:00	2021-03-20 00:00:00	None	Masscan TCP Port Scanner - FireEye CMS (IP=175,US)
128.127.220.213	24	EE	None	2021-04-19 00:00:00	2021-07-18 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt (1:19559:13) - Sourcefire (IP=213,SA)
128.127.64.144	24	BMP	None	2021-03-30 00:00:00	2021-06-28 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=144,DE)
128.14.11.202	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	US TO-S-2020-0493 Malware Activity
128.14.134.134	32	KH	None	2021-07-16 00:00:00	2021-10-14 00:00:00	None	SERVER-IIS Microsoft IIS Range header integer overflow attempt - Sourcefire (IP=134,US) | updated by KH Block was inactive. Reactivated on 20210716 with reason Suspicious Telerik UI Request - FE IPS (IP=134,US) Suspicious Telerik UI Request - FE IPS (IP=134,US)
128.14.134.134	32	RW	None	2020-01-07 00:00:00	2021-10-14 00:00:00	None	SERVER-IIS Microsoft IIS Range header integer overflow attempt - Sourcefire (IP=134,US) | updated by KH Block was inactive. Reactivated on 20210716 with reason Suspicious Telerik UI Request - FE IPS (IP=134,US) Suspicious Telerik UI Request - FE IPS (IP=134,US)
128.14.134.134	32	dbc	None	2020-02-14 00:00:00	2021-10-14 00:00:00	None	SERVER-IIS Microsoft IIS Range header integer overflow attempt - Sourcefire (IP=134,US) | updated by KH Block was inactive. Reactivated on 20210716 with reason Suspicious Telerik UI Request - FE IPS (IP=134,US) Suspicious Telerik UI Request - FE IPS (IP=134,US)
128.14.136.78	32	KH	None	2021-07-22 00:00:00	2021-10-20 00:00:00	None	US TO-S-2020-0298 Malicious Email Activity | updated by KH Block was inactive. Reactivated on 20210722 with reason SSLv2 Client Hello Request Detected - FE IPS (IP=78,US) SSLv2 Client Hello Request Detected - FE IPS (IP=78,US)
128.14.136.78	32	dbc	None	2020-02-14 00:00:00	2021-10-20 00:00:00	None	US TO-S-2020-0298 Malicious Email Activity | updated by KH Block was inactive. Reactivated on 20210722 with reason SSLv2 Client Hello Request Detected - FE IPS (IP=78,US) SSLv2 Client Hello Request Detected - FE IPS (IP=78,US)
128.14.141.102	32	RB	None	2021-05-14 00:00:00	2021-08-12 00:00:00	None	Unauthorized Access-Probe - TT# 21C01173 (IP=102,US)
128.14.141.42	32	RT	None	2021-06-18 00:00:00	2021-09-16 00:00:00	None	Malicious Activity - TT# 21C01336 (IP=42,US)
128.14.209.178	32	CR	None	2019-07-18 00:00:00	2021-02-14 00:00:00	None	SERVER-IIS Microsoft IIS Range header integer overflow attempt - Sourcefire (IP=178,US) | updated by dbc Block was inactive. Reactivated on 20200214 with reason US TO-S-2020-0298 Malicious Email Activity
128.14.211.194	32	RW	None	2021-04-30 00:00:00	2021-07-30 00:00:00	None	HTTP: Microsoft Windows HTTP.sys Remote Code Execution (CVE-2015-1635) - TT# 21C01102 (IP=194,US)
128.14.227.0	24	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	TW Hive Case 4237 TO-S-2021-0910 Malware Activity
128.14.25.118	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	US TO-S-2020-0750 Malicious Email Activity
128.140.192.0	21	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	RU TO-S-2020-0303 Malicious Email Activity
128.140.220.130	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	NL Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
128.189.117.185	24	SW	None	2021-09-13 00:00:00	2021-12-12 00:00:00	None	ColdFusion Error Reporting TT# 21C01838 (IP=185,CA)
128.199.10.207	32	RB	None	2021-03-11 00:00:00	2021-06-09 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=207,US)
128.199.10.47	24	RB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr failed logons (IP=47,SG)
128.199.111.156	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	SG TO-S-2020-0459 Malware Activity
128.199.112.60	24	BMP	None	2021-03-10 00:00:00	2021-06-10 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=60,SG)
128.199.114.234	24	GM	None	2020-11-05 00:00:00	2021-02-05 00:00:00	None	FTP Login Failed - Failed Logons (IP=234,SG)
128.199.115.70	24	EE	None	2021-03-28 00:00:00	2021-06-26 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks(IP=70,SG)
128.199.116.10	32	RW	None	2020-11-22 00:00:00	2021-02-22 00:00:00	None	RADFORD_2_IPS Signature: Attempted Access Inbound Brute Force - TT# 21C00252 (IP=10,US)
128.199.119.198	24	EE	None	2021-03-28 00:00:00	2021-06-26 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=198,SG)
128.199.12.247	32	ZH	None	2021-06-01 00:00:00	2021-08-30 00:00:00	None	SQL injection - Web Attack Report (IP=247,US)
128.199.122.176	24	RW	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr web attacks (IP=176,SG)
128.199.122.191	24	BMP	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=191,SG)
128.199.123.239	32	srm	None	2021-05-17 00:00:00	2021-08-15 00:00:00	None	Firepower Suspicious Scan Activity (IP=239,SG)
128.199.128.248	24	EE	None	2021-03-12 00:00:00	2021-06-10 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=248,SG)
128.199.130.175	24	BMP	None	2021-03-30 00:00:00	2021-06-28 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=175,SG)
128.199.133.70	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	SG TO-S-2020-0459 Malware Activity
128.199.135.117	24	GM	None	2021-03-27 00:00:00	2021-06-25 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=117,SG)
128.199.139.15	24	BB	None	2021-08-19 00:00:00	2021-11-17 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - SourceFire (IP=15,SG)
128.199.142.71	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	SG TO-S-2020-0298 Malware Activity
128.199.144.122	24	RW	None	2021-05-09 00:00:00	2021-08-09 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=122,SG)
128.199.146.130	24	EE	None	2021-04-06 00:00:00	2021-07-05 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire (IP=130,SG)
128.199.148.230	24	BMP	None	2021-03-25 00:00:00	2021-06-23 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=230,SG)
128.199.15.228	32	EE	None	2021-03-27 00:00:00	2021-06-25 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=228,US)
128.199.151.128	24	CR	None	2021-05-04 00:00:00	2021-08-04 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt_Sourcefire (IP=128,SG)
128.199.157.63	24	KD	None	2021-06-03 00:00:00	2021-09-04 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=63,SG)
128.199.157.63	32	srm	None	2021-03-30 00:00:00	2021-06-30 00:00:00	None	Firepower Suspicious Scan Activity (IP=63,SG)
128.199.160.49	24	RB	None	2021-05-14 00:00:00	2021-08-12 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=49,SG) | updated by RB Block expiration extended with reason HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=49,SG) HTTP: ThinkPHP CMS Getshell Vulnerab
128.199.160.49	24	EE	None	2021-03-27 00:00:00	2021-08-12 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=49,SG) | updated by RB Block expiration extended with reason HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=49,SG) HTTP: ThinkPHP CMS Getshell Vulnerab
128.199.161.54	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	SG TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
128.199.161.54	32	NAB	None	2020-11-09 00:00:00	2021-02-07 00:00:00	None	HIVE Case #4283 COLS-NA-TIP-20-0346 (IP=54,SG)
128.199.164.114	24	RB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Sourcefire (IP=114,SG)
128.199.166.79	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	HIVE Case #Firepower Firepower (IP=79,SG)
128.199.176.111	24	GM	None	2021-03-29 00:00:00	2021-06-29 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=111,SG)
128.199.178.104	24	KD	None	2021-06-03 00:00:00	2021-09-04 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=104,SG)
128.199.179.161	24	BMP	None	2021-05-03 00:00:00	2021-08-01 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - SourceFire (IP=161,SG)
128.199.179.161	32	srm	None	2021-05-04 00:00:00	2021-08-02 00:00:00	None	Firepower Suspicious Scan Activity (IP=161,SG)
128.199.18.246	24	ZH	None	2021-06-27 00:00:00	2021-09-25 00:00:00	None	POLICY-OTHER SAP NetWeaver AS LM Configuration Wizard access detected (1:54573:2) - Sourcefire Rpt (IP=246,IN)
128.199.183.75	24	BMP	None	2021-04-01 00:00:00	2021-06-30 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=75,SG)
128.199.188.244	24	RB	None	2021-03-30 00:00:00	2021-06-28 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Sourcefire (IP=244,SG)
128.199.188.244	24	RB	None	2021-03-30 00:00:00	2021-06-28 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Sourcefire (IP=244,SG)
128.199.19.241	24	BMP	None	2021-03-23 00:00:00	2021-06-21 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=241,SG)
128.199.191.76	32	srm	None	2021-05-04 00:00:00	2021-08-02 00:00:00	None	Firepower Suspicious Scan Activity (IP=76,SG)
128.199.191.81	24	CR	None	2021-05-05 00:00:00	2021-08-05 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - FirePower report (IP=81,SG)
128.199.194.41	24	RB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=41,SG)
128.199.195.231	24	BMP	None	2020-12-15 00:00:00	2021-03-15 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - 6hr Web Attacks (IP=231,SG)
128.199.196.217	24	RW	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt - Sourcefire (IP=217,SG)
128.199.196.217	32	BB	None	2021-09-19 00:00:00	2021-12-18 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 21C01894 (IP=217, US)
128.199.20.177	32	srm	None	2021-04-27 00:00:00	2021-07-26 00:00:00	None	Firepower Suspicious Scan Activity (IP=177,IN)
128.199.20.29	24	WR	None	2021-06-26 00:00:00	2021-09-24 00:00:00	None	SQL injection - 6HR Web Attack (IP=29,IN)
128.199.20.72	32	srm	None	2021-05-05 00:00:00	2021-08-03 00:00:00	None	Firepower Suspicious Scan Activity (IP=72,IN)
128.199.203.155	24	EE	None	2021-03-27 00:00:00	2021-06-25 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=155,SG)
128.199.204.241	24	RR	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=241,SG)
128.199.205.217	24	RB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=217,SG)
128.199.208.8	32	BMP	None	2021-05-03 00:00:00	2021-08-01 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - SourceFire (IP=8,US)
128.199.21.136	24	BMP	None	2021-01-11 00:00:00	2021-04-11 00:00:00	None	Backdoor.TROCHILUS - Hive Case 4744 (IP=136,IN)
128.199.21.137	24	ZH	None	2021-06-27 00:00:00	2021-09-25 00:00:00	None	SERVER-WEBAPP Oracle Business Intelligence and XML Publisher XML external entity injection attempt (1:49899:1) - Sourcefire Rpt (IP=137,IN)
128.199.213.49	32	srm	None	2021-03-30 00:00:00	2021-06-30 00:00:00	None	Firepower Suspicious Scan Activity (IP=49,SG)
128.199.215.202	24	GM	None	2021-03-27 00:00:00	2021-06-25 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=202,SG)
128.199.218.35	24	EE	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attack (IP=35,SG)
128.199.22.178	24	WR	None	2021-06-26 00:00:00	2021-09-24 00:00:00	None	POLICY-OTHER SAP NetWeaver AS LM Configuration Wizard access detected (1:54574:2) - SourceFire (IP=178,IN)
128.199.228.60	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	SG Hive Case 4187 TO-S-2021-0898 Malware Activity
128.199.23.13	32	GM	None	2021-04-16 00:00:00	2021-07-16 00:00:00	None	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - TT # 21C01030 (IP=13,US)
128.199.23.2	24	ZH	None	2021-06-27 00:00:00	2021-09-25 00:00:00	None	SERVER-WEBAPP Ruby on Rails render file directory traversal attempt (1:51261:1) - Sourcefire Rpt (IP=2,IN)
128.199.23.243	24	RR	None	2021-02-18 00:00:00	2021-05-19 00:00:00	None	rConfig SQL Injection Vulnerability - Web Attacks (IP=243,SG)
128.199.24.100	32	wmp	None	2021-04-20 00:00:00	2021-07-20 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=100,IN)
128.199.24.127	24	WR	None	2021-06-26 00:00:00	2021-09-24 00:00:00	None	SERVER-WEBAPP Oracle Business Intelligence directory traversal attempt (1:49967:2) - SourceFire (IP=127,IN)
128.199.25.131	32	wmp	None	2021-05-06 00:00:00	2021-08-06 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=131,IN)
128.199.255.158	32	SW	None	2021-08-26 00:00:00	2021-11-24 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) TT# 21C01608
128.199.255.158	24	RR	None	2021-03-30 00:00:00	2021-06-28 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt -SourceFire (IP=158,SG)
128.199.26.19	32	FT	None	2020-12-17 00:00:00	2021-03-17 00:00:00	None	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt - SourceFire (IP=19,IN)
128.199.27.219	32	srm	None	2021-04-27 00:00:00	2021-07-26 00:00:00	None	Firepower Suspicious Scan Activity (IP=219,IN)
128.199.27.71	32	srm	None	2021-04-30 00:00:00	2021-07-30 00:00:00	None	Firepower Suspicious Scan Activity (IP=71,IN)
128.199.29.146	32	wmp	None	2021-05-14 00:00:00	2021-08-14 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=146,IN)
128.199.29.172	24	RB	None	2021-07-01 00:00:00	2021-09-29 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=172,IN)
128.199.29.182	24	GM	None	2020-12-20 00:00:00	2021-03-20 00:00:00	None	SERVER-WEBAPP Oracle WebLogic Server command injection attempt - Sourcefire (IP=182,IN)
128.199.30.11	24	RR	None	2021-07-02 00:00:00	2021-09-30 00:00:00	None	POLICY-OTHER F5 iControl REST interface tm.util.bash invocation attempt - SourceFire (IP=11,US)
128.199.31.95	24	WR	None	2021-06-26 00:00:00	2021-09-24 00:00:00	None	HTTP Request Brute Force Attack - 6hr Failed Logons (IP=95,SG)
128.199.34.31	24	EE	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attack (IP=31,NL)
128.199.44.176	24	RR	None	2021-03-11 00:00:00	2021-06-09 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=176,NL)
128.199.48.71	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	NL TO-S-2021-0876 Hive Case 4166 Malware Activity
128.199.5.11	24	RR	None	2021-01-07 00:00:00	2021-04-07 00:00:00	None	Nuclei Vulnerability Scanner - IPS Events (IP=11,NL)
128.199.56.243	24	RW	None	2021-03-07 00:00:00	2021-06-07 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - 6 hr failed logons (IP=243,NL)
128.199.59.50	24	EE	None	2021-04-02 00:00:00	2021-07-01 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire(IP=50,NL)
128.199.7.44	24	RB	None	2021-03-29 00:00:00	2021-06-27 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - 6hr web attacks (IP=44,SG)
128.199.7.44	32	UA	None	2021-05-18 00:00:00	2021-08-16 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Sourcefire (IP=44,US)
128.199.71.76	24	GM	None	2021-03-29 00:00:00	2021-06-29 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=76,SG)
128.199.73.141	24	EE	None	2021-03-27 00:00:00	2021-06-25 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=141,SG)
128.199.74.178	24	EE	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attack (IP=178,SG)
128.199.75.87	24	BMP	None	2020-06-29 00:00:00	2021-09-29 00:00:00	None	MALWARE-CNC known malicious SSL certificate - Odinaff C&C - SourceFire (IP=87,SG)
128.199.80.55	24	BMP	None	2021-04-02 00:00:00	2021-07-01 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=55,SG)
128.199.89.150	24	GM	None	2020-11-05 00:00:00	2021-02-05 00:00:00	None	HTTP: Blind SQL Injection - Timing - Web Attacks (IP=150,SG)
128.199.91.141	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	SG TO-S-2020-0303 Malicious Email Activity
128.199.92.255	24	GM	None	2021-03-11 00:00:00	2021-06-11 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=255,SG)
128.199.96.220	24	EE	None	2021-03-28 00:00:00	2021-06-26 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=220,SG)
128.199.98.99	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=99,SG)
128.201.175.202	24	RW	None	2021-02-27 00:00:00	2021-05-27 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6 hr failed logons (IP=202,BR)
128.201.180.0	22	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	BR TO-S-2020-0331 Malicious Web Application Activity
128.204.218.103	32	TLM	None	2021-07-29 00:00:00	2021-10-27 00:00:00	None	HIVE Case #5884 TO-S-2021-1435 (IP=103,PL)
128.229.4.2	32	ged	None	2014-05-06 05:00:00	2021-07-02 00:00:00	None	SERVER-WEBAPP handler access (IP=2, US) | updated by GLM Block was inactive. Reactivated on 20210403 with reason Web (HTTP) Attacks (IP=2,US)
128.232.21.75	32	wmp	None	2021-06-22 00:00:00	2021-09-22 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=75,GB)
128.70.192.0	20	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	RU Hive Case 4237 TO-S-2021-0910 Malware Activity
128.90.106.194	24	UA	None	2021-09-01 00:00:00	2021-11-30 00:00:00	None	SQL injection - 6hr web attacks (IP=194,AR)
128.90.158.183	24	FT	None	2020-10-31 00:00:00	2021-01-31 00:00:00	None	Unauthorized Access-Probe/UDP: Host Sweep - TT# 21C00207 (IP=183,ES)
128.90.166.82	32	BMP	None	2020-11-13 00:00:00	2021-02-11 00:00:00	None	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection- TT# 21C00231 (IP=82,US)
128.90.21.160	32	FT	None	2020-10-30 00:00:00	2021-01-30 00:00:00	None	Unauthorized Access-Probe - TT# 21C00197 (IP=160,IS)
129.121.0.31	24	KD	None	2021-06-04 00:00:00	2021-09-03 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (1:42857:3)- Source Fire (IP=31,US)
129.121.2.95	32	YM	None	2018-06-19 05:00:00	2021-04-23 00:00:00	None	HTTP: Blind SQL Injection - Timing (IP=95,US) | updated by dbc Block was inactive. Reactivated on 20200423 with reason US TO-S-2020-0459 Malware Activity
129.121.33.103	32	wmp	None	2020-09-22 00:00:00	2021-10-29 00:00:00	None	HIVE Case #3941 TO-S-2020-0821 COLS-NA-TIP-20-0298 (IP=103,US) | updated by dbc Block expiration extended with reason US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
129.121.4.183	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	US TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
129.121.49.201	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
129.121.5.216	32	wmp	None	2020-07-17 00:00:00	2021-09-17 00:00:00	None	HIVE Case #3353 TO-S-2020-0682 COLS-NA-TIP-20-0223 (IP=216,US) | updated by dbc Block expiration extended with reason US TO-S-2020-0805 Malicious Email Activity
129.132.19.216	32	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	Unaffiliated TO-S-2020-0322 Malware Activity
129.132.202.13	32	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	Unaffiliated TO-S-2020-0322 Malware Activity
129.144.32.149	32	GM	None	2021-01-14 00:00:00	2021-04-14 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=149,US)
129.146.101.83	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	US TO-S-2020-0298 Malicious Email Activity
129.146.108.9	32	BMP	None	2021-04-01 00:00:00	2021-06-30 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - 6hr Web Attacks (IP=9,US)
129.146.158.223	32	GM	None	2021-04-02 00:00:00	2021-07-02 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=223,US)
129.146.170.42	24	DT	None	2021-03-30 00:00:00	2021-06-28 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=82,CN)
129.146.181.9	32	GLM	None	2021-04-05 00:00:00	2021-07-04 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=9,US)
129.146.193.177	32	DT	None	2021-03-30 00:00:00	2021-06-28 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=177,US)
129.146.92.98	32	BMP	None	2021-03-25 00:00:00	2021-06-23 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - 6hr Web Attacks (IP=98,US)
129.152.43.85	32	GM	None	2020-10-25 00:00:00	2021-01-25 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Sourcefire (IP=85,US)
129.158.122.65	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	US TO-S-2020-0298 Malicious Email Activity
129.159.122.158	32	GM	None	2021-04-02 00:00:00	2021-07-02 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=158,US)
129.186.238.35	32	BMP	None	2021-03-23 00:00:00	2021-06-21 00:00:00	None	FILE-OFFICE Microsoft Office Word sprmSDyaTop memory leak attempt (1:39816:6) - SourceFire (IP=35,US)
129.191.21.220	32	AR	None	2021-06-14 00:00:00	2021-09-12 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt (1:48837:6) - SourceFire Report (IP=220,US)
129.204.129.226	24	DT	None	2021-02-25 00:00:00	2021-05-25 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=226,CN)
129.204.184.97	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	srm Firepwer Suspicious Scan Activity (IP=97,CN)
129.204.36.70	24	BMP	None	2021-02-20 00:00:00	2021-05-20 00:00:00	None	CitrixNetScalerGateway - Hive Case 4969 (IP=70,CN)
129.204.36.70	32	BMP	None	2021-02-20 00:00:00	2021-05-20 00:00:00	None	CitrixNetScalerGateway - Hive Case 4969 (IP=70,CN)
129.204.72.248	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=248,CN)
129.204.77.236	24	DT	None	2020-10-09 00:00:00	2021-06-16 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Sourcefire (IP=236,CN) | updated by RB Block expiration extended with reason HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr web attacks (IP=236,CN) | updat
129.204.77.236	32	wmp	None	2021-02-25 00:00:00	2021-05-25 00:00:00	None	FireEye IPS Hello Peppa Scan (IP=236,CN)
129.204.8.130	24	DT	None	2020-06-12 00:00:00	2021-08-31 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Web Attacks (IP=130,CN) | updated by BMP Block was inactive. Reactivated on 20210602 with reason SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt (1:48837:6) - SourceFire (IP
129.204.8.130	24	BMP	None	2021-06-02 00:00:00	2021-08-31 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Web Attacks (IP=130,CN) | updated by BMP Block was inactive. Reactivated on 20210602 with reason SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt (1:48837:6) - SourceFire (IP
129.205.112.0	24	dbc	None	2020-09-17 00:00:00	2021-09-17 00:00:00	None	NG TO-S-2020-0805 Malicious Web Application Activity
129.205.113.0	24	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	NG TO-S-2020-0298 Malicious Email Activity
129.205.113.1	24	ZH	None	2021-08-28 00:00:00	2021-11-26 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6hr Failed logons (IP=1,NG)
129.205.124.0	24	dbc	None	2020-09-17 00:00:00	2021-09-17 00:00:00	None	NG TO-S-2020-0805 Malicious Web Application Activity
129.211.125.29	24	GM	None	2021-03-29 00:00:00	2021-06-29 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=29,CN)
129.211.129.166	24	RB	None	2021-03-29 00:00:00	2021-06-27 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr web attacks (IP=166,CN)
129.211.134.62	24	RW	None	2021-05-15 00:00:00	2021-08-13 00:00:00	None	HTTP: SQL Injection Attempt Detected - Web Attacks (IP=62,CN)
129.211.164.232	32	srm	None	2021-03-30 00:00:00	2021-06-30 00:00:00	None	Firepower Suspicious Scan Activity (IP=232,CN)
129.211.174.106	24	DT	None	2021-01-05 00:00:00	2021-04-05 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - 6hr Web Attacks (IP=106,CN)
129.211.182.118	24	RB	None	2021-02-12 00:00:00	2021-05-12 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - 6hr web attacks (IP=118,CN)
129.211.191.152	24	EE	None	2020-12-31 00:00:00	2021-03-31 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=152,CN)
129.211.73.43	24	RW	None	2021-02-27 00:00:00	2021-05-27 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr web attacks (IP=43,CN)
129.211.88.213	24	EE	None	2021-03-28 00:00:00	2021-06-26 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=213,CN)
129.213.114.87	32	RW	None	2021-03-10 00:00:00	2021-06-10 00:00:00	None	SERVER-WEBAPP LifeRay arbitrary Java object deserialization attempt - 6hr web attacks (IP=87,US)
129.213.147.217	32	RW	None	2021-04-02 00:00:00	2021-07-02 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Sourcefire (IP=217,US)
129.213.153.197	32	RW	None	2021-03-25 00:00:00	2021-06-25 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Sourcefire (IP=197,US)
129.213.154.213	24	DT	None	2020-12-29 00:00:00	2021-03-29 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - SourceFire (IP=5,RU)
129.213.52.132	32	BMP	None	2021-05-25 00:00:00	2021-08-23 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - 6hr Web Attacks (IP=132,US)
129.213.68.151	32	BMP	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	INDICATOR-COMPROMISE PHP backdoor communication attempt (1:50950:1) - SourceFire (IP=151,US)
129.213.98.180	24	GM	None	2021-03-29 00:00:00	2021-06-29 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=180,CN)
129.213.99.142	32	GM	None	2021-03-20 00:00:00	2021-06-18 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=142,US)
129.226.112.0	20	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	CN Hive Case 4237 TO-S-2021-0910 Malware Activity
129.226.159.148	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	SG Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
129.226.162.113	24	RT	None	2021-07-09 00:00:00	2021-10-07 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire Report (IP=113,CN)
129.226.164.29	24	ZH	None	2021-07-05 00:00:00	2021-10-03 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire Rpt (IP=29,HK)
129.226.165.158	24	AR	None	2021-07-02 00:00:00	2021-09-30 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - SourceFire (1:42785:4) (IP=158,HK)
129.226.167.113	24	AR	None	2021-06-26 00:00:00	2021-09-24 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire (IP=113,HK)
129.226.173.114	24	DT	None	2021-06-25 00:00:00	2021-09-23 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Source Fire (IP=114,HK)
129.226.177.249	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	SG TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
129.226.178.238	24	ZH	None	2021-09-08 00:00:00	2021-12-07 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire Rpt (IP=238,HK)
129.226.179.62	32	dbc	None	2020-06-10 00:00:00	2021-06-10 00:00:00	None	Unaffiliated TO-S-2020-0601 Malicious Email Activity
129.226.180.144	24	ZH	None	2021-06-28 00:00:00	2021-09-26 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire Rpt (IP=144,HK)
129.226.185.210	24	AR	None	2021-06-30 00:00:00	2021-09-28 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire (IP=210,HK)
129.226.195.89	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	SG TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
129.226.22.148	24	RR	None	2021-07-02 00:00:00	2021-09-30 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - SourceFire (IP=148,IN)
129.226.225.247	24	BMP	None	2021-08-05 00:00:00	2021-11-03 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire (IP=247,HK)
129.226.226.94	24	KH	None	2021-07-30 00:00:00	2021-10-28 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire (IP=94,HK)
129.226.23.185	24	DT	None	2021-09-03 00:00:00	2021-12-02 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Source Fire (IP=185,IN)
129.226.28.147	24	RT	None	2021-07-01 00:00:00	2021-09-29 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire Report (IP=147,IN)
129.226.32.73	24	DT	None	2021-06-29 00:00:00	2021-09-27 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Source Fire (IP=73,IN)
129.226.33.60	24	BMP	None	2021-08-08 00:00:00	2021-11-06 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire (IP=60,IN)
129.226.35.84	24	BMP	None	2021-05-27 00:00:00	2021-08-25 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire (IP=84,IN)
129.226.38.226	24	AR	None	2021-06-26 00:00:00	2021-09-24 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire (IP=226,IN)
129.226.39.160	24	DT	None	2021-08-31 00:00:00	2021-11-29 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Source Fire (IP=160,IN)
129.226.40.9	24	DT	None	2021-06-25 00:00:00	2021-09-23 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Source Fire (IP=9,IN)
129.226.56.24	32	KF	None	2019-08-19 00:00:00	2021-02-20 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt (IP=24,US) | updated by dbc Block was inactive. Reactivated on 20200220 with reason SG TO-S-2020-0303 Malicious Email Activity
129.226.71.151	32	kmw	None	2020-01-02 00:00:00	2021-01-02 00:00:00	None	SG TO-S-2020-0228 Malicious Email Activity
129.227.190.234	24	DT	None	2021-04-24 00:00:00	2021-07-24 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - 6hr web attacks (IP=234,HK)
129.246.228.52	32	dbc	None	2020-05-13 00:00:00	2021-05-13 00:00:00	None	Unaffiliated TO-S-2020-0503 Malicious Email Activity
129.28.182.145	24	SW	None	2021-07-09 00:00:00	2021-10-07 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=145,CN)
129.56.71.162	32	dbc	None	2020-09-17 00:00:00	2021-09-17 00:00:00	None	NG TO-S-2020-0805 Malicious Web Application Activity
13.124.222.242	24	DT	None	2021-01-28 00:00:00	2021-04-28 00:00:00	None	FTP Login Failed - 6hr Failed Logons (IP=242,KR)
13.124.223.130	24	EE	None	2021-04-02 00:00:00	2021-07-01 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attack (IP=130,KR)
13.124.28.255	24	RT	None	2021-07-21 00:00:00	2021-10-19 00:00:00	None	Django SQL Injection Vulnerability - 6HR Web Attack (IP=255,KR)
13.124.28.255	24	RT	None	2021-07-21 00:00:00	2021-10-19 00:00:00	None	Django SQL Injection Vulnerability - 6HR Web Attack (IP=255,KR)
13.124.57.34	24	RR	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=34,KR)
13.124.82.3	24	EE	None	2021-03-27 00:00:00	2021-06-25 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=3,KR)
13.125.224.83	24	DT	None	2021-03-30 00:00:00	2021-06-28 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=83,KR)
13.210.151.7	24	DT	None	2021-04-09 00:00:00	2021-07-08 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr web attacks (IP=7,AU)
13.212.10.135	24	RW	None	2021-04-02 00:00:00	2021-07-02 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=135,SG)
13.212.120.248	24	KH	None	2021-07-26 00:00:00	2021-10-24 00:00:00	None	SQL injection - Web Attacks (IP=248,SG)
13.212.190.121	24	RR	None	2021-03-23 00:00:00	2021-06-21 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) -SourceFire (IP=121,SG)
13.212.20.214	32	BMP	None	2021-04-02 00:00:00	2021-07-01 00:00:00	None	HTTP: PHPUnit Remote Code ExecutionVulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=214,US)
13.212.54.210	24	ZH	None	2021-06-01 00:00:00	2021-08-30 00:00:00	None	OS-OTHER Bash CGI environment variable injection attempt (1:31978:5) - Sourcefire Report (IP=210,SG)
13.213.0.252	24	RR	None	2021-02-08 00:00:00	2021-05-09 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=252,SP)
13.213.4.242	24	RW	None	2021-04-28 00:00:00	2021-07-28 00:00:00	None	SERVER-APACHE Apache Struts remote code execution attempt - POST parameter - SourceFire (IP=242,SG)
13.224.62.21	32	dbc	None	2020-06-08 00:00:00	2021-06-08 00:00:00	None	FR TO-S-2020-0592 Malicious Email Activity
13.226.253.121	32	BMP	None	2020-06-29 00:00:00	2021-09-29 00:00:00	None	Riskware - Hive Case 3177 (IP=121,US)
13.227.45.71	32	dbc	None	2020-04-08 00:00:00	2021-04-08 00:00:00	None	US TO-S-2020-0419 Malicious Email Activity
13.227.47.82	32	JKC	None	2020-06-11 00:00:00	2021-06-11 00:00:00	None	Malicious IP Hive Case 2987 COLS-NA TIP 20-0165 CTO 20-156 (IP=82, US)
13.229.116.233	24	GM	None	2021-03-27 00:00:00	2021-06-25 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=233,SG)
13.229.128.249	24	EE	None	2021-04-07 00:00:00	2021-07-06 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire (IP=249,SG)
13.229.135.195	32	GM	None	2020-10-29 00:00:00	2021-01-29 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Sourcefire (IP=195,US)
13.229.216.27	24	RW	None	2021-05-14 00:00:00	2021-08-14 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - web attacks (IP=27,SG)
13.229.55.109	24	GM	None	2021-03-11 00:00:00	2021-06-11 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=109,SG)
13.229.55.109	24	GM	None	2021-03-11 00:00:00	2021-06-11 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=109,SG)
13.229.55.109	24	GM	None	2021-03-11 00:00:00	2021-06-11 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=109,SG)
13.231.146.43	24	GM	None	2021-03-27 00:00:00	2021-06-25 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=43,JP)
13.231.152.185	24	BMP	None	2021-03-27 00:00:00	2021-06-25 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=185,JP)
13.232.126.108	24	GM	None	2021-04-02 00:00:00	2021-07-02 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=108,CN)
13.232.206.166	24	RR	None	2021-03-30 00:00:00	2021-06-28 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=166,IN)
13.232.228.52	24	RR	None	2021-03-22 00:00:00	2021-06-20 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=52,IN)
13.232.246.100	24	EE	None	2021-04-02 00:00:00	2021-07-01 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attack (IP=100,IN)
13.232.25.9	24	GM	None	2021-03-29 00:00:00	2021-06-29 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=9,IN)
13.232.252.252	24	GM	None	2020-12-25 00:00:00	2021-03-25 00:00:00	None	SERVER-WEBAPP JBoss admin-console access - Web Attacks (IP=252,IN)
13.232.94.35	24	RW	None	2021-03-06 00:00:00	2021-06-06 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=35,IN)
13.233.102.76	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	IN TO-S-2020-0298 Malicious Email Activity
13.233.105.224	24	BMP	None	2021-04-02 00:00:00	2021-07-01 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=224,IN)
13.233.117.222	24	AR	None	2021-05-29 00:00:00	2021-08-27 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire Report (IP=222,IN)
13.233.121.1	24	RR	None	2021-03-29 00:00:00	2021-06-27 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt -SourceFire (IP=1,IN)
13.233.163.99	24	GM	None	2021-03-24 00:00:00	2021-06-24 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=99,IN)
13.233.193.98	24	CR	None	2021-05-30 00:00:00	2021-08-28 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability - Web Attacks (IP=98,IN)
13.233.193.98	24	CR	None	2021-05-30 00:00:00	2021-08-28 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability - Web Attacks (IP=98,IN)
13.233.50.183	24	DT	None	2021-03-14 00:00:00	2021-06-14 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=183,IN)
13.233.79.235	24	RR	None	2021-03-30 00:00:00	2021-06-28 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt -SourceFire (IP=235,IN)
13.234.78.221	24	RR	None	2021-06-20 00:00:00	2021-09-18 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=221,IN)
13.235.127.153	24	GM	None	2021-03-29 00:00:00	2021-06-29 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=153,IN)
13.235.128.218	24	BMP	None	2021-03-13 00:00:00	2021-06-11 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=218,IN)
13.235.227.231	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	IN Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
13.235.245.187	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	IN TO-S-2020-0298 Malicious Email Activity
13.235.41.5	24	FT	None	2021-04-06 00:00:00	2021-07-05 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=5,IN)
13.235.45.95	24	RW	None	2021-09-27 00:00:00	2021-12-26 00:00:00	None	SQL injection - Web Attacks (IP=95,IN)
13.244.208.23	24	RR	None	2021-06-05 00:00:00	2021-09-03 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=23,ZA)
13.244.232.29	24	DT	None	2021-03-30 00:00:00	2021-06-28 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=29,ZA)
13.249.135.81	32	JKC	None	2020-06-11 00:00:00	2021-06-11 00:00:00	None	Malicious IP Hive Case 2987 COLS-NA TIP 20-0165 CTO 20-156 (ip=81, US)
13.249.87.17	32	dbc	None	2020-05-13 00:00:00	2021-05-13 00:00:00	None	Unaffiliated TO-S-2020-0503 Malicious Email Activity
13.249.87.23	32	dbc	None	2020-05-13 00:00:00	2021-05-13 00:00:00	None	Unaffiliated TO-S-2020-0503 Malicious Email Activity
13.249.87.24	32	dbc	None	2020-05-13 00:00:00	2021-05-13 00:00:00	None	Unaffiliated TO-S-2020-0503 Malicious Email Activity
13.249.87.69	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	Unaffiliated TO-S-2020-0535 Malicious Email Activity
13.249.87.8	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	US TO-S-2020-0698 Malware Activity
13.249.89.111	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	US TO-S-2020-0698 Malicious Email Activity
13.250.240.96	24	RR	None	2021-03-29 00:00:00	2021-06-27 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt -SourceFire (IP=96,SG)
13.250.64.143	24	GM	None	2021-03-11 00:00:00	2021-06-11 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=143,SG)
13.250.64.143	24	GM	None	2021-03-11 00:00:00	2021-06-11 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=143,SG)
13.250.64.143	24	GM	None	2021-03-11 00:00:00	2021-06-11 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=143,SG)
13.251.1.199	24	EE	None	2021-04-20 00:00:00	2021-12-28 00:00:00	None	HIVE Case #6266 IOC_CVE-2021-22005 (IP=199,SG) | updated by EE Block was inactive. Reactivated on 20210929 with reason HIVE Case #6266 IOC_CVE-2021-22005 (IP=199,SG) HIVE Case #6266 IOC_CVE-2021-22005 (IP=199,SG)
13.251.1.199	24	EE	None	2021-04-20 00:00:00	2021-12-28 00:00:00	None	HIVE Case #6266 IOC_CVE-2021-22005 (IP=199,SG) | updated by EE Block was inactive. Reactivated on 20210929 with reason HIVE Case #6266 IOC_CVE-2021-22005 (IP=199,SG) HIVE Case #6266 IOC_CVE-2021-22005 (IP=199,SG)
13.251.1.199	24	EE	None	2021-04-20 00:00:00	2021-12-28 00:00:00	None	HIVE Case #6266 IOC_CVE-2021-22005 (IP=199,SG) | updated by EE Block was inactive. Reactivated on 20210929 with reason HIVE Case #6266 IOC_CVE-2021-22005 (IP=199,SG) HIVE Case #6266 IOC_CVE-2021-22005 (IP=199,SG)
13.251.1.199	24	EE	None	2021-09-29 00:00:00	2021-12-28 00:00:00	None	HIVE Case #6266 IOC_CVE-2021-22005 (IP=199,SG) | updated by EE Block was inactive. Reactivated on 20210929 with reason HIVE Case #6266 IOC_CVE-2021-22005 (IP=199,SG) HIVE Case #6266 IOC_CVE-2021-22005 (IP=199,SG)
13.251.1.199	24	EE	None	2021-09-29 00:00:00	2021-12-28 00:00:00	None	HIVE Case #6266 IOC_CVE-2021-22005 (IP=199,SG)
13.32.199.109	32	ZH	None	2021-08-10 00:00:00	2021-11-08 00:00:00	None	INDICATOR-OBFUSCATION obfuscated javascript excessive fromCharCode - IR# 21C01542 (IP=109,US)
13.32.199.124	32	DT	None	2021-08-13 00:00:00	2021-11-11 00:00:00	None	INDICATOR-OBFUSCATION obfuscated javascript excessive - TT# 21C01553
13.32.199.69	32	AR	None	2021-08-22 00:00:00	2021-11-20 00:00:00	None	INDICATOR-OBFUSCATION obfuscated javascript excessive fromCharCode - potential attack - TT# 21C01586 (IP=69,US)
13.32.199.94	32	ZH	None	2021-07-28 00:00:00	2021-10-26 00:00:00	None	INDICATOR-OBFUSCATION obfuscated javascript excessive - TT# 21C01494 (IP=94,US)
13.36.177.86	32	BB	None	2021-06-15 00:00:00	2021-09-14 00:00:00	None	Unauthorized Access-Probe - TT# 21C01296 - (IP=86, US)
13.49.159.51	24	BMP	None	2021-03-30 00:00:00	2021-06-28 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=51,SE)
13.52.221.227	32	GM	None	2020-12-25 00:00:00	2021-03-25 00:00:00	None	SQL 1 = 1 - possible sql injection attempt - Web Attacks (IP=227,US)
13.53.208.18	24	BMP	None	2021-04-18 00:00:00	2021-07-18 00:00:00	None	FTP Login Failed - 6hr Failed Logons
13.53.64.97	24	EE	None	2021-04-07 00:00:00	2021-07-06 00:00:00	None	FTP Login Failed - Failed Logons (IP=97,SE)
13.54.55.42	24	DT	None	2021-03-13 00:00:00	2021-06-13 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=42,AU)
13.55.89.203	24	BMP	None	2021-04-01 00:00:00	2021-06-30 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=203,AU)
13.56.81.205	32	BMP	None	2020-12-05 00:00:00	2021-03-05 00:00:00	None	SERVER-WEBAPP Cisco ASA directory traversal attempt - 6hr Web Attacks (IP=205,US)
13.58.231.208	32	CR	None	2021-05-06 00:00:00	2021-08-04 00:00:00	None	SQL injection - 6 hr web attack (IP=208,US)
13.59.205.66	15	CJC	None	2020-12-13 00:00:00	2021-03-13 00:00:00	None	Hive Case # 4481 - FireEye Blog IP related to SunBurst Backdoor (IP=66,US)
13.59.24.216	32	GM	None	2020-10-29 00:00:00	2021-01-29 00:00:00	None	SERVER-APACHE Apache Tomcat mod_jk access control bypass attempt - Sourcefire (IP=216,US)
13.64.209.48	32	UA	None	2021-08-30 00:00:00	2021-11-28 00:00:00	None	Attempted Access - Inbound Brute Force- TT# 21C01675 (IP=48,US)
13.64.74.38	32	KH	None	2021-08-04 00:00:00	2021-11-02 00:00:00	None	Attempted Access - Inbound Brute Force - TT# 21C01515 (IP=38,US)
13.65.159.217	32	BMP	None	2021-05-27 00:00:00	2021-08-25 00:00:00	None	SQL injection - 6hr Web Attacks (IP=217,US)
13.65.23.56	32	BMP	None	2021-06-23 00:00:00	2021-09-21 00:00:00	None	SQL injection - 6hr Web Attacks (IP=56,US)
13.65.30.132	32	DT	None	2021-08-25 00:00:00	2021-11-23 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - Source Fire (IP=132,US)
13.66.139.24	32	RB	None	2021-02-16 00:00:00	2021-05-16 00:00:00	None	Self Report: SRF Production Error - IR# 21C00504 (IP=24,US)
13.66.19.176	32	KH	None	2021-08-30 00:00:00	2021-11-28 00:00:00	None	Command Injection - ABC Report (IP=176,US)
13.66.6.68	32	BMP	None	2021-06-15 00:00:00	2021-09-13 00:00:00	None	SQL injection - 6hr Web Attacks (IP=68,US)
13.67.220.45	32	BMP	None	2021-05-26 00:00:00	2021-08-24 00:00:00	None	Adobe ColdFusion Administrator Access Restriction - 6hr Web Attacks (IP=45,US)
13.67.220.45	32	BMP	None	2021-05-26 00:00:00	2021-08-24 00:00:00	None	Adobe ColdFusion Administrator Access Restriction - 6hr Web Attacks (IP=45,US)
13.67.235.145	32	KD	None	2021-08-28 00:00:00	2021-11-26 00:00:00	None	Command Injection (IP=145,US)
13.68.205.226	32	BMP	None	2021-08-16 00:00:00	2021-11-14 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=226,US)
13.68.252.158	32	BMP	None	2021-05-04 00:00:00	2021-08-04 00:00:00	None	FTP Login Failed - 6hr Failed Logons (IP=158,US)
13.69.199.59	24	SW	None	2021-06-22 00:00:00	2021-09-22 00:00:00	None	Attempted Access - Inbound Brute - TT# 21C01353 (IP=59, IE)
13.70.201.35	32	BMP	None	2020-10-19 00:00:00	2021-01-17 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - TT# 21C00153 (IP=35,US)
13.71.6.37	24	KH	None	2021-07-02 00:00:00	2021-09-30 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web attacks (IP=37,IN)
13.72.109.168	32	UA	None	2021-08-09 00:00:00	2021-11-07 00:00:00	None	Attempted Access - Inbound Brute Force - TT# 21C01531 (IP=168,US)
13.72.82.56	32	AR	None	2021-07-08 00:00:00	2021-10-06 00:00:00	None	Attempted Access - Inbound Brute Force - IR# 21C01413 (IP=56,US)
13.73.140.181	24	EE INDICATOR-COMPROMISE	None	2021-03-19 00:00:00	2021-06-17 00:00:00	None	PHP backdoor communication attempt (1:50950:1) - SourceFire (IP=181,NL)
13.74.137.190	24	DT	None	2021-03-13 00:00:00	2021-06-13 00:00:00	None	SERVER-WEBAPP Liferay arbitrary Java object deserialization attempt - Web Attacks (IP=190,IE)
13.75.112.108	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=108,HK)
13.76.101.208	24	FT	None	2021-03-30 00:00:00	2021-06-28 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Web Attacks (IP=208,SG)
13.76.130.30	32	RB	None	2021-08-20 00:00:00	2021-11-18 00:00:00	None	Possible Webshell Upload - TT# 21C01582 (IP=30,US)
13.76.175.81	24	RR	None	2021-04-01 00:00:00	2021-06-30 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=81,SG)
13.76.252.229	24	EE	None	2021-03-28 00:00:00	2021-06-26 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks(IP=229,SG)
13.77.173.99	32	BMP	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=99,US)
13.78.128.159	32	KH	None	2021-08-06 00:00:00	2021-11-04 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=159,US)
13.78.141.119	32	DT	None	2020-10-07 00:00:00	2021-01-07 00:00:00	None	Unauthorized Access-Probe // UDP: Host Sweep - TT # 21C00051 (IP=119,WA)
13.79.21.65	24	EE	None	2021-03-27 00:00:00	2021-06-25 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=65,IE)
13.80.154.102	24	DT	None	2021-07-09 00:00:00	2021-10-07 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=102,NL)
13.82.120.55	32	DT	None	2021-06-24 00:00:00	2021-09-22 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - Source Fire (IP=55,US)
13.82.135.89	32	UA	None	2021-06-30 00:00:00	2021-09-30 00:00:00	None	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script TT# 21C01389 (IP=89,US)
13.82.175.242	32	BMP	None	2020-12-24 00:00:00	2021-03-24 00:00:00	None	Masscan TCP Port Scanner - FireEye CMS (IP=242,US)
13.82.66.142	32	CR	None	2021-06-24 00:00:00	2021-09-22 00:00:00	None	Command Injection_ABC report (IP=142,US)
13.84.162.202	32	BB	None	2021-07-05 00:00:00	2021-10-03 00:00:00	None	Command Injection - ABC Report (IP=202,US)
13.84.190.119	32	KH	None	2021-09-22 00:00:00	2021-12-21 00:00:00	None	File /etc/passwd Access Attempt Detect - Sourcefire (IP=119,US)
13.84.211.154	32	AR	None	2021-08-22 00:00:00	2021-11-20 00:00:00	None	SQL injection - 6Hr Web Attack (IP=154,US)
13.84.34.169	32	RW	None	2021-09-23 00:00:00	2021-12-22 00:00:00	None	SERVER-APACHE Apache Struts freemarker tag OGNL expression injection attempt - Sourcefire (IP=169,US)
13.84.36.6	32	GM	None	2020-12-19 00:00:00	2021-03-19 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Sourcefire (IP=6,US)
13.84.40.224	32	ZH	None	2021-07-13 00:00:00	2021-10-11 00:00:00	None	SQL injection - 6hr Web Attacks (IP=224,US)
13.84.52.146	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=146,US)
13.85.159.11	32	CR	None	2021-05-19 00:00:00	2021-08-17 00:00:00	None	Possible Cross-site Scripting Attack - IPS Event (IP=11,US)
13.86.208.182	32	SW	None	2021-08-26 00:00:00	2021-11-24 00:00:00	None	Attempted Access - Inbound Brute Force TT# 21C01607
13.88.41.99	32	KH	None	2021-07-27 00:00:00	2021-10-25 00:00:00	None	Attempted Access - Inbound Brute Force - TT 21C01476 (IP=99,US)
13.88.97.207	32	ZH	None	2021-09-02 00:00:00	2021-12-01 00:00:00	None	Attempted Access - Inbound Brute Force IR# 21C01740 (IP=207,US)
13.89.217.97	32	RT	None	2021-07-16 00:00:00	2021-10-14 00:00:00	None	Attempted Access - Inbound Brute Force - TT# 21C01451 (IP=97,US)
13.89.221.224	32	BMP	None	2021-06-17 00:00:00	2021-09-15 00:00:00	None	SQL injection - 6hr Web Attacks (IP=224,US)
13.89.239.218	32	ZH	None	2021-09-14 00:00:00	2021-12-13 00:00:00	None	T1190 - Command Injection,SQL Injection (IP=218,US)
13.89.51.85	32	KH	None	2021-08-23 00:00:00	2021-11-21 00:00:00	None	File /etc/passwd Access Attempt Detect - FE IPS (IP=85,US)
13.89.57.101	32	BMP	None	2021-04-01 00:00:00	2021-06-30 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=101,US)
13.89.63.176	32	RR	None	2021-07-27 00:00:00	2021-10-25 00:00:00	None	Command Injection - Automated Block (IP=176,US)
13.90.199.168	32	AR	None	2021-09-11 00:00:00	2021-12-10 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - TT# 21C01819 (IP=168,US)
13.90.24.71	32	RB	None	2020-10-15 00:00:00	2021-01-15 00:00:00	None	HTTP: Apache Tomcat PUT JSP File Upload - TT# 21C00131 (IP=71,US)
13.90.30.139	32	RR	None	2020-12-01 00:00:00	2021-03-01 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=139,US)
13.90.73.131	32	DT	None	2020-10-21 00:00:00	2021-01-21 00:00:00	None	Possible SQLi attempt / HTTP: Firefuzzer SQL Injection Scanning II - TT# 21C00171 (IP=131,US)
13.92.123.218	32	DT	None	2020-11-15 00:00:00	2021-02-23 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - 6hr Web Attacks (IP=218,US)
13.92.232.23	32	DT	None	2021-04-16 00:00:00	2021-07-15 00:00:00	None	SSH2 Failed Login Attempt - 6hr Failed Logons (IP=23,US)
13.92.28.232	32	BMP	None	2021-09-22 00:00:00	2021-12-21 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - SourceFire (IP=232,US)
130.117.252.16	32	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5629 TO-S-2021-1303 (IP=16,US)
130.185.122.14	24	DT	None	2021-03-25 00:00:00	2021-06-23 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=14,NL)
130.185.229.3	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	BG TO-S-2020-0331 Malicious Web Application Activity
130.193.43.77	24	RR	None	2021-04-07 00:00:00	2021-07-06 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=77,RU)
130.211.206.242	32	BMP	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=242,US)
130.211.30.154	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	US TO-S-2020-0750 Malicious Email Activity
130.239.18.159	32	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	SE TO-S-2020-0838 unknown activity
130.255.128.0	20	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	UA TO-S-2020-0331 Malicious Web Application Activity
130.43.14.213	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	GR TO-S-2020-0303 Malicious Email Activity
130.61.100.153	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	HIVE Case #Firepower Firepower (IP=153,DE)
130.61.113.63	24	DT	None	2021-04-09 00:00:00	2021-07-08 00:00:00	None	HTTP: PHP-FPM Remote Code Execution Vulnerability (CVE-2019-11043) - 6hr Web Attacks (IP=63,DE)
130.61.125.93	24	EE	None	2021-03-12 00:00:00	2021-06-10 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=93,DE)
130.61.153.39	24	RW	None	2021-03-13 00:00:00	2021-06-13 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=39,DE)
130.61.176.195	24	BMP	None	2021-03-27 00:00:00	2021-06-25 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=195,DE)
130.61.250.63	24	BMP	None	2020-10-19 00:00:00	2021-01-17 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=63,DE)
130.61.40.118	24	EE	None	2021-03-10 00:00:00	2021-06-10 00:00:00	None	SERVER-WEBAPP LifeRay arbitrary Java object deserialization attempt - 6 HR Web Attack (IP=118,DE)
130.61.73.100	24	RW	None	2021-03-31 00:00:00	2021-06-30 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=100,DE)
130.61.74.116	24	RR	None	2021-03-29 00:00:00	2021-06-27 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=116,DE)
130.61.77.59	24	EE	None	2021-03-27 00:00:00	2021-06-25 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=59,DE)
130.61.79.114	24	RR	None	2021-03-29 00:00:00	2021-06-27 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=114,DE)
131.0.112.0	22	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,BR)
131.0.20.0	22	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	BR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
131.0.89.0	24	TLM	None	2021-07-29 00:00:00	2021-10-27 00:00:00	None	HIVE Case #5884 TO-S-2021-1435 (IP=0,BR)
131.0.92.0	22	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	BR TO-S-2020-0298 Malicious Email Activity
131.100.104.0	22	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	BR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
131.100.2.219	32	BMP	None	2020-10-19 00:00:00	2021-01-17 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - 6hr Web Attacks (IP=219,US)
131.108.4.0	22	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	PA TO-S-2021-0876 Hive Case 4166 Malicious Web Application Activity
131.108.4.154	32	nab	None	2020-10-05 00:00:00	2021-01-05 00:00:00	None	HIVE Case #4051 CTR-20-1200 Web server discovery scanning (IP=154,PA)
131.117.224.0	24	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	IQ TO-S-2021-0941 Hive Case 4361 Malware Activity
131.155.21.169	24	RW	None	2021-03-06 00:00:00	2021-06-06 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=169,NL)
131.161.188.0	22	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5629 TO-S-2021-1303 (IP=0,BR)
131.196.16.0	22	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,BR)
131.196.4.0	22	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	BR Hive Case 4237 TO-S-2021-0910 Malware Activity
131.221.160.0	22	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	BR TO-S-2020-0298 Malicious Email Activity
131.221.164.0	22	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	CL TO-S-2020-0298 Malicious Email Activity
131.221.32.70	24	GM	None	2021-03-29 00:00:00	2021-06-29 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=70,CL)
131.72.104.0	22	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	BR TO-S-2020-0303 Malicious Email Activity
131.72.176.3	24	GM	None	2021-03-29 00:00:00	2021-06-29 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=3,BR)
132.145.127.1	24	DT	None	2021-03-14 00:00:00	2021-06-14 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=1,JP)
132.145.165.38	32	GM	None	2021-03-29 00:00:00	2021-06-29 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=38,US)
132.145.19.203	24	RR	None	2021-03-06 00:00:00	2021-06-04 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=203,GB)
132.145.55.35	24	GM	None	2021-04-02 00:00:00	2021-07-02 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=35,GB)
132.148.103.199	32	dbc	None	2020-01-08 00:00:00	2021-01-08 00:00:00	None	US TO-S-2020-0236 Malicious Email Activity
132.148.105.133	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	US TO-S-2020-0493 Malware Activity
132.148.132.7	32	RB	None	2019-07-14 00:00:00	2021-04-23 00:00:00	None	SQL HTTP URI blind injection attempt_12 hr web attacks (IP=7,US) | updated by dbc Block was inactive. Reactivated on 20200423 with reason US TO-S-2020-0459 Malware Activity
132.148.143.10	32	wmp	None	2020-08-26 00:00:00	2021-10-08 00:00:00	None	HIVE Case #3650 COLS-NA-TIP-20-0271 (IP=10,US) | updated by dbc Block expiration extended with reason HIVE Case #4064 TO-S-2020-0859 (IP=10,US)
132.148.143.196	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
132.148.149.114	32	TLM	None	2021-06-10 00:00:00	2021-12-10 00:00:00	None	HIVE CASE #5606 TO-S-2021-1338
132.148.149.246	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
132.148.152.198	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
132.148.153.83	32	RW	None	2020-02-10 00:00:00	2021-04-23 00:00:00	None	SQL use of sleep function with and - likely SQL injection - Sourcefire (IP=83,US) | updated by dbc Block expiration extended with reason US TO-S-2020-0459 Malware Activity
132.148.156.180	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=180,US)
132.148.164.126	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	US TO-S-2021-1007 Malware Activity
132.148.164.87	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	US TO-S-2021-1007 Malware Activity
132.148.165.227	32	dbc	None	2020-09-17 00:00:00	2021-09-17 00:00:00	None	US TO-S-2020-0805 Malicious Email Activity
132.148.165.250	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
132.148.166.38	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	US TO-S-2021-1007 Malware Activity
132.148.17.195	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	US TO-S-2020-0698 Malicious Email Activity
132.148.19.80	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
132.148.192.171	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	US TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
132.148.196.230	32	RR	None	2020-03-04 00:00:00	2021-05-07 00:00:00	None	SQL Injection (IP=230,US) | updated by dbc Block expiration extended with reason US TO-S-2020-0493 Malware Activity
132.148.2.2	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=2,US)
132.148.20.103	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
132.148.201.223	32	RR	None	2019-07-16 00:00:00	2021-04-23 00:00:00	None	SQL HTTP URI blind injection attempt - 6hr Web Attacks (IP=223,US) | updated by dbc Block was inactive. Reactivated on 20200423 with reason US TO-S-2020-0459 Malware Activity
132.148.204.202	32	RW	None	2020-02-03 00:00:00	2021-05-07 00:00:00	None	SQL HTTP URI blind injection attempt - Sourcefire (IP=202,US) | updated by RW Block expiration extended with reason SQL use of sleep function with and - likely SQL injection - Sourcefire (IP=202,US) | updated by KF Block expiration extended with reaso
132.148.210.26	32	KF	None	2020-02-09 00:00:00	2021-05-07 00:00:00	None	SQL 1 = 1 - possible sql injection attempt - Web Attacks (IP=26,US) | updated by dbc Block expiration extended with reason US TO-S-2020-0493 Malware Activity
132.148.212.68	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
132.148.217.17	32	TLM	None	2021-06-14 00:00:00	2021-12-14 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=17,US)
132.148.22.86	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	US TO-S-2021-1007 Malicious Email Activity
132.148.221.27	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
132.148.234.60	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=60,US)
132.148.236.201	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	US TO-S-2020-0698 Malware Activity
132.148.236.61	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	US TO-S-2020-0698 Malicious Email Activity
132.148.238.152	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
132.148.241.123	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	US Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
132.148.252.77	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
132.148.252.93	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
132.148.253.26	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	US TO-S-2020-0698 Malicious Email Activity
132.148.254.139	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
132.148.28.139	32	RB	None	2020-03-13 00:00:00	2021-05-07 00:00:00	None	SQL use of sleep function with and - likely SQL injection_Sourcefire (IP=139,US) | updated by BMP Block expiration extended with reason HTTP: SQL Injection - Exploit II - 6hr Web Attacks (IP=139,US) | updated by dbc Block expiration extended with reas
132.148.33.245	32	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	US TO-S-2020-0315 Malicious Email Activity
132.148.37.81	32	RR	None	2019-09-14 00:00:00	2021-02-20 00:00:00	None	SQL HTTP URI blind injection attempt - SourceFire (IP=81,US) | updated by dbc Block was inactive. Reactivated on 20200220 with reason US TO-S-2020-0303 Malicious Web Application Activity
132.148.41.95	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	US TO-S-2020-0331 Malicious Email Activity
132.148.46.20	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
132.148.62.1	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
132.148.82.1	32	NAB	None	2020-10-30 00:00:00	2021-01-28 00:00:00	None	HIVE Case #4238 COLS-NA-TIP-20-0344 (IP=1,US)
132.148.86.218	32	JKC	None	2020-06-11 00:00:00	2021-06-11 00:00:00	None	Malicious IP Hive Case 2987 COLS-NA TIP 20-0165 CTO 20-156 (ip=218, US)
132.232.22.176	24	RB	None	2021-05-23 00:00:00	2021-08-21 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Sourcefire (IP=176,CN)
132.232.70.247	24	UA	None	2021-05-31 00:00:00	2021-08-29 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli - Exploit - Web Attacks (IP=247,CN)
132.232.70.247	24	UA	None	2021-05-31 00:00:00	2021-08-29 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli - Exploit - Web Attacks (IP=247,CN)
132.247.154.15	24	RT	None	2021-07-01 00:00:00	2021-09-29 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6 HR Web Attacks (IP=15,MX)
132.248.170.14	24	RB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=14,MX)
132.255.212.0	23	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	BR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
133.130.98.167	32	srm	None	2021-03-30 00:00:00	2021-06-30 00:00:00	None	Firepower Suspicious Scan Activity (IP=167,JP)
133.163.6.2	32	wmp	None	2021-02-12 00:00:00	2021-05-12 00:00:00	None	ArcSight High Attacker (IP=2,JP)
133.167.35.242	32	srm	None	2021-03-30 00:00:00	2021-06-30 00:00:00	None	Firepower Suspicious Scan Activity (IP=242,JP)
133.18.171.74	24	RB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr failed logons (IP=74,JP)
133.18.98.40	32	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	JP TO-S-2020-0838 Malicious Email Activity
134.0.10.109	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	ES TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
134.0.10.111	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	ES Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
134.0.11.9	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	ES TO-S-2020-0459 Malware Activity
134.0.116.0	24	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	RU TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
134.0.117.0	24	dbc	None	2020-09-17 00:00:00	2021-09-17 00:00:00	None	RU TO-S-2020-0805 Malicious Email Activity
134.0.25.247	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	DE TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
134.101.31.12	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	DE TO-S-2020-0298 Malicious Email Activity
134.119.17.14	24	RR	None	2021-03-29 00:00:00	2021-06-27 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt -SourceFire (IP=14,DE)
134.119.178.122	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	FR TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
134.119.191.39	32	dbc	None	2020-09-17 00:00:00	2021-09-17 00:00:00	None	FR TO-S-2020-0805 Malware Activity
134.119.195.38	32	jkc	None	2020-06-26 00:00:00	2021-06-26 00:00:00	None	Case # 3146 - IOC_ CTO 20-172 malicious callback IP (ip=38,FR)
134.119.224.57	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	DE Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
134.119.45.145	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	DE Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
134.122.0.127	32	BMP	None	2021-06-15 00:00:00	2021-09-13 00:00:00	None	SQL injection - 6hr Web Attacks (IP=127,US)
134.122.0.207	32	DT	None	2021-07-12 00:00:00	2021-10-10 00:00:00	None	SERVER-ORACLE Oracle WebLogic Server remote code execution attempt (B-type) (1:1000135:3) - Source Fire (IP=207,US)
134.122.1.162	32	BMP	None	2021-06-18 00:00:00	2021-09-16 00:00:00	None	SERVER-WEBAPP JBoss JMX console access attempt (1:21516:9) - SourceFire (IP=162,US)
134.122.10.0	24	KH	None	2021-08-04 00:00:00	2021-11-02 00:00:00	None	Self Report/ ColdFusion Error/Bulk IP Block - TT# 21C01516 (IP=0,US)
134.122.10.163	32	RT	None	2021-06-18 00:00:00	2021-09-17 00:00:00	None	SQL injection - 6HR Web Attacks (IP=163,US) | updated by RB Block expiration extended with reason SQL injection - 6hr web attacks (IP=163,US)
134.122.111.246	32	NAB	None	2020-10-30 00:00:00	2021-01-28 00:00:00	None	HIVE Case #4238 COLS-NA-TIP-20-0344 (IP=246,US)
134.122.112.124	32	RW	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=124,US)
134.122.115.94	32	ABC	None	2021-07-12 00:00:00	2021-10-10 00:00:00	None	Command Injection (IP=94,US)
134.122.116.244	32	EE	None	2021-04-06 00:00:00	2021-07-05 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attack (IP=244,US)
134.122.117.159	32	DT	None	2021-08-13 00:00:00	2021-11-11 00:00:00	None	File /etc/passwd Access Attempt Detect - IPS Events (IP=159,US)
134.122.118.29	32	ZH	None	2021-06-24 00:00:00	2021-09-22 00:00:00	None	SQL injection - 6hr web attacks (IP=29,US)
134.122.122.136	32	DT	None	2021-08-31 00:00:00	2021-11-29 00:00:00	None	SQL injection - Web Attacks (IP=136,US)
134.122.123.222	32	BMP	None	2021-04-02 00:00:00	2021-07-01 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=222,US)
134.122.13.121	32	DT	None	2021-06-18 00:00:00	2021-09-16 00:00:00	None	SQL union select - possible sql injection attempt - GET parameter (1:13990:26) - Source Fire (IP=121,US)
134.122.135.207	24	EE	None	2021-01-10 00:00:00	2021-04-10 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=207,JP)
134.122.15.187	32	UA	None	2021-06-10 00:00:00	2021-09-10 00:00:00	None	FireEye Web Alerts High Attacker Suspicious Scan Activity (IP=187,US)
134.122.15.228	32	UA	None	2021-06-10 00:00:00	2021-09-10 00:00:00	None	FireEye Web Alerts High Attacker Suspicious Scan Activity (IP=228,US)
134.122.16.190	32	AR	None	2021-07-11 00:00:00	2021-10-09 00:00:00	None	SQL injection - 6 Hr Web Attack (IP=190,US)
134.122.20.255	32	RW	None	2021-05-07 00:00:00	2021-08-07 00:00:00	None	SQL injection - Web attacks (IP=225,US)
134.122.21.243	32	GM	None	2020-11-20 00:00:00	2021-02-20 00:00:00	None	Unauthorized Access-Probe - TT # 21C00247 (IP=243,US)
134.122.22.16	32	BMP	None	2021-05-06 00:00:00	2021-08-07 00:00:00	None	HTTP: Apache mod_cgi Bash Environment Variable Code Injection - 6hr Web Attacks (IP=16,US) | updated by wmp Block expiration extended with reason Palo Alto Suspicious Scan Activity (IP=16,US)
134.122.23.197	32	BMP	None	2021-04-02 00:00:00	2021-07-01 00:00:00	None	SQL injection - 6hr Web Attacks (IP=197,US)
134.122.24.59	32	RW	None	2021-05-07 00:00:00	2021-08-07 00:00:00	None	SQL injection - Web attacks (IP=59,US)
134.122.25.18	32	GM	None	2021-04-22 00:00:00	2021-07-21 00:00:00	None	Adobe ColdFusion Administrator Access Restriction - Web Attacks (IP=18,US)
134.122.26.159	32	BMP	None	2021-07-15 00:00:00	2021-10-13 00:00:00	None	SERVER-ORACLE Oracle WebLogic Server remote code execution attempt (B-type) (1:1000135:3) - SourceFire (IP=159,US)
134.122.32.166	32	RR	None	2021-05-06 00:00:00	2021-08-04 00:00:00	None	SQL injection - Web Attacks (IP=166,US)
134.122.34.26	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	HIVE Case #Firepower Firepower (IP=26,CA)
134.122.35.102	32	RR	None	2021-05-06 00:00:00	2021-08-04 00:00:00	None	SQL injection - Web Attacks (IP=102,US)
134.122.35.111	32	RR	None	2021-05-06 00:00:00	2021-08-04 00:00:00	None	HTTP SQL Injection Attempt - Web Attacks (IP=111,US)
134.122.35.72	32	RR	None	2021-05-06 00:00:00	2021-08-04 00:00:00	None	SQL injection - Web Attacks (IP=72,US)
134.122.35.78	32	RR	None	2021-05-06 00:00:00	2021-08-04 00:00:00	None	SQL injection - Web Attacks (IP=78,US)
134.122.36.14	32	BMP	None	2021-05-05 00:00:00	2021-08-03 00:00:00	None	HTTP SQL Injection Attempt - 6hr Web Attacks (IP=14,US)
134.122.36.37	32	EE	None	2021-04-13 00:00:00	2021-07-12 00:00:00	None	HTTP: SQL Injection - Exploit - Web Attack (IP=37,US)
134.122.39.172	24	EE	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire (IP=172,CA)
134.122.45.7	24	RW	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr web attacks (IP=7,CA)
134.122.46.224	24	RB	None	2021-05-23 00:00:00	2021-09-03 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=224,CA) | updated by RR Block expiration extended with reason SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=224,CA)
134.122.47.132	32	RR	None	2021-05-06 00:00:00	2021-08-04 00:00:00	None	SQL injection - Web Attacks (IP=132,US)
134.122.47.161	32	RR	None	2021-05-06 00:00:00	2021-08-04 00:00:00	None	SQL injection - Web Attacks (IP=161,US)
134.122.47.19	32	RR	None	2021-05-06 00:00:00	2021-08-04 00:00:00	None	SQL injection - Web Attacks (IP=19,US)
134.122.47.45	32	RR	None	2021-05-06 00:00:00	2021-08-04 00:00:00	None	SQL injection - Web Attacks (IP=45,US)
134.122.47.54	32	srm	None	2021-03-30 00:00:00	2021-06-30 00:00:00	None	Firepower Suspicious Scan Activity (IP=54,CA)
134.122.48.114	24	KD	None	2021-08-24 00:00:00	2021-11-22 00:00:00	None	SERVER-WEBAPP Atlassian OAuth plugin multiple versions server side request forgery attempt- Web Attacks (IP=114,NL)
134.122.5.191	32	ZH	None	2021-09-08 00:00:00	2021-12-07 00:00:00	None	SQL injection - 6hr Web Attacks (IP=191,US)
134.122.5.243	32	ZH	None	2021-09-08 00:00:00	2021-12-07 00:00:00	None	SQL injection - 6hr Web Attacks (IP=243,US)
134.122.51.53	24	DT	None	2021-03-30 00:00:00	2021-06-28 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=53,NL)
134.122.59.23	32	dbc	None	2020-09-01 00:00:00	2021-09-01 00:00:00	None	US HIVE Case #3744 TO-S-2020-0772 Malicious Email Activity
134.122.6.157	32	BMP	None	2021-06-18 00:00:00	2021-09-16 00:00:00	None	SERVER-WEBAPP Java XML deserialization remote code execution attempt - 6hr Web Attacks (IP=157,US)
134.122.6.199	32	BMP	None	2021-06-18 00:00:00	2021-09-16 00:00:00	None	SERVER-WEBAPP JBoss JMX console access attempt (1:21516:9) - SourceFire (IP=199,US)
134.122.60.50	24	EE	None	2021-04-02 00:00:00	2021-07-01 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire(IP=50,NL)
134.122.63.170	32	DT	None	2021-08-31 00:00:00	2021-11-30 00:00:00	None	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection- TT# 21C01706 (IP=170,NL)
134.122.69.212	32	BMP	None	2021-03-23 00:00:00	2021-06-21 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=212,US)
134.122.7.220	32	RT	None	2021-06-18 00:00:00	2021-09-16 00:00:00	None	Malicious Activity - TT# 21C01344 (IP=220,US)
134.122.73.223	24	DT	None	2021-03-14 00:00:00	2021-06-14 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=223,DE)
134.122.78.92	32	BMP	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=92,US)
134.122.8.223	32	RB	None	2021-06-19 00:00:00	2021-09-17 00:00:00	None	SQL injection - 6hr web attacks (IP=223,US)
134.122.84.157	32	BMP	None	2021-04-30 00:00:00	2021-07-30 00:00:00	None	SERVER-APACHE Apache Struts freemarker tag OGNL expression injection attempt (1:44328:3) - SourceFire (IP=157,US)
134.122.86.45	24	RW	None	2021-05-01 00:00:00	2021-08-01 00:00:00	None	HTTP SQL Injection Attempt - Web attacks (IP=45,DE)
134.122.87.209	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=209,US)
134.122.87.63	32	KH	None	2021-09-12 00:00:00	2021-12-11 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - TT# 21C01831 (IP=63,US)
134.122.9.217	32	ZH	None	2021-06-18 00:00:00	2021-09-16 00:00:00	None	SERVER-WEBAPP PHPMailer command injection remote code execution attempt (1:45917:1) - Sourcefire Rpt (IP=217,US)
134.122.9.92	32	RR	None	2021-03-08 00:00:00	2021-06-06 00:00:00	None	SERVER-WEBAPP Java XML deserialization remote code execution attempt (- SourceFire (IP=92,US)
134.122.90.85	24	RW	None	2021-05-01 00:00:00	2021-08-01 00:00:00	None	SQL injection - Web attacks (IP=85,DE)
134.122.94.73	24	RW	None	2021-05-01 00:00:00	2021-08-01 00:00:00	None	SQL injection - Web attacks (IP=73,DE)
134.175.102.205	24	RB	None	2021-06-05 00:00:00	2021-09-03 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr web attacks (IP=205,CN)
134.175.166.254	24	KD	None	2021-06-08 00:00:00	2021-09-07 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt (1:46316:5)- Web Attacks (IP=254,CN)
134.175.166.254	24	CR	None	2021-06-08 00:00:00	2021-09-07 00:00:00	None	Hello Peppa Scan - FE IPS Events (IP=254,CN)
134.175.166.254	32	wmp	None	2021-06-08 00:00:00	2021-09-08 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=254,CN)
134.175.166.254	32	wmp	None	2021-06-08 00:00:00	2021-09-08 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=254,CN) ArcSight ESM High Attacker Suspicious Scan Activity (IP=254,CN)
134.175.166.254	24	RT	None	2021-06-08 00:00:00	2021-09-06 00:00:00	None	Hello Peppa Scan - FireEye CMS IPS Event (IP=254,CN)
134.175.166.254	24	BMP	None	2021-06-08 00:00:00	2021-09-06 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr Web Attacks (IP=254,CN)
134.175.237.44	24	BMP	None	2021-05-11 00:00:00	2021-08-15 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=44,CN) | updated by RW Block expiration extended with reason HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=44,CN) HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=
134.175.237.44	24	RW	None	2021-05-17 00:00:00	2021-08-15 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=44,CN) | updated by RW Block expiration extended with reason HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=44,CN) HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=
134.175.89.252	24	RT	None	2021-08-25 00:00:00	2021-11-23 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6HR Web Attacks (IP=252,CN)
134.179.112.135	32	RT	None	2021-09-03 00:00:00	2021-12-02 00:00:00	None	FTPP_FTP_RESPONSE_LENGTH_OVERFLOW (125:6:2) - SOURCEFIRE REPORT (IP=135,US)
134.19.179.163	24	KD	None	2021-06-14 00:00:00	2021-09-13 00:00:00	None	SQL injection- Web Attacks (IP=163,US)
134.19.184.194	32	srm	None	2021-03-30 00:00:00	2021-06-30 00:00:00	None	Firepower Suspicious Scan Activity (IP=194,NL)
134.19.188.242	32	wmp	None	2020-08-20 00:00:00	2021-10-08 00:00:00	None	HIVE Case #3630 CTO-20-231 (IP=242,NL) | updated by dbc Block expiration extended with reason HIVE Case #4064 TO-S-2020-0859 (IP=242,NL)
134.19.188.243	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	NL Hive Case 4187 TO-S-2021-0898 Malicious Web Application Activity
134.19.188.244	32	wmp	None	2020-08-20 00:00:00	2021-10-08 00:00:00	None	HIVE Case #3630 CTO-20-231 (IP=244,NL) | updated by dbc Block expiration extended with reason HIVE Case #4064 TO-S-2020-0859 (IP=244,NL)
134.19.188.246	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	NL Hive Case 4187 TO-S-2021-0898 Malicious Web Application Activity
134.19.188.75	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	NL TO-S-2021-0876 Hive Case 4166 Malicious Web Application Activity
134.19.189.203	24	GM	None	2021-02-02 00:00:00	2021-05-02 00:00:00	None	SQL injection - Web Attacks (IP=203,NL)
134.209.101.117	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	SG TO-S-2020-0459 Malware Activity
134.209.101.250	24	DT	None	2021-03-20 00:00:00	2021-06-18 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=250,SG)
134.209.103.115	24	FT	None	2021-04-06 00:00:00	2021-07-05 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr web attacks (IP=115,SG)
134.209.110.247	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	Unaffiliated TO-S-2020-0535 Malicious Email Activity
134.209.111.183	24	RW	None	2021-07-08 00:00:00	2021-10-06 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=183,SG)
134.209.113.158	32	RR	None	2021-05-11 00:00:00	2021-08-09 00:00:00	None	SIGACT R-5321/CTO 21-021 - TT# 21C01153 (IP=158,US)
134.209.114.160	32	BMP	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=160,US)
134.209.115.71	32	RB	None	2021-03-30 00:00:00	2021-06-28 00:00:00	None	Nuclei Vulnerability Scanner - FireEye IPS Events (IP=71,US)
134.209.117.96	32	RR	None	2021-06-14 00:00:00	2021-09-12 00:00:00	None	AR RCC-CONUS HTTP_GET_Psble_F5TMUI_RCE_RC130840 - TT# 21C01290 (IP=96,US)
134.209.118.19	32	DT	None	2021-06-24 00:00:00	2021-09-22 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=19,US)
134.209.118.211	32	RW	None	2021-04-11 00:00:00	2021-07-11 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Sourcefire (IP=211,US)
134.209.118.91	32	BMP	None	2021-04-10 00:00:00	2021-07-10 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=91,US)
134.209.120.166	32	FT	None	2021-03-20 00:00:00	2021-09-03 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=166,US) | updated by RB Block expiration extended with reason HTTP: PHPUnit Remote Code Execution Vulnerability - 6hr web attacks (IP=166,US) | updated by RR Block expiration extended with re
134.209.125.155	32	RW	None	2021-03-31 00:00:00	2021-06-30 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Sourcefire (IP=155,US)
134.209.125.218	32	FT	None	2021-03-27 00:00:00	2021-06-25 00:00:00	None	SERVER-WEBAPP Atlassian Jira makeRequest server side request forgery attempt - Web Attacks (IP=218,US)
134.209.126.86	32	CR	None	2021-05-04 00:00:00	2021-08-04 00:00:00	None	SQL injection_6 hr web attacks (IP=86,US)
134.209.151.226	32	CR	None	2021-05-11 00:00:00	2021-08-11 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=226,US)
134.209.153.90	32	GM	None	2021-04-16 00:00:00	2021-07-16 00:00:00	None	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - TT # 21C01028 (IP=90,US)
134.209.155.102	24	ZH	None	2021-05-26 00:00:00	2021-08-24 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=102,IN)
134.209.155.102	24	ZH	None	2021-05-26 00:00:00	2021-08-24 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=102,IN)
134.209.157.198	32	NAB	None	2020-10-30 00:00:00	2021-01-28 00:00:00	None	HIVE Case #4238 COLS-NA-TIP-20-0344 (IP=198,IN)
134.209.164.143	32	AR	None	2021-09-24 00:00:00	2021-12-23 00:00:00	None	FIREEYE Web: Malware Object Download - HIVE Case 6218 (IP=143,US)
134.209.165.186	32	ZH	None	2021-08-26 00:00:00	2021-11-24 00:00:00	None	SQL injection - 6 hr Web Attacks (IP=186,US)
134.209.166.76	32	RB	None	2021-05-16 00:00:00	2021-08-14 00:00:00	None	SQL injection - 6hr web attacks (IP=76,US)
134.209.169.202	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
134.209.174.110	32	ZH	None	2021-08-26 00:00:00	2021-11-24 00:00:00	None	SQL injection - 6 hr Web Attacks (IP=110,US)
134.209.189.230	32	GM	None	2020-10-06 00:00:00	2021-01-06 00:00:00	None	Known Attack Tool User Agent V2 / 20086: HTTP: Muieblackcat Security Scanner - TT # 21C00043 (IP=230,US)
134.209.195.123	32	BMP	None	2021-04-11 00:00:00	2021-07-10 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=123,US)
134.209.196.210	32	RR	None	2021-08-31 00:00:00	2021-11-30 00:00:00	None	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - TT# 21C01702 (IP=210,US)
134.209.202.147	32	srm	None	2021-04-28 00:00:00	2021-07-27 00:00:00	None	Firepower Suspicious Scan Activity (IP=147,NL)
134.209.202.23	24	UA	None	2021-07-27 00:00:00	2021-10-25 00:00:00	None	SERVER-WEBAPP VMWare vSphere Client remote code execution attempt - 6hr Web Attacks (IP=23,NL)
134.209.202.63	32	wmp	None	2021-05-27 00:00:00	2021-08-27 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=63,NL)
134.209.203.1	32	RR	None	2021-08-31 00:00:00	2021-11-29 00:00:00	None	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - TT# 21C01698 (IP=1,US)
134.209.203.191	32	RR	None	2021-08-31 00:00:00	2021-11-30 00:00:00	None	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - TT# 21C01700(IP=191,US)
134.209.205.253	32	RR	None	2021-08-31 00:00:00	2021-11-30 00:00:00	None	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - TT# 21C01689 (IP=253,US)
134.209.206.115	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	NL Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
134.209.208.155	24	FT	None	2021-03-27 00:00:00	2021-06-25 00:00:00	None	HTTP: Grandstream UCM6200 SQL Injection Vulnerability (CVE-2020-5722) - Web Attacks (IP=218,US)
134.209.212.85	32	BMP	None	2021-06-22 00:00:00	2021-09-21 00:00:00	None	INDICATOR-OBFUSCATION select concat statement - possible sql injection (1:19437:6) - SourceFire (IP=85,US) | updated by BMP Block expiration extended with reason SQL use of concat function with select - likely SQL injection - 6hr Web Attacks (IP=85,US)
134.209.213.19	32	RR	None	2020-11-25 00:00:00	2021-02-23 00:00:00	None	SERVER-WEBAPP vBulletin template rendering arbitrary PHP code execution attempt- Web Attacks (IP=19,US)
134.209.214.130	32	BMP	None	2021-03-27 00:00:00	2021-06-25 00:00:00	None	SQL injection - 6hr Web Attacks (IP=130,US)
134.209.215.190	32	EE	None	2021-03-26 00:00:00	2021-06-26 00:00:00	None	Webshell.Binary.php.FEC2 - Hive Case 5148 (IP=190,US)
134.209.215.41	24	BMP	None	2021-08-14 00:00:00	2021-11-12 00:00:00	None	SQL injection - 6hr Web Attacks (IP=41,US)
134.209.216.241	32	KF	None	2019-07-25 00:00:00	2021-04-23 00:00:00	None	Immediate Inbound Network Block - TT# 19C02656 (IP=241,US) | updated by dbc Block was inactive. Reactivated on 20200423 with reason US TO-S-2020-0459 Malware Activity
134.209.218.21	32	RB	None	2021-04-07 00:00:00	2021-07-07 00:00:00	None	Possible SQL Injection Attempt - IPS Events (IP=21,US) | updated by FT Block expiration extended with reason HTTP: SQL Injection-Exploit - 6hr web attacks (IP=21,US)
134.209.219.1	32	BMP	None	2021-03-27 00:00:00	2021-06-25 00:00:00	None	SQL injection - 6hr Web Attacks (IP=1,US)
134.209.219.91	32	RR	None	2020-11-24 00:00:00	2021-02-22 00:00:00	None	SERVER-WEBAPP Citrix ADC and Gateway information disclosure attempt - Web Attacks (IP=91,US)
134.209.222.22	32	BMP	None	2021-03-27 00:00:00	2021-06-25 00:00:00	None	SQL injection - 6hr Web Attacks (IP=22,US)
134.209.223.165	32	EE	None	2021-03-26 00:00:00	2021-06-26 00:00:00	None	Webshell.Binary.php.FEC2 - Hive Case 5147 (IP=209,IN)
134.209.223.224	32	BMP	None	2021-03-27 00:00:00	2021-06-25 00:00:00	None	SQL injection - 6hr Web Attacks (IP=224,US)
134.209.224.179	24	FT	None	2021-01-05 00:00:00	2021-04-05 00:00:00	None	SERVER-WEBAPP Citrix ADC and Gateway information disclosure attempt - 6hr Web Attacks (IP=179,DE)
134.209.225.101	24	BMP	None	2021-06-02 00:00:00	2021-08-31 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=101,DE)
134.209.227.90	24	CR	None	2021-04-30 00:00:00	2021-07-30 00:00:00	None	HTTP SQL injection_Web Attack Report (IP=90,DE)
134.209.231.165	24	RW	None	2021-05-01 00:00:00	2021-08-01 00:00:00	None	SQL injection - Web attacks (IP=165,DE)
134.209.232.2	24	RW	None	2021-05-02 00:00:00	2021-08-02 00:00:00	None	SQL injection - Web attacks (IP=2,DE)
134.209.233.59	24	CR	None	2021-04-30 00:00:00	2021-07-30 00:00:00	None	HTTP SQL injection_Web Attack Report (IP=59,DE)
134.209.235.140	24	BMP	None	2021-06-04 00:00:00	2021-09-02 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=140,DE)
134.209.240.238	24	RW	None	2021-05-01 00:00:00	2021-08-01 00:00:00	None	SQL injection - Web attacks (IP=238,DE)
134.209.242.142	24	CR	None	2021-04-30 00:00:00	2021-07-30 00:00:00	None	HTTP SQL Injection Attempt_Web Attack Report (IP=142,DE)
134.209.244.131	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	DE TO-S-2020-0331 Malicious Web Application Activity
134.209.245.101	24	BMP	None	2021-03-13 00:00:00	2021-06-11 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=101,DE)
134.209.246.80	24	EE	None	2021-04-04 00:00:00	2021-07-03 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attack (IP=80,DE)
134.209.247.225	24	RB	None	2021-05-10 00:00:00	2021-08-08 00:00:00	None	SQL injection - 6hr web attacks (IP=225,DE)
134.209.248.150	24	CR	None	2021-04-30 00:00:00	2021-07-30 00:00:00	None	HTTP SQL injection_Web Attack Report (IP=150,DE)
134.209.25.210	32	dbc	None	2020-06-10 00:00:00	2021-06-10 00:00:00	None	GB TO-S-2020-0601 Malicious Email Activity
134.209.255.197	24	BMP	None	2021-04-30 00:00:00	2021-08-01 00:00:00	None	Adobe ColdFusion Administrator Access Restriction - 6hr Web Attacks (IP=197,DE) | updated by RW Block expiration extended with reason SQL injection - Web attacks (IP=197,DE)
134.209.32.190	32	RB	None	2021-05-16 00:00:00	2021-08-14 00:00:00	None	SQL injection - 6hr web attacks (IP=190,US)
134.209.35.112	32	RB	None	2021-05-16 00:00:00	2021-08-14 00:00:00	None	SQL injection - 6hr web attacks (IP=112,US)
134.209.37.126	32	RB	None	2021-05-16 00:00:00	2021-08-14 00:00:00	None	SQL injection - 6hr web attacks (IP=126,US)
134.209.37.132	32	RB	None	2021-05-16 00:00:00	2021-08-14 00:00:00	None	SQL injection - 6hr web attacks (IP=132,US)
134.209.39.98	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	US TO-S-2020-0493 Malware Activity
134.209.43.79	32	RB	None	2021-05-16 00:00:00	2021-08-14 00:00:00	None	SQL injection - 6hr web attacks (IP=79,US)
134.209.44.34	32	ZH	None	2021-08-26 00:00:00	2021-11-24 00:00:00	None	Adobe ColdFusion Administrator Access Restriction - 6 hr Web Attacks (IP=34,US)
134.209.45.218	32	RB	None	2021-05-16 00:00:00	2021-08-14 00:00:00	None	SQL injection - 6hr web attacks (IP=218,US)
134.209.46.237	32	RB	None	2021-05-16 00:00:00	2021-08-14 00:00:00	None	SQL injection - 6hr web attacks (IP=237,US)
134.209.47.29	32	RR	None	2020-12-07 00:00:00	2021-03-07 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=29,US)
134.209.53.244	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	US TO-S-2020-0493 Malware Activity
134.209.6.205	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
134.209.68.139	32	RR	None	2021-07-23 00:00:00	2021-10-21 00:00:00	None	Command Injection - Automated Block (IP=139,US)
134.209.68.187	32	DT	None	2021-09-11 00:00:00	2021-12-10 00:00:00	None	SQL injection - Web Attacks (IP=187,US)
134.209.69.66	32	RW	None	2021-04-19 00:00:00	2021-07-19 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=66,US)
134.209.70.64	32	RW	None	2021-03-31 00:00:00	2021-09-04 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Sourcefire (IP=64,US) | updated by KD Block expiration extended with reason HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=64,US)
134.209.80.107	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	NL TO-S-2020-0459 Malware Activity
134.209.81.210	24	RW	None	2021-04-02 00:00:00	2021-07-02 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability - 6hr web attacks (IP=210,NL)
134.209.83.17	32	RR	None	2021-08-31 00:00:00	2021-11-29 00:00:00	None	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - TT# 21C01698 (IP=17,US)
134.209.84.219	24	RT	None	2021-05-27 00:00:00	2021-08-25 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire Report (IP=219,NL)
134.209.84.84	32	NAB	None	2020-10-30 00:00:00	2021-01-28 00:00:00	None	HIVE Case #4238 COLS-NA-TIP-20-0344 (IP=84,NL)
134.209.86.250	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	NL TO-S-2020-0750 Malicious Email Activity
134.209.87.69	32	WR	None	2021-05-27 00:00:00	2021-08-25 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire (IP=69,US)
134.209.94.207	32	wmp	None	2021-03-09 00:00:00	2021-06-09 00:00:00	None	ArcSight ESM High Attacker (IP=207,NL)
134.209.99.169	32	JKC	None	2020-06-19 00:00:00	2021-08-24 00:00:00	None	Malicious IP Case # 3063 - IOC_ISO CTOs 20-164, 20-165 (IP=169, US) | updated by dbc Block expiration extended with reason US TO-S-2020-0750 Malware Activity
134.236.118.3	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	TH TO-S-2020-0303 Malicious Email Activity
134.236.16.38	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	TH TO-S-2020-0331 Malicious Web Application Activity
134.236.161.231	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	TH TO-S-2020-0331 Malicious Web Application Activity
134.236.162.108	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	TH TO-S-2020-0298 Malicious Email Activity
134.236.212.2	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	TH TO-S-2020-0750 Malicious Email Activity
134.236.242.39	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	TH Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
134.236.242.51	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	TH TO-S-2020-0298 Malicious Email Activity
134.236.70.186	24	RR	None	2021-04-27 00:00:00	2021-07-26 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - SourceFire (IP=186,TH)
134.249.233.205	32	jkc	None	2020-06-26 00:00:00	2021-06-26 00:00:00	None	Case # 3146 - IOC_ CTO 20-172 malicious callback IP (ip=205,UA)
134.39.216.51	32	JKC	None	2020-06-11 00:00:00	2021-06-11 00:00:00	None	Malicious IP Hive Case 2987 COLS-NA TIP 20-0165 CTO 20-156 (IP=51, US)
134.70.12.3	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	US TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
134.73.55.0	24	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	IN TO-S-2020-0838 Malicious Email Activity
135.125.161.250	32	RR	None	2021-03-09 00:00:00	2021-06-07 00:00:00	None	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00572 (IP=250,DE)
135.125.218.141	32	srm	None	2021-03-30 00:00:00	2021-06-30 00:00:00	None	Firepower Suspicious Scan Activity (IP=141,FR)
135.125.56.55	24	EE	None	2021-04-12 00:00:00	2021-07-11 00:00:00	None	Unauthorized Access-Probe/UDP: Host Sweep - TT # 21C01001 (IP,55,FR)
135.148.13.81	32	KH	None	2021-06-30 00:00:00	2021-09-28 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - web attacks (IP=81,US)
135.148.33.100	32	NAB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HIVE Case #5136 TO-S-21-1197 TO-S-21-1197.01 (IP=100,US)
135.148.33.109	32	DT	None	2021-03-14 00:00:00	2021-06-14 00:00:00	None	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00684 (IP=109,US)
135.148.33.119	32	RR	None	2021-03-09 00:00:00	2021-06-07 00:00:00	None	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00581 (IP=119,US)
135.148.33.124	32	EE	None	2021-03-10 00:00:00	2021-06-08 00:00:00	None	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00666 (IP=124,US)
135.148.33.51	32	RW	None	2021-03-10 00:00:00	2021-06-10 00:00:00	None	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00663 (IP=51,US)
135.148.33.54	32	RR	None	2021-03-09 00:00:00	2021-06-07 00:00:00	None	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00579 (IP=54,US)
135.148.33.65	32	GM	None	2021-03-09 00:00:00	2021-06-07 00:00:00	None	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00627 (IP=65,US)
135.148.33.68	32	RW	None	2021-03-10 00:00:00	2021-06-10 00:00:00	None	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00663 (IP=68,US)
135.148.33.93	32	EE	None	2021-03-10 00:00:00	2021-06-08 00:00:00	None	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00666 (IP=93,US)
135.148.33.94	32	wmp	None	2021-01-14 00:00:00	2021-04-14 00:00:00	None	Suspicious Scan Activity (IP=94,US)
135.181.127.68	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=68,FI)
135.181.134.210	24	BMP	None	2021-02-04 00:00:00	2021-05-04 00:00:00	None	SQL injection - 6hr Web Attacks (IP=210,CA)
135.181.135.187	24	RR	None	2021-05-18 00:00:00	2021-08-16 00:00:00	None	SQL injection - Web Attacks (IP=187,CA)
135.181.19.244	24	FT	None	2021-02-25 00:00:00	2021-05-25 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt (1:28556:3) - SourceFire (IP=7,FI)
135.181.211.109	32	jkc	None	2021-04-21 00:00:00	2021-10-21 00:00:00	None	Case # 5273 IOC_TO-S-2021-1233 Malicious callback IP
135.181.39.79	24	DT	None	2021-03-21 00:00:00	2021-06-19 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=79,FI)
135.181.5.180	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	CA Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
136.0.111.15	32	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	US TO-S-2020-0315 Malicious Web Application Activity
136.143.186.52	32	wmp	None	2020-06-19 00:00:00	2021-07-29 00:00:00	None	HIVE Case #3038 CTO-20-168 (IP=52,US) | updated by dbc Block expiration extended with reason US TO-S-2020-0698 Malicious Email Activity
136.143.19.69	24	EE	None	2021-02-13 00:00:00	2021-05-13 00:00:00	None	SERVER-WEBAPP LifeRay arbitrary Java object deserialization attempt (1:56800:1) - SourceFire (IP=69,NL)
136.143.84.208	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	NL TO-S-2020-0459 Malware Activity
136.144.177.150	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	NL TO-S-2020-0331 Malware Activity
136.144.209.115	32	RR	None	2019-07-01 00:00:00	2021-04-23 00:00:00	None	SQL 1 = 1 - possible sql injection attempt - 6 hr Web Attacks (IP=115,US) | updated by dbc Block was inactive. Reactivated on 20200423 with reason NL TO-S-2020-0459 Malware Activity
136.144.209.93	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	NL TO-S-2020-0459 Malware Activity
136.144.238.23	32	dbc	None	2020-09-23 00:00:00	2021-09-23 00:00:00	None	NL TO-S-2020-0826 Hive Case 3950 Malicious Email Activity
136.144.240.13	24	SW	None	2021-06-28 00:00:00	2021-09-26 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - Source Fire (IP=13,NL)
136.144.250.90	24	RR	None	2020-12-23 00:00:00	2021-03-23 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=90,NL)
136.163.203.5	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	SE TO-S-2020-0535 Malware Activity
136.163.203.6	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	SE TO-S-2020-0535 Malware Activity
136.228.129.251	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	KH TO-S-2020-0331 Malicious Web Application Activity
136.228.163.98	24	RR	None	2021-05-14 00:00:00	2021-08-12 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Web Attacks (IP=98,MM)
136.232.13.34	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	IN Hive Case 4237 TO-S-2021-0910 Malware Activity
136.232.163.98	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=98,IN)
136.232.192.74	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	IN TO-S-2021-0949 Hive Case 4363 Malware Activity
136.232.212.74	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	IN Hive Case 4237 TO-S-2021-0910 Malware Activity
136.232.215.26	24	ZH	None	2021-07-04 00:00:00	2021-10-02 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - Sourcefire Rpt (IP=26,IN)
136.232.217.102	24	RT	None	2021-09-19 00:00:00	2021-12-18 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - 6HR WebAttack (IP=102,IN)
136.232.46.90	24	RW	None	2020-11-12 00:00:00	2021-02-12 00:00:00	None	Authentication Failed - 6hr Failed
136.232.57.206	32	TLM	None	2021-07-29 00:00:00	2021-10-27 00:00:00	None	HIVE Case #5884 TO-S-2021-1435 (IP=206,IN)
136.232.98.198	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	IN Hive Case 4187 TO-S-2021-0898 Malware Activity
136.232.98.210	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=210,IN)
136.233.116.82	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	IN TO-S-2021-0876 Hive Case 4166 Malware Activity
136.243.102.120	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	DE Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
136.243.111.194	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	DE TO-S-2020-0298 Malicious Email Activity
136.243.129.188	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	DE Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
136.243.136.201	24	RR	None	2020-10-28 00:00:00	2021-01-26 00:00:00	None	SERVER-WEBAPP Ulterius web server directory traversal attempt - Web Attacks (IP=201,DE)
136.243.154.115	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	DE TO-S-2020-0698 Malware Activity
136.243.156.142	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	DE TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
136.243.156.240	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	DE TO-S-2020-0750 Malicious Email Activity
136.243.177.133	32	jkc	None	2021-04-21 00:00:00	2021-10-21 00:00:00	None	Case # 5273 IOC_TO-S-2021-1233 Malicious callback IP
136.243.209.200	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	DE Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
136.243.48.221	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	DE Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
136.243.5.208	32	dbc	None	2020-03-24 00:00:00	2021-03-24 00:00:00	None	DE TO-S-2020-0369 Malicious Email Activity
136.243.50.104	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=104,DE)
136.243.74.86	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	DE TO-S-2021-0876 Hive Case 4166 Malicious Web Application Activity
136.244.107.147	24	RB	None	2020-11-22 00:00:00	2021-02-22 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - 6hr web attacks (IP=147,NL)
136.244.67.59	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	GB Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
136.244.96.106	32	NAB	None	2020-11-09 00:00:00	2021-02-07 00:00:00	None	HIVE Case #4283 COLS-NA-TIP-20-0346 (IP=106,NL)
136.34.32.217	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=217,US)
136.36.121.83	32	DT	None	2021-04-23 00:00:00	2021-07-23 00:00:00	None	Self Report/AAG Secure Server(2) - IR# 21C01052 (IP=83,US)
136.53.79.179	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=179,US)
137.116.194.134	24	BMP	None	2021-03-27 00:00:00	2021-06-26 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=134,NL) | updated by EE Block expiration extended with reason HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=134,NL)
137.117.16.117	32	WR	None	2021-08-27 00:00:00	2021-11-25 00:00:00	None	Attempted Access - Inbound Brute Force - TT# 21C01624 (IP=117,US)
137.117.199.144	32	srm	None	2021-03-30 00:00:00	2021-06-30 00:00:00	None	Firepower Suspicious Scan Activity (IP=144,NL)
137.119.36.33	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malware Activity
137.135.80.83	32	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	US TO-S-2020-0838 Malicious Email Activity
137.184.12.44	32	NAB	None	2021-08-23 00:00:00	2021-11-21 00:00:00	None	HIVE Case #NA FP Security (IP=44,US)
137.184.129.124	32	RT	None	2021-09-27 00:00:00	2021-12-26 00:00:00	None	SQL injection - 6 HR WebAttack (IP=124,US)
137.184.129.168	32	RT	None	2021-09-27 00:00:00	2021-12-26 00:00:00	None	SQL injection - 6 HR WebAttack (IP=168,US)
137.184.129.197	32	RT	None	2021-09-27 00:00:00	2021-12-26 00:00:00	None	SQL injection - 6 HR WebAttack (IP=197,US)
137.184.129.221	32	RT	None	2021-09-27 00:00:00	2021-12-26 00:00:00	None	SQL injection - 6 HR WebAttack (IP=221,US)
137.184.129.242	32	RT	None	2021-09-27 00:00:00	2021-12-26 00:00:00	None	SQL injection - 6 HR WebAttack (IP=242,US)
137.184.129.45	32	RT	None	2021-09-27 00:00:00	2021-12-26 00:00:00	None	SQL injection - 6 HR WebAttack (IP=45,US)
137.184.135.29	32	DT	None	2021-09-23 00:00:00	2021-12-22 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - TT# 21C01947 (IP=29,US)
137.184.135.54	32	RT	None	2021-09-27 00:00:00	2021-12-26 00:00:00	None	SQL injection - 6 HR WebAttack (IP=54,US)
137.184.139.115	32	RT	None	2021-09-27 00:00:00	2021-12-26 00:00:00	None	SQL injection - 6 HR WebAttack (IP=115,US)
137.184.139.117	32	RT	None	2021-09-27 00:00:00	2021-12-26 00:00:00	None	SQL injection - 6 HR WebAttack (IP=117,US)
137.184.139.138	32	RT	None	2021-09-27 00:00:00	2021-12-26 00:00:00	None	SQL injection - 6 HR WebAttack (IP=138,US)
137.184.139.169	32	DT	None	2021-09-23 00:00:00	2021-12-22 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - TT# 21C01945 (IP=169,US)
137.184.139.229	32	RT	None	2021-09-27 00:00:00	2021-12-26 00:00:00	None	SQL injection - 6 HR WebAttack (IP=229,US)
137.184.139.35	32	RB	None	2021-09-23 00:00:00	2021-12-22 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - TT# 21C01942 (IP=35,US)
137.184.139.37	32	RT	None	2021-09-27 00:00:00	2021-12-26 00:00:00	None	SQL injection - 6 HR WebAttack (IP=37,US)
137.184.139.38	32	RT	None	2021-09-27 00:00:00	2021-12-26 00:00:00	None	SQL injection - 6 HR WebAttack (IP=38,US)
137.184.142.124	32	RT	None	2021-09-27 00:00:00	2021-12-26 00:00:00	None	SQL injection - 6 HR WebAttack (IP=124,US)
137.184.142.89	32	RT	None	2021-09-27 00:00:00	2021-12-26 00:00:00	None	SQL injection - 6 HR WebAttack (IP=89,US)
137.184.3.98	32	KH	None	2021-09-22 00:00:00	2021-12-21 00:00:00	None	SQL injection - 6 hr Web Attacks (IP=98,US)
137.184.44.0	32	RT	None	2021-09-27 00:00:00	2021-12-26 00:00:00	None	SQL injection - 6 HR WebAttack (IP=0,US)
137.184.48.101	32	ZH	None	2021-08-22 00:00:00	2021-11-20 00:00:00	None	SQL injection - 6hr Web Attacks (IP=101,US)
137.184.49.7	24	RR	None	2021-08-19 00:00:00	2021-11-17 00:00:00	None	Command Injection - Automated Block (IP=7,US)
137.184.50.199	32	ZH	None	2021-08-22 00:00:00	2021-11-20 00:00:00	None	ABC Command Injection (IP=199,US)
137.184.50.225	32	ZH	None	2021-08-21 00:00:00	2021-11-19 00:00:00	None	ABC Command Injection (IP=225,US)
137.184.50.30	32	DT	None	2021-08-20 00:00:00	2021-11-18 00:00:00	None	Command Injection (IP=30,US)
137.184.54.255	24	RR	None	2021-08-19 00:00:00	2021-11-17 00:00:00	None	Command Injection - Automated Block (IP=255,US)
137.184.59.1	32	AR	None	2021-08-21 00:00:00	2021-11-19 00:00:00	None	SQL injection - 6Hr Web Attack (IP=1,US)
137.184.59.161	32	AR	None	2021-08-21 00:00:00	2021-11-19 00:00:00	None	SQL injection - 6Hr Web Attack (IP=161,US)
137.184.60.159	32	DT	None	2021-08-20 00:00:00	2021-11-18 00:00:00	None	Command Injection (IP=159,US)
137.184.60.75	32	DT	None	2021-08-21 00:00:00	2021-11-19 00:00:00	None	Command Injection (IP=75,US)
137.184.64.72	32	AR	None	2021-08-21 00:00:00	2021-11-19 00:00:00	None	SQL injection - 6Hr Web Attack (IP=72,US)
137.184.66.88	32	BB	None	2021-08-23 00:00:00	2021-11-21 00:00:00	None	SQL injection - Web Attacks (IP=88,US)
137.184.70.228	32	ZH	None	2021-08-22 00:00:00	2021-11-20 00:00:00	None	SQL injection - 6hr Web Attacks (IP=228,US)
137.184.74.123	24	ZH	None	2021-08-22 00:00:00	2021-11-20 00:00:00	None	SQL Injection and multiple signatures from across IP range - Imperva (IP=134,US)
137.184.76.17	32	AR	None	2021-08-21 00:00:00	2021-11-19 00:00:00	None	SQL injection - 6Hr Web Attack (IP=17,US)
137.184.76.39	32	AR	None	2021-08-21 00:00:00	2021-11-19 00:00:00	None	SQL injection - 6Hr Web Attack (IP=39,US)
137.208.57.37	32	NAB	None	2021-08-04 00:00:00	2021-09-30 00:00:00	None	HIVE Case #NA FP Security (IP=37,AT) | Unblocked - IP belongs to www[.]cran.r-project[.]org. CRAN is a dependency of R studio, an approved app in the app portal.
137.220.128.133	32	dbc	None	2020-05-22 00:00:00	2021-05-27 00:00:00	None	Unafilliated TO-S-2020-0559 Malicious Email Activity | updated by dbc Block expiration extended with reason Unafilliated TO-S-2020-0559.01 Malicious Email Activity
137.220.141.126	32	TLM	None	2021-06-17 00:00:00	2021-12-17 00:00:00	None	HIVE Case #5644 TO-S-2021-1352 (IP=126,JP)
137.220.141.73	32	TLM	None	2021-06-17 00:00:00	2021-12-17 00:00:00	None	HIVE Case #5644 TO-S-2021-1352 (IP=73,JP)
137.220.175.123	32	dbc	None	2020-09-23 00:00:00	2021-09-23 00:00:00	None	JP TO-S-2020-0826 Hive Case 3950 Malicious Email Activity
137.220.175.190	24	RR	None	2021-02-10 00:00:00	2021-05-11 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=190,KH)
137.220.175.63	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	KH TO-S-2020-0750 Malicious Email Activity
137.220.184.167	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	KH TO-S-2020-0493 Malware Activity
137.220.184.65	32	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	JP TO-S-2020-0838 Malicious Email Activity
137.220.201.10	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	JP TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
137.220.201.125	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	JP TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
137.220.201.223	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	JP Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
137.220.245.78	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=78,KH)
137.59.101.172	24	EE	None	2021-03-19 00:00:00	2021-06-17 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=172,HK)
137.59.108.0	22	NAB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HIVE Case #5136 TO-S-21-1197 TO-S-21-1197.01 (IP=0,MY)
137.59.110.47	24	BMP	None	2021-07-27 00:00:00	2021-10-25 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=47,MY)
137.59.187.107	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	SG TO-S-2021-0876 Hive Case 4166 Malware Activity
137.74.1.68	32	dbc	None	2020-09-17 00:00:00	2021-09-17 00:00:00	None	PL TO-S-2020-0805 Malicious Email Activity
137.74.106.111	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	FR TO-S-2021-0876 Hive Case 4166 Malware Activity
137.74.117.7	32	srm	None	2021-03-30 00:00:00	2021-06-30 00:00:00	None	Firepower Suspicious Scan Activity (IP=7,FR)
137.74.12.250	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	FR TO-S-2020-0750 Malicious Email Activity
137.74.148.93	24	RR	None	2020-11-26 00:00:00	2021-02-24 00:00:00	None	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt - SourceFire (IP=93,FR)
137.74.157.80	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	FR TO-S-2020-0331 Malware Activity
137.74.157.81	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	FR TO-S-2020-0331 Malware Activity
137.74.157.82	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	FR TO-S-2020-0331 Malware Activity
137.74.157.88	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	FR TO-S-2020-0331 Malware Activity
137.74.157.89	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	FR TO-S-2020-0331 Malware Activity
137.74.158.99	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	PT TO-S-2020-0459 Malware Activity
137.74.181.228	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	FR TO-S-2021-0949 Hive Case 4363 Malicious Email Activity
137.74.247.226	32	NAB	None	2021-04-05 00:00:00	2021-07-04 00:00:00	None	HIVE Case #5201 TO-S-21-1209 (IP=226,FR)
137.74.40.15	24	FT	None	2021-03-27 00:00:00	2021-06-25 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=15,FR)
137.74.50.158	32	DT	None	2020-10-06 00:00:00	2021-01-06 00:00:00	None	Unauthorized Access-Probe / UDP: Host Sweep - TT # 21C00046 (IP=158,FR)
137.74.85.17	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	FR TO-S-2020-0493 Malware Activity
138.0.102.202	24	RB	None	2021-02-11 00:00:00	2021-05-12 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - Sourcefire (IP=202,BR)
138.0.200.225	32	TLM	None	2021-06-10 00:00:00	2021-12-10 00:00:00	None	HIVE CASE #5606 TO-S-2021-1338
138.117.116.0	22	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	BR TO-S-2020-0331 Malicious Web Application Activity
138.117.120.0	22	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	BR TO-S-2020-0298 Malicious Email Activity
138.117.140.136	24	KH	None	2021-08-27 00:00:00	2021-11-25 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web attacks (IP=136,GT)
138.117.148.0	24	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	CL TO-S-2020-0838 Malicious Email Activity
138.117.79.101	24	RW	None	2021-03-25 00:00:00	2021-06-25 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Sourcefire (IP=101,AR)
138.117.84.0	24	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	CO Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
138.118.143.19	24	RT	None	2021-09-20 00:00:00	2021-12-19 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 21C01900 (IP=19,BR)
138.121.128.0	22	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	BR TO-S-2020-0298 Malicious Email Activity
138.121.202.190	24	GM	None	2021-03-11 00:00:00	2021-06-11 00:00:00	None	SERVER-WEBAPP Oracle WebLogic Server command injection attempt - Web Attacks (IP=190,CO)
138.121.202.190	24	GM	None	2021-03-11 00:00:00	2021-06-11 00:00:00	None	SERVER-WEBAPP Oracle WebLogic Server command injection attempt - Web Attacks (IP=190,CO)
138.121.202.190	24	GM	None	2021-03-11 00:00:00	2021-06-11 00:00:00	None	SERVER-WEBAPP Oracle WebLogic Server command injection attempt - Web Attacks (IP=190,CO)
138.121.91.136	24	JKC	None	2021-08-30 00:00:00	2021-11-28 00:00:00	None	HIVE Case #NA AC HUNTER Malicious websites (IP=136,AR)
138.122.20.0	22	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	BR TO-S-2020-0303 Malicious Email Activity
138.122.79.130	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	GR TO-S-2020-0303 Malicious Email Activity
138.128.167.226	32	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	US TO-S-2020-0838 Malicious Email Activity
138.128.180.226	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	IN Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
138.128.181.122	32	wmp	None	2020-08-20 00:00:00	2021-09-29 00:00:00	None	HIVE Case #3601 COLS-NA-TIP-20-0260 (IP=122,US) | updated by dbc Block expiration extended with reason US TO-S-2020-0838 Malicious Email Activity
138.128.185.164	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
138.130.138.252	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	AU TO-S-2020-0298 Malicious Email Activity
138.185.120.0	22	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	BR TO-S-2020-0331 Malicious Web Application Activity
138.185.124.0	22	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	BR TO-S-2020-0303 Malicious Email Activity
138.185.140.0	24	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	AR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
138.185.32.0	22	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	BR TO-S-2020-0750 Malicious Email Activity
138.186.4.0	22	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	US TO-S-2020-0303 Malicious Email Activity
138.186.8.0	22	dbc	None	2020-09-17 00:00:00	2021-09-17 00:00:00	None	CL TO-S-2020-0805 Malicious Email Activity
138.19.164.135	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	HK Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
138.197.102.225	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
138.197.104.223	32	BMP	None	2021-06-23 00:00:00	2021-09-21 00:00:00	None	SQL injection - 6hr Web Attacks (IP=223,US)
138.197.105.195	32	KD	None	2021-06-07 00:00:00	2021-09-06 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability- Web Attacks (IP=195,US)
138.197.132.233	24	RR	None	2021-05-06 00:00:00	2021-08-04 00:00:00	None	SQL injection - Web Attacks (IP=233,CA)
138.197.134.141	32	wmp	None	2021-06-22 00:00:00	2021-09-22 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=141,CA)
138.197.135.224	24	RR	None	2021-05-13 00:00:00	2021-08-11 00:00:00	None	SQL injection - Web Attacks (IP=224,CA)
138.197.135.55	32	wmp	None	2021-03-11 00:00:00	2021-06-11 00:00:00	None	ArcSight High Attacker (IP=55,CA)
138.197.137.58	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	CA TO-S-2021-0876 Hive Case 4166 Malware Activity
138.197.141.156	24	BMP	None	2021-01-11 00:00:00	2021-04-11 00:00:00	None	Backdoor.TROCHILUS - Hive Case 4744 (IP=156,CA)
138.197.155.68	32	wmp	None	2020-09-22 00:00:00	2021-10-21 00:00:00	None	HIVE Case #3941 TO-S-2020-0821 COLS-NA-TIP-20-0298 (IP=68,CA) | updated by dbc Block expiration extended with reason CA TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
138.197.161.29	24	BMP	None	2021-03-27 00:00:00	2021-04-21 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=29,CA)| Unblocked - IP belongs to www.ijc.org
138.197.173.190	24	RR	None	2021-03-11 00:00:00	2021-06-09 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=190,CA)
138.197.178.170	24	BMP	None	2021-05-13 00:00:00	2021-08-11 00:00:00	None	SQL injection - 6hr Web Attacks (IP=170,DE)
138.197.178.170	24	BMP	None	2021-05-13 00:00:00	2021-08-11 00:00:00	None	SQL injection - 6hr Web Attacks (IP=170,DE) SQL injection - 6hr Web Attacks (IP=170,DE)
138.197.178.28	24	RR	None	2021-03-30 00:00:00	2021-06-28 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=28,DE)
138.197.178.28	24	DT	None	2021-03-30 00:00:00	2021-06-28 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=28,DE)
138.197.179.142	24	RB	None	2021-03-11 00:00:00	2021-06-09 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=142,DE)
138.197.181.109	32	wmp	None	2021-05-07 00:00:00	2021-08-07 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=109,DE)
138.197.185.208	32	RB	None	2020-10-15 00:00:00	2021-01-13 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 21C00127 (IP=208,US)
138.197.188.42	24	RB	None	2021-03-29 00:00:00	2021-06-27 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=42,DE)
138.197.189.135	24	RR	None	2021-05-04 00:00:00	2021-08-02 00:00:00	None	SQL injection - Web Attacks (IP=135,DE)
138.197.190.34	24	CR	None	2021-05-04 00:00:00	2021-08-03 00:00:00	None	SQL injection - 6hr Web Attacks (IP=34,DE)
138.197.191.0	32	wmp	None	2021-05-14 00:00:00	2021-08-14 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=0,DE)
138.197.199.149	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	US TO-S-2020-0331 Malware Activity
138.197.209.65	32	BMP	None	2020-10-17 00:00:00	2021-01-15 00:00:00	None	HTTP: SQL Injection - Exploit II - 6hr Web Attacks (IP=65,US)
138.197.64.196	32	BMP	None	2021-04-02 00:00:00	2021-07-01 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=196,US)
138.197.65.237	32	wmp	None	2021-04-29 00:00:00	2021-07-29 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=237,US)
138.197.66.230	32	dbc	None	2020-09-01 00:00:00	2021-09-01 00:00:00	None	US HIVE Case #3744 TO-S-2020-0772 Malicious Email Activity
138.197.68.6	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	US TO-S-2020-0493 Malware Activity
138.197.73.150	32	DT	None	2021-04-16 00:00:00	2021-07-15 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - 6hr web attacks (IP=150,US)
138.197.74.48	32	DT	None	2021-03-14 00:00:00	2021-06-24 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=48,US) | updated by BMP Block expiration extended with reason HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=48,US) HTTP: PHPUn
138.197.74.48	32	BMP	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=48,US) | updated by BMP Block expiration extended with reason HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=48,US) HTTP: PHPUn
138.197.75.2	32	RW	None	2021-08-18 00:00:00	2021-11-16 00:00:00	None	Command Injection (IP=2,US)
138.197.89.132	32	FT	None	2021-03-30 00:00:00	2021-08-14 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=132,US) | updated by RW Block expiration extended with reason HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=132,US) HTTP: ThinkPHP CMS Getshell Vulnerabil
138.197.89.132	32	RW	None	2021-05-16 00:00:00	2021-08-14 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=132,US) | updated by RW Block expiration extended with reason HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=132,US) HTTP: ThinkPHP CMS Getshell Vulnerabil
138.197.9.1	32	BMP	None	2021-06-10 00:00:00	2021-09-08 00:00:00	None	SQL injection - 6hr Web Attacks (IP=1,US)
138.197.96.51	32	RB	None	2018-07-21 05:00:00	2021-04-23 00:00:00	None	SQL 1 = 1 - possible sql injection attempt (IP=51 US) | updated by dbc Block was inactive. Reactivated on 20200423 with reason US TO-S-2020-0459 Malware Activity
138.199.16.113	32	wmp	None	2021-04-16 00:00:00	2021-07-16 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=113,FR)
138.199.50.51	32	KH	None	2021-07-29 00:00:00	2021-10-27 00:00:00	None	Self-Report/URL Manipulation - TT# 21C01496
138.201.142.125	32	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	DE TO-S-2020-0838 Malicious Email Activity
138.201.153.70	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	DE TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
138.201.160.37	32	dbc	None	2020-05-13 00:00:00	2021-05-13 00:00:00	None	Unaffiliated TO-S-2020-0503 Malicious Email Activity
138.201.186.43	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	DE Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
138.201.65.237	32	dbc	None	2020-09-17 00:00:00	2021-09-17 00:00:00	None	DE TO-S-2020-0805 Malicious Email Activity
138.201.79.102	32	dbc	None	2020-09-23 00:00:00	2021-09-23 00:00:00	None	DE TO-S-2020-0826 Hive Case 3950 Malicious Email Activity
138.204.144.0	22	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	BR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
138.204.56.0	22	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	BR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
138.219.252.0	22	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	BR TO-S-2020-0298 Malicious Email Activity
138.219.40.138	24	BMP	None	2021-02-23 00:00:00	2021-05-24 00:00:00	None	SERVER-WEBAPP JBoss JMXInvokerServlet access attempt (1:24343:4) - SourceFire (IP=38,AR)
138.238.248.233	32	RR	None	2021-01-07 00:00:00	2021-04-07 00:00:00	None	Hello Peppa Scan - IPS Events (IP=233,US)
138.246.253.24	32	wmp	None	2021-03-11 00:00:00	2021-06-11 00:00:00	None	ArcSight High Attacker (IP=24,DE)
138.255.105.232	24	SW	None	2021-08-25 00:00:00	2021-11-23 00:00:00	None	SERVER-WEBAPP Microsoft Exchange Server server side request forgery attempt - WebAttacks (IP=232, BR)
138.255.196.0	22	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	BR TO-S-2020-0331 Malicious Web Application Activity
138.255.207.70	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	BR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
138.36.104.0	22	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	BR TO-S-2020-0298 Malicious Email Activity
138.36.240.0	22	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	BR TO-S-2020-0331 Malicious Web Application Activity
138.59.172.0	22	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	AR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
138.59.204.0	22	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	HN TO-S-2020-0493 Malware Activity
138.59.244.0	22	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	AR TO-S-2020-0331 Malicious Web Application Activity
138.68.0.148	32	NAB	None	2020-10-30 00:00:00	2021-01-28 00:00:00	None	HIVE Case #4238 COLS-NA-TIP-20-0344 (IP=148,US)
138.68.1.105	32	CR	None	2019-07-08 00:00:00	2021-04-23 00:00:00	None	SQL url ending in comment characters - possible sql injection attempt - SourceFire (IP=105,US) | updated by dbc Block was inactive. Reactivated on 20200423 with reason US TO-S-2020-0459 Malware Activity
138.68.108.109	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	DE TO-S-2020-0298 Malware Activity
138.68.11.40	32	GED	None	2020-12-04 00:00:00	2021-03-04 00:00:00	None	HIVE Case #NA FP CIO Policy (IP=40,US)
138.68.12.60	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	US TO-S-2020-0303 Malicious Web Application Activity
138.68.128.219	24	GLM	None	2021-04-04 00:00:00	2021-07-03 00:00:00	None	HTTP SQL Injection Attempt - Web Attacks (IP=219,GB)
138.68.128.219	32	GLM	None	2021-04-04 00:00:00	2021-07-03 00:00:00	None	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - TT # 21C00950 (IP=219,US)
138.68.130.180	24	DT	None	2021-04-23 00:00:00	2021-07-23 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=180,GB)
138.68.135.24	32	GLM	None	2021-04-04 00:00:00	2021-07-03 00:00:00	None	HTTP: Apache Struts2 XML Deserialization Remote Code Execution (CVE-2017-9805) - TT # 21C00927 (IP=24,US)
138.68.135.7	32	wmp	None	2021-05-13 00:00:00	2021-08-13 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=7,GB)
138.68.136.76	24	GLM	None	2021-04-04 00:00:00	2021-07-03 00:00:00	None	HTTP SQL Injection Attempt - Web Attacks (IP=76,GB)
138.68.136.76	32	GLM	None	2021-04-04 00:00:00	2021-07-03 00:00:00	None	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - TT # 21C00945 (IP=76,US)
138.68.137.168	32	GLM	None	2021-04-04 00:00:00	2021-07-03 00:00:00	None	HTTP: Apache Struts2 XML Deserialization Remote Code Execution (CVE-2017-9805) - TT # 21C00935 (IP=168,US)
138.68.138.128	24	RR	None	2021-05-14 00:00:00	2021-08-12 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web attacks (IP=128,UK) | updated by RB Block expiration extended with reason HTTP: PHPUnit Remote Code Execution Vulnerability - 6hr web attacks (IP=128,CB) HTTP: PHPUnit Remote Code
138.68.138.128	24	RW	None	2021-05-08 00:00:00	2021-08-12 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web attacks (IP=128,UK) | updated by RB Block expiration extended with reason HTTP: PHPUnit Remote Code Execution Vulnerability - 6hr web attacks (IP=128,CB) HTTP: PHPUnit Remote Code
138.68.138.128	24	RB	None	2021-05-10 00:00:00	2021-08-12 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web attacks (IP=128,UK) | updated by RB Block expiration extended with reason HTTP: PHPUnit Remote Code Execution Vulnerability - 6hr web attacks (IP=128,CB) HTTP: PHPUnit Remote Code
138.68.139.210	32	GLM	None	2021-04-04 00:00:00	2021-07-03 00:00:00	None	HTTP: Apache Struts2 Remote Command Execution Vulnerability - TT # 21C00942 and # 21C00943 (IP=210,US)
138.68.141.169	32	wmp	None	2021-05-13 00:00:00	2021-08-13 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=169,GB)
138.68.145.134	32	GLM	None	2021-04-04 00:00:00	2021-07-03 00:00:00	None	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - TT # 21C00938 (IP=134,US)
138.68.145.153	24	GLM	None	2021-04-04 00:00:00	2021-07-03 00:00:00	None	HTTP SQL Injection Attempt - Web Attacks (IP=153,GB)
138.68.145.153	32	GLM	None	2021-04-04 00:00:00	2021-07-03 00:00:00	None	HTTP: Apache Struts2 XML Deserialization Remote Code Execution (CVE-2017-9805) - TT # 21C00929 (IP=153,US)
138.68.145.56	32	GLM	None	2021-04-04 00:00:00	2021-07-03 00:00:00	None	HTTP: Apache Struts OGNL Code Execution - TT # 21C00937 (IP=56,US)
138.68.145.70	32	GLM	None	2021-04-04 00:00:00	2021-07-03 00:00:00	None	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - TT # 21C00934 (IP=70,US)
138.68.148.113	32	EE	None	2021-04-04 00:00:00	2021-07-03 00:00:00	None	HTTP: Apache Struts2 Remote Command Execution Vulnerability - TT# 21C00952 (IP=113,US)
138.68.148.170	32	EE	None	2021-04-04 00:00:00	2021-07-03 00:00:00	None	HTTP: Apache Struts2 XML Deserialization Remote Code Execution (CVE-2017-9805) - TT# 21C00956 (IP=170,US)
138.68.148.213	32	GLM	None	2021-04-04 00:00:00	2021-07-03 00:00:00	None	HTTP: Apache Struts OGNL Code Execution - TT # 21C00931 (IP=213,US)
138.68.148.220	24	GLM	None	2021-04-04 00:00:00	2021-07-03 00:00:00	None	HTTP SQL Injection Attempt - Web Attacks (IP=220,GB)
138.68.148.220	32	EE	None	2021-04-04 00:00:00	2021-07-03 00:00:00	None	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - TT# 21C00953 (IP=220,US)
138.68.148.41	32	GLM	None	2021-04-04 00:00:00	2021-07-03 00:00:00	None	HTTP: Apache Struts OGNL Code Execution - TT # 21C00941 (IP=41,US)
138.68.149.30	32	GLM	None	2021-04-04 00:00:00	2021-07-03 00:00:00	None	HTTP: Apache Struts2 XML Deserialization Remote Code Execution (CVE-2017-9805) - TT # 21C00928 (IP=30,US)
138.68.149.48	24	GLM	None	2021-04-04 00:00:00	2021-07-03 00:00:00	None	SERVER-WEBAPP Multiple routers getcfg.php credential disclosure attempt - Web Attacks (IP=48,GB)
138.68.149.48	32	GLM	None	2021-04-04 00:00:00	2021-07-03 00:00:00	None	HTTP: Apache Struts2 XML Deserialization Remote Code Execution (CVE-2017-9805) - TT # 21C00930 (IP=48,US)
138.68.149.70	32	EE	None	2021-04-04 00:00:00	2021-07-03 00:00:00	None	HTTP: Apache Struts OGNL Code Execution TT# 21C00964 (IP=70,US)
138.68.150.49	32	GLM	None	2021-04-04 00:00:00	2021-07-03 00:00:00	None	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - TT # 21C00936 (IP=49,US)
138.68.152.61	24	EE	None	2021-04-08 00:00:00	2021-07-07 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attack (IP=61,GB)
138.68.152.68	32	GLM	None	2021-04-04 00:00:00	2021-07-03 00:00:00	None	HTTP: Apache Struts OGNL Code Execution - TT # 21C00932 (IP=68,US)
138.68.153.191	32	GLM	None	2021-04-04 00:00:00	2021-07-03 00:00:00	None	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - TT # 21C00939 (IP=191,US)
138.68.153.231	32	GLM	None	2021-04-04 00:00:00	2021-07-03 00:00:00	None	HTTP: Apache Struts2 Remote Command Execution Vulnerability - TT # 21C00951 (IP=231,US)
138.68.153.251	24	GLM	None	2021-04-04 00:00:00	2021-07-03 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=251,GB)
138.68.153.251	32	EE	None	2021-04-04 00:00:00	2021-07-03 00:00:00	None	HTTP: Apache Struts2 XML Deserialization Remote Code Execution (CVE-2017-9805) - TT# 21C00957 (IP=251,US)
138.68.153.95	32	GLM	None	2021-04-04 00:00:00	2021-07-03 00:00:00	None	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - TT # 21C00944 (IP=95,US)
138.68.154.133	32	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	GB TO-S-2020-0315 Malware Activity
138.68.154.182	32	EE	None	2021-04-04 00:00:00	2021-07-03 00:00:00	None	HTTP: Apache Struts2 XML Deserialization Remote Code Execution (CVE-2017-9805) - TT# 21C00954 (IP=182,US)
138.68.154.206	32	EE	None	2021-04-04 00:00:00	2021-07-03 00:00:00	None	HTTP: Apache Struts OGNL Code Execution - TT# 21C00955 (IP=206,US)
138.68.154.255	24	KD	None	2021-09-04 00:00:00	2021-12-03 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt (1:28556:3) - SOURCEFIRE REPORT (IP=255,GB)
138.68.154.40	32	GLM	None	2021-04-04 00:00:00	2021-07-03 00:00:00	None	HTTP: Apache Struts OGNL Code Execution - TT # 21C00933 (IP=40,US)
138.68.155.103	24	RW	None	2021-08-31 00:00:00	2021-11-29 00:00:00	None	SERVER-WEBAPP VMWare vSphere Client remote code execution attempt - Web Attacks (IP=103,GB)
138.68.156.133	24	GLM	None	2021-04-04 00:00:00	2021-07-03 00:00:00	None	HTTP: SQL Injection - Exploit - Web Attacks (IP=133,GB)
138.68.156.133	32	GLM	None	2021-04-04 00:00:00	2021-07-03 00:00:00	None	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - TT # 21C00940 (IP=133,US)
138.68.160.192	24	BMP	None	2021-03-23 00:00:00	2021-06-21 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=192,GB)
138.68.161.204	24	KD	None	2021-09-04 00:00:00	2021-12-03 00:00:00	None	SERVER-WEBAPP Atlassian Confluence OGNL injection remote code execution attempt (1:58094:1) - SOURCEFIRE REPORT (IP=204,GB)
138.68.161.204	24	KD	None	2021-09-04 00:00:00	2021-12-03 00:00:00	None	SERVER-WEBAPP Atlassian Confluence OGNL injection remote code execution attempt - Web Attacks (IP=204,GB)
138.68.164.113	24	RB	None	2021-04-06 00:00:00	2021-07-05 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr web attacks (IP=113,GB)
138.68.165.154	24	EE	None	2021-04-15 00:00:00	2021-08-10 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attack (IP=154,GB) | updated by RB Block expiration extended with reason HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=154,GB) HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks
138.68.165.154	24	RB	None	2021-05-10 00:00:00	2021-08-10 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attack (IP=154,GB) | updated by RB Block expiration extended with reason HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=154,GB) HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks
138.68.166.36	32	wmp	None	2021-05-10 00:00:00	2021-08-10 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=36,GB)
138.68.170.223	32	wmp	None	2021-05-27 00:00:00	2021-08-27 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=223,GB)
138.68.171.142	32	wmp	None	2021-06-15 00:00:00	2021-09-15 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=142,GB)
138.68.176.190	24	EE	None	2021-04-04 00:00:00	2021-07-03 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attack (IP=190,GB)
138.68.180.98	24	DT	None	2021-03-25 00:00:00	2021-06-23 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=98,GB)
138.68.184.169	24	BMP	None	2021-05-06 00:00:00	2021-08-05 00:00:00	None	rConfig SQL Injection Vulnerability - 6hr Web Attacks (IP=169,GB)
138.68.187.83	32	wmp	None	2021-06-15 00:00:00	2021-09-15 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=83,GB)
138.68.189.162	32	CR	None	2021-04-28 00:00:00	2021-07-28 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attemp - Sourcefire (IP=162,US)
138.68.189.162	32	CR	None	2021-04-28 00:00:00	2021-07-28 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attemp - Sourcefire (IP=162,US)
138.68.190.34	32	wmp	None	2021-04-19 00:00:00	2021-07-19 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=34,GB)
138.68.208.152	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	US TO-S-2020-0298 Malicious Email Activity
138.68.208.57	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	US TO-S-2020-0331 Malware Activity
138.68.22.230	32	RW	None	2021-03-25 00:00:00	2021-06-25 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=230,US)
138.68.23.127	32	BMP	None	2020-10-17 00:00:00	2021-01-15 00:00:00	None	OS-OTHER Bash CGI environment variable injection attempt - 6hr Web Attacks (IP=127,US)
138.68.23.189	32	RW	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Sourcefire (IP=189,US)
138.68.23.43	32	DT	None	2020-10-08 00:00:00	2021-01-06 00:00:00	None	POLICY-OTHER Adobe ColdFusion admin interface access attempt - 6hr web attacks (IP=43,US)
138.68.236.225	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
138.68.236.225	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
138.68.242.8	32	BMP	None	2021-03-30 00:00:00	2021-06-28 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=8,US)
138.68.249.70	32	GM	None	2021-01-12 00:00:00	2021-04-12 00:00:00	None	SERVER-WEBAPP Mantis Bug Tracker password reset attempt - Sourcefire (IP=70,US)
138.68.254.32	32	GM	None	2021-01-03 00:00:00	2021-04-03 00:00:00	None	SQL 1 = 1 - possible sql injection attempt - Sourcefire (IP=32,US)
138.68.27.116	32	BMP	None	2021-01-11 00:00:00	2021-04-11 00:00:00	None	Backdoor.TROCHILUS - Hive Case 4744 (IP=116,US)
138.68.31.136	32	ZH	None	2021-07-05 00:00:00	2021-10-03 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire Rpt (IP=136,US)
138.68.32.225	32	dbc	None	2019-06-07 00:00:00	2021-08-25 00:00:00	None	US TO-S-2019-0723 Malicious Email Activity | updated by srm Block was inactive. Reactivated on 20210527 with reason HIVE Case #5510 Proxy_Avoidance Firepower (IP=225,US) HIVE Case #5510 Proxy_Avoidance Firepower (IP=225,US)
138.68.32.225	32	srm	None	2021-05-27 00:00:00	2021-08-25 00:00:00	None	US TO-S-2019-0723 Malicious Email Activity | updated by srm Block was inactive. Reactivated on 20210527 with reason HIVE Case #5510 Proxy_Avoidance Firepower (IP=225,US) HIVE Case #5510 Proxy_Avoidance Firepower (IP=225,US)
138.68.41.65	32	dbc	None	2020-06-10 00:00:00	2021-06-10 00:00:00	None	US TO-S-2020-0601 Malicious Reconnaissance Activity
138.68.43.240	32	EE	None	2021-03-19 00:00:00	2021-06-17 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attack (IP=240,US)
138.68.57.207	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	US TO-S-2020-0493 Malware Activity
138.68.63.197	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	US TO-S-2020-0298 Malware Activity
138.68.70.7	24	RR	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=7,DE)
138.68.73.41	24	GM	None	2020-11-03 00:00:00	2021-02-03 00:00:00	None	Masscan TCP Port Scanner - FireEye CMS (IP=41,DE)
138.68.75.67	24	RR	None	2021-05-04 00:00:00	2021-08-02 00:00:00	None	SQL injection - Web Attacks (IP=67,DE)
138.68.77.214	24	RR	None	2021-05-02 00:00:00	2021-07-31 00:00:00	None	SQL injection - Web Attacks (IP=214,DE)
138.68.8.62	32	EE	None	2021-04-02 00:00:00	2021-07-01 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire(IP=62,US)
138.68.80.145	24	RR	None	2021-04-01 00:00:00	2021-06-30 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=145,DE)
138.68.80.145	24	RR	None	2021-04-01 00:00:00	2021-06-30 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=145,DE)
138.68.81.231	24	RB	None	2021-04-26 00:00:00	2021-07-25 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - 6hr web attacks (IP=231,DE)
138.68.81.231	24	RB	None	2021-04-26 00:00:00	2021-07-25 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Sourcefire (IP=231,DE)
138.68.95.44	24	RW	None	2021-05-01 00:00:00	2021-08-01 00:00:00	None	SQL injection - Web attacks (IP=44,DE)
138.75.177.73	32	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	SG TO-S-2020-0315 Malware Activity
138.81.131.232	32	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	CH TO-S-2020-0322 Malware Activity
138.91.244.26	32	WR	None	2021-07-21 00:00:00	2021-10-19 00:00:00	None	Attempted Access - Inbound Brute Force - TT# 21C01466 (IP=26,US)
138.94.160.0	22	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	BR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
138.94.216.5	32	KH	None	2021-07-27 00:00:00	2021-10-25 00:00:00	None	Nmap Scanner Traffic Detected - FE IPS (IP=5,US)
138.94.236.0	22	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	BR TO-S-2020-0298 Malicious Email Activity
138.97.136.0	22	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	BR TO-S-2020-0303 Malicious Email Activity
138.97.224.0	22	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	BR TO-S-2020-0331 Malicious Web Application Activity
139.130.242.43	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	AU TO-S-2021-0876 Hive Case 4166 Malware Activity
139.155.124.81	24	BMP	None	2021-04-27 00:00:00	2021-07-26 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=164,CN)
139.155.226.4	24	EE	None	2021-02-07 00:00:00	2021-05-07 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - 6 HR Web Attack (IP=4,CN)
139.155.228.9	24	ZH	None	2021-07-03 00:00:00	2021-10-01 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=9,CN)
139.155.231.29	24	DT	None	2020-11-07 00:00:00	2021-02-07 00:00:00	None	SERVER-WEBAPP ThinkPHP
139.155.234.173	24	DT	None	2021-03-13 00:00:00	2021-06-13 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=173,CN)
139.155.238.181	24	RW	None	2021-03-07 00:00:00	2021-06-07 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=181,CN)
139.155.26.47	24	DT	None	2020-12-03 00:00:00	2021-03-03 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr Web Attacks (IP=47,CN)
139.155.29.40	24	RR	None	2020-11-08 00:00:00	2021-02-06 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - SourceFire (IP=40,CN)
139.155.55.182	24	RR	None	2020-11-03 00:00:00	2021-02-01 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attcks (IP=182,CN)
139.159.176.185	24	BMP	None	2021-04-18 00:00:00	2021-07-18 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=CN,185)
139.159.180.254	24	BMP	None	2021-06-23 00:00:00	2021-09-21 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=254,CN)
139.159.180.254	24	DT	None	2021-06-23 00:00:00	2021-09-21 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=254,CN)
139.159.225.112	24	RR	None	2021-05-24 00:00:00	2021-08-22 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=112,CN)
139.162.1.180	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	SG Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
139.162.106.181	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	JP TO-S-2018-1177 associated with malicious web activity | updated by GLM Block was inactive. Reactivated on 20210403 with reason MULTIPLE UNRECOGNIZED TECHNIQUES; FORWARD TO DEV TEAM (IP=181,US) MULTIPLE UNRECOGNIZED TECHNIQUES; FORWARD TO DEV TEAM (IP
139.162.106.181	32	dcg	None	2018-09-25 05:00:00	2021-07-02 00:00:00	None	JP TO-S-2018-1177 associated with malicious web activity | updated by GLM Block was inactive. Reactivated on 20210403 with reason MULTIPLE UNRECOGNIZED TECHNIQUES; FORWARD TO DEV TEAM (IP=181,US) MULTIPLE UNRECOGNIZED TECHNIQUES; FORWARD TO DEV TEAM (IP
139.162.11.100	24	BMP	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=100,SG)
139.162.136.153	24	ZH	None	2021-07-05 00:00:00	2021-10-03 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire Rpt (IP=153,DE)
139.162.143.106	24	UA	None	2021-07-11 00:00:00	2021-10-09 00:00:00	None	SQL HTTP URI blind injection attempt (1:49666:2) - Sourcefire (IP=106,DE)
139.162.143.106	24	UA	None	2021-07-11 00:00:00	2021-10-09 00:00:00	None	SQL HTTP URI blind injection attempt - Web Attacks (IP=106,DE)
139.162.144.244	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	DE TO-S-2020-0331 Malicious Web Application Activity
139.162.145.250	32	wmp	None	2021-05-14 00:00:00	2021-08-14 00:00:00	None	ArcSight High Attacker (IP=250,DE) | updated by wmp Block was inactive. Reactivated on 20210514 with reason ArcSight ESM High Attacker Suspicious Scan Activity (IP=250,DE) ArcSight ESM High Attacker Suspicious Scan Activity (IP=250,DE)
139.162.145.250	32	wmp	None	2021-02-12 00:00:00	2021-08-14 00:00:00	None	ArcSight High Attacker (IP=250,DE) | updated by wmp Block was inactive. Reactivated on 20210514 with reason ArcSight ESM High Attacker Suspicious Scan Activity (IP=250,DE) ArcSight ESM High Attacker Suspicious Scan Activity (IP=250,DE)
139.162.147.137	32	wmp	None	2021-03-11 00:00:00	2021-06-11 00:00:00	None	ArcSight High Attacker (IP=137,DE)
139.162.155.88	32	wmp	None	2021-06-15 00:00:00	2021-09-15 00:00:00	None	ArcSight High Attacker (IP=88,DE) | updated by wmp Block was inactive. Reactivated on 20210615 with reason ArcSight ESM High Attacker Suspicious Scan Activity (IP=88,DE) ArcSight ESM High Attacker Suspicious Scan Activity (IP=88,DE)
139.162.155.88	32	wmp	None	2021-03-11 00:00:00	2021-09-15 00:00:00	None	ArcSight High Attacker (IP=88,DE) | updated by wmp Block was inactive. Reactivated on 20210615 with reason ArcSight ESM High Attacker Suspicious Scan Activity (IP=88,DE) ArcSight ESM High Attacker Suspicious Scan Activity (IP=88,DE)
139.162.156.129	32	NAB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HIVE Case #5136 TO-S-21-1197 TO-S-21-1197.01 (IP=129,DE)
139.162.157.41	24	RW	None	2020-12-27 00:00:00	2021-03-27 00:00:00	None	FTP Login Failed - 6 hr failed logons (IP=41,DE)
139.162.159.250	24	SW	None	2021-07-22 00:00:00	2021-10-20 00:00:00	None	SQL injection - WebAttacks (IP=250, DE)
139.162.164.100	32	wmp	None	2021-05-03 00:00:00	2021-08-03 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=100,DE)
139.162.169.180	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	DE TO-S-2020-0298 Malware Activity
139.162.170.190	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	DE TO-S-2020-0303 Malicious Email Activity
139.162.175.230	24	KD	None	2021-07-20 00:00:00	2021-10-18 00:00:00	None	SERVER-WEBAPP Adobe Experience Manager server side request forgery attempt (1:53688:1) - Source Fire (IP=230,DE)
139.162.175.247	24	KD	None	2021-07-20 00:00:00	2021-10-18 00:00:00	None	SERVER-WEBAPP Adobe Experience Manager server side request forgery attempt (1:53687:1) - Source Fire (IP=247,DE)
139.162.178.215	32	NAB	None	2021-05-10 00:00:00	2021-11-10 00:00:00	None	HIVE Case #NA FP Security (IP=215,DE)
139.162.180.99	32	TLM	None	2021-06-17 00:00:00	2021-12-17 00:00:00	None	HIVE Case #5644 TO-S-2021-1352 (IP=99,DE)
139.162.189.189	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	DE TO-S-2020-0298 Malware Activity
139.162.191.76	24	EE	None	2021-04-19 00:00:00	2021-07-19 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire (IP=76,DE) | updated by RW Block expiration extended with reason INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=76,DE)
139.162.191.76	24	RW	None	2021-04-19 00:00:00	2021-07-19 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire (IP=76,DE) | updated by RW Block expiration extended with reason INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=76,DE)
139.162.194.115	24	BMP	None	2021-04-02 00:00:00	2021-07-01 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=115,GB)
139.162.196.96	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	GB TO-S-2020-0493 Malware Activity
139.162.197.170	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	GB TO-S-2020-0493 Malware Activity
139.162.20.166	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	SG TO-S-2020-0750 Malicious Email Activity
139.162.202.229	32	wmp	None	2021-06-15 00:00:00	2021-09-15 00:00:00	None	ArcSight High Attacker (IP=229,GB) | updated by wmp Block was inactive. Reactivated on 20210615 with reason ArcSight ESM High Attacker Suspicious Scan Activity (IP=229,GB) ArcSight ESM High Attacker Suspicious Scan Activity (IP=229,GB)
139.162.202.229	32	wmp	None	2021-03-11 00:00:00	2021-09-15 00:00:00	None	ArcSight High Attacker (IP=229,GB) | updated by wmp Block was inactive. Reactivated on 20210615 with reason ArcSight ESM High Attacker Suspicious Scan Activity (IP=229,GB) ArcSight ESM High Attacker Suspicious Scan Activity (IP=229,GB)
139.162.202.23	32	kmw	None	2020-01-02 00:00:00	2021-01-02 00:00:00	None	GB TO-S-2020-0228 Malicious Web Application Activity
139.162.202.236	32	kmw	None	2020-01-02 00:00:00	2021-01-02 00:00:00	None	GB TO-S-2020-0228 Malicious Web Application Activity
139.162.203.105	24	RW	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Sourcefire (IP=105,UK)
139.162.235.160	24	BMP	None	2021-01-11 00:00:00	2021-04-11 00:00:00	None	Backdoor.TROCHILUS - Hive Case 4744 (IP=160,GB)
139.162.242.111	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	GB TO-S-2020-0459 Malware Activity
139.162.243.162	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	GB Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
139.162.245.206	24	BMP	None	2021-03-13 00:00:00	2021-06-11 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=206,GB)
139.162.246.7	32	wmp	None	2021-06-15 00:00:00	2021-09-15 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=7,GB)
139.162.247.102	32	wmp	None	2021-06-10 00:00:00	2021-09-10 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=102,GB)
139.162.25.145	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=145,SG)
139.162.254.78	32	wmp	None	2021-06-15 00:00:00	2021-09-15 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=78,GB)
139.162.28.253	24	EE	None	2021-03-03 00:00:00	2021-06-02 00:00:00	None	SERVER-WEBAPP LifeRay arbitrary Java object deserialization attempt - Web Attacks (IP=253,SG)
139.162.28.253	24	DT	None	2021-03-03 00:00:00	2021-06-02 00:00:00	None	SERVER-WEBAPP LifeRay arbitrary Java object deserialization attempt - Sourcefire (IP=253,sg)
139.162.29.219	24	RB	None	2021-03-11 00:00:00	2021-06-09 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=219,SG)
139.162.31.48	24	EE	None	2021-03-28 00:00:00	2021-06-26 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks(IP=48,SG)
139.162.32.0	19	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	SG TO-S-2020-0750 Malicious Email Activity
139.162.72.47	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	JP TO-S-2021-1007 Malicious Email Activity
139.162.75.91	32	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	JP TO-S-2020-0315 Malicious Email Activity
139.167.189.46	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	IN TO-S-2021-0876 Hive Case 4166 Malware Activity
139.177.191.185	24	RW	None	2021-04-02 00:00:00	2021-07-02 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability - 6hr web attacks (IP=185,SG)
139.177.193.88	24	CR	None	2021-04-28 00:00:00	2021-07-28 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attemp - Sourcefire (IP=88,CA)
139.177.193.88	24	CR	None	2021-04-28 00:00:00	2021-07-28 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attemp - Sourcefire (IP=88,CA)
139.177.194.10	24	ZH	None	2021-07-05 00:00:00	2021-10-03 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire Rpt (IP=10,CA)
139.177.195.82	24	ZH	None	2021-07-05 00:00:00	2021-10-03 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire Rpt (IP=82,CA)
139.180.128.184	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	SG TO-S-2020-0750 Malicious Email Activity
139.180.133.181	32	wmp	None	2020-10-22 00:00:00	2021-01-20 00:00:00	None	HIVE Case #4172 CTO-20-295 (IP=181,SG)
139.180.138.139	24	RR	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=139,SG)
139.180.144.217	32	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	SG TO-S-2020-0315 Malware Activity
139.180.191.114	24	GM	None	2021-03-11 00:00:00	2021-06-11 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=114,SG)
139.180.191.114	24	GM	None	2021-03-11 00:00:00	2021-06-11 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=114,SG)
139.180.191.114	24	GM	None	2021-03-11 00:00:00	2021-06-11 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=114,SG)
139.180.213.174	32	NAB	None	2020-10-30 00:00:00	2021-01-28 00:00:00	None	HIVE Case #4238 COLS-NA-TIP-20-0344 (IP=174,SG)
139.180.213.59	32	dbc	None	2020-05-13 00:00:00	2021-05-13 00:00:00	None	SG TO-S-2020-0503 Malicious Email Activity
139.180.219.205	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	SG Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
139.186.122.74	24	EE	None	2021-04-13 00:00:00	2021-07-12 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attack (IP=74,CN)
139.186.151.48	24	BMP	None	2021-03-27 00:00:00	2021-06-25 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=48,CN)
139.190.238.75	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=75,PK)
139.195.31.134	24	ZH	None	2021-08-29 00:00:00	2021-11-27 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt (1:19559:13) - Sourcefire (IP=134,ID)
139.195.52.240	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	ID TO-S-2020-0331 Malicious Web Application Activity
139.196.100.99	24	DT	None	2021-04-13 00:00:00	2021-07-12 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr web attacks (IP=99,CN)
139.196.120.124	24	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	TCP: SYN Host Sweep (IP=124,CN)
139.196.141.28	24	RR	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=28,CN)
139.196.161.84	32	wmp	None	2021-01-29 00:00:00	2021-04-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=84,CN)
139.196.163.182	24	BMP	None	2020-12-13 00:00:00	2021-03-13 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=182,CN)
139.196.184.136	24	DT	None	2021-09-06 00:00:00	2021-12-05 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=136,CN)
139.196.221.41	24	RR	None	2021-06-14 00:00:00	2021-09-12 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - SourceFire (IP=41,CN)
139.196.240.47	24	RR	None	2021-04-15 00:00:00	2021-07-14 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=47,CN)
139.196.34.228	32	RT	None	2021-09-26 00:00:00	2021-12-25 00:00:00	None	FTKNOX_HRC_IPS - TT# 21C01959 (IP=228,US)
139.196.54.126	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=126,CN)
139.196.82.173	24	BMP	None	2021-03-30 00:00:00	2021-06-28 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=173,CN)
139.198.126.22	32	FT	None	2020-10-31 00:00:00	2021-01-31 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Atacks (IP=22,CN)
139.198.19.70	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=70,CN)
139.198.26.62	24	KD	None	2021-09-14 00:00:00	2021-12-13 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability- 6HR WebAttack (IP=62,CN)
139.198.29.122	24	RW	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Sourcefire (IP=122,CN)
139.199.141.63	24	ZH	None	2021-06-24 00:00:00	2021-09-22 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=63,CN) | updated by ZH Block was inactive. Reactivated on 20210624 with reason HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr web attacks (IP=63,CN) HTTP: PHPUnit
139.199.141.63	24	BMP	None	2021-03-13 00:00:00	2021-09-22 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=63,CN) | updated by ZH Block was inactive. Reactivated on 20210624 with reason HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr web attacks (IP=63,CN) HTTP: PHPUnit
139.199.22.202	32	wmp	None	2021-05-27 00:00:00	2021-08-27 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=202,CN)
139.199.22.202	24	SW	None	2021-05-27 00:00:00	2021-08-25 00:00:00	None	Hello Peppa Scan - IPS Event (IP=202,CN)
139.199.36.88	24	GM	None	2021-03-04 00:00:00	2021-06-05 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=88,CN)
139.199.37.54	24	RR	None	2020-10-09 00:00:00	2021-01-07 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=54,CN)
139.199.37.54	32	FT	None	2020-10-18 00:00:00	2021-01-18 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) TT# 21C00147 (IP=54,CN)
139.199.65.226	24	RW	None	2021-06-01 00:00:00	2021-08-30 00:00:00	None	MALWARE-BACKDOOR JSP webshell backdoor detected (IP=226,CN) | updated by RR with reason SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt (IP=226,CN) | updated by KF Block was inactive. Reactivated on 20200508 with reason
139.199.65.226	24	RW	None	2021-06-01 00:00:00	2021-08-30 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=226,CN)
139.199.65.226	24	RR	None	2018-12-08 06:00:00	2021-08-30 00:00:00	None	MALWARE-BACKDOOR JSP webshell backdoor detected (IP=226,CN) | updated by RR with reason SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt (IP=226,CN) | updated by KF Block was inactive. Reactivated on 20200508 with reason
139.205.226.26	32	wmp	None	2021-02-05 00:00:00	2021-05-05 00:00:00	None	Firepower Suspicious Scan Activty (IP=26,CN)
139.205.226.26	32	wmp	None	2021-02-05 00:00:00	2021-05-05 00:00:00	None	Firepower Suspicious Scan Activty (IP=26,CN)
139.217.134.138	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	CN Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
139.217.203.190	24	FT	None	2021-03-20 00:00:00	2021-06-18 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=190,CN)
139.217.235.91	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	CN TO-S-2020-0698 Malicious Reconnaissance Activity
139.217.84.94	32	nab	None	2021-07-23 00:00:00	2021-10-23 00:00:00	None	HIVE Case #NA SSH Brute Force Attempt (IP=94,CN)
139.217.84.94	24	RR	None	2021-07-23 00:00:00	2021-10-21 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - SSH Scans (IP=94,CN)
139.224.104.121	24	AR	None	2021-09-18 00:00:00	2021-12-21 00:00:00	None	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - TT#21C01885 (IP=121,CN)
139.224.136.69	24	BB	None	2021-08-17 00:00:00	2021-11-15 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=69,CN)
139.224.163.0	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=0,CN)
139.224.210.153	24	RB	None	2021-04-06 00:00:00	2021-07-05 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=153,CN)
139.224.72.224	32	wmp	None	2021-02-11 00:00:00	2021-05-11 00:00:00	None	Firepower Suspicious Scan Activity (IP=224,CN)
139.224.81.158	24	KD	None	2021-06-11 00:00:00	2021-09-10 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt (1:51395:1)- Source fire (IP=158,CN)
139.227.46.137	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=137,CN)
139.227.47.249	24	KH	None	2021-07-27 00:00:00	2021-10-25 00:00:00	None	Generic URI Injection wget Attempt - FE IPS (IP=249,CN)
139.255.149.122	24	KD	None	2021-06-03 00:00:00	2021-09-03 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt (1:19559:13) - Source Fire (IP=122,ID)
139.255.24.250	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	ID TO-S-2020-0303 Malicious Email Activity
139.255.64.0	19	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	ID TO-S-2020-0838 Malware Activity
139.28.219.236	24	RW	None	2021-05-15 00:00:00	2021-08-13 00:00:00	None	SQL injection - Web Attacks (IP=236,FR)
139.45.195.114	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=114,undefined)
139.45.196.3	32	NAB	None	2021-02-16 00:00:00	2021-05-17 00:00:00	None	HIVE Case #NA FP Security (IP=3,GB)
139.45.196.67	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	NL Hive Case 4187 TO-S-2021-0898 Malware Activity
139.5.146.80	24	DT	None	2021-04-09 00:00:00	2021-07-08 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=80,TH)
139.5.147.0	24	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	TH Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
139.5.220.0	22	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	IN TO-S-2020-0298 Malicious Email Activity
139.59.119.86	24	FT	None	2021-04-24 00:00:00	2021-07-24 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - 6hr web attacks (IP=86,SG)
139.59.126.170	24	CR	None	2021-05-06 00:00:00	2021-08-04 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability - 6 hr web attack (IP=170,SG)
139.59.127.91	24	EE	None	2021-03-28 00:00:00	2021-06-26 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks(IP=91,SG)
139.59.129.96	24	DT	None	2021-03-25 00:00:00	2021-06-23 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=96,DE)
139.59.142.25	24	RB	None	2021-04-06 00:00:00	2021-07-05 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=25,DE)
139.59.143.222	24	DT	None	2021-03-30 00:00:00	2021-06-28 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=222,DE)
139.59.145.232	32	wmp	None	2021-02-08 00:00:00	2021-05-08 00:00:00	None	Firepower Suspicious Scan Activity (IP=232,DE)
139.59.146.186	24	BMP	None	2021-05-13 00:00:00	2021-09-04 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=186,DE) | updated by BMP Block expiration extended with reason HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=186,DE) HTTP: ThinkPHP CMS Getshell Vulnerability -
139.59.146.186	24	RB	None	2021-03-24 00:00:00	2021-09-04 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=186,DE) | updated by BMP Block expiration extended with reason HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=186,DE) HTTP: ThinkPHP CMS Getshell Vulnerability -
139.59.146.186	24	KD	None	2021-06-03 00:00:00	2021-09-04 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=186,DE) | updated by BMP Block expiration extended with reason HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=186,DE) HTTP: ThinkPHP CMS Getshell Vulnerability -
139.59.146.186	32	AR	None	2021-08-28 00:00:00	2021-11-26 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) TT# 21C01632 (IP=186,US)
139.59.146.186	32	AR	None	2021-08-28 00:00:00	2021-11-26 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) TT# 21C01632 (IP=186,US) HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) TT# 21C01632 (IP=186,US)
139.59.146.186	24	GM	None	2021-03-24 00:00:00	2021-09-04 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=186,DE) | updated by BMP Block expiration extended with reason HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=186,DE) HTTP: ThinkPHP CMS Getshell Vulnerability -
139.59.146.186	24	RW	None	2021-05-20 00:00:00	2021-09-04 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=186,DE) | updated by BMP Block expiration extended with reason HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=186,DE) HTTP: ThinkPHP CMS Getshell Vulnerability -
139.59.150.48	24	BMP	None	2021-05-10 00:00:00	2021-08-08 00:00:00	None	Malware Object Download - FireEye Web (IP=48,DE)
139.59.150.48	24	BMP	None	2021-05-10 00:00:00	2021-08-08 00:00:00	None	Malware Object Download - FireEye Web (IP=48,DE) Malware Object Download - FireEye Web (IP=48,DE)
139.59.150.74	24	RW	None	2021-03-13 00:00:00	2021-06-13 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=11,DE)
139.59.151.85	32	wmp	None	2021-02-05 00:00:00	2021-05-05 00:00:00	None	Firepower Suspicious Scan Activty (IP=85,DE)
139.59.157.29	24	CR	None	2021-04-30 00:00:00	2021-07-30 00:00:00	None	HTTP SQL injection_Web Attack Report (IP=29,DE)
139.59.159.128	24	wmp	None	2021-04-30 00:00:00	2021-07-30 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=128,DE)
139.59.167.79	24	CR	None	2021-04-28 00:00:00	2021-07-28 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attemp - Sourcefire (IP=79,GB)
139.59.167.79	24	CR	None	2021-04-28 00:00:00	2021-07-28 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attemp - Sourcefire (IP=79,GB)
139.59.170.240	24	CR	None	2021-04-28 00:00:00	2021-07-28 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attemp - Sourcefire (IP=240,GB)
139.59.170.240	24	CR	None	2021-04-28 00:00:00	2021-07-28 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attemp - Sourcefire (IP=240,GB)
139.59.173.144	32	GLM	None	2021-04-04 00:00:00	2021-07-03 00:00:00	None	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - TT # 21C00924 (IP=144,GB)
139.59.175.137	24	CR	None	2021-04-28 00:00:00	2021-07-28 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=137,GB)
139.59.175.137	24	CR	None	2021-04-28 00:00:00	2021-07-28 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=137,GB)
139.59.179.181	24	ZH	None	2021-07-05 00:00:00	2021-10-03 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire Rpt (IP=181,CA)
139.59.181.255	24	GLM	None	2021-04-04 00:00:00	2021-07-03 00:00:00	None	HTTP: Apache mod_cgi Bash Environment Variable Code Injection - Web Attacks (IP=255,GB)
139.59.181.255	32	GLM	None	2021-04-04 00:00:00	2021-07-03 00:00:00	None	HTTP: Apache Struts2 XML Deserialization Remote Code Execution (CVE-2017-9805) - TT # 21C00922 (IP=255,GB)
139.59.185.72	24	EE	None	2021-04-04 00:00:00	2021-07-03 00:00:00	None	HTTP: Apache Struts2 Remote Command Execution Vulnerability TT# 21C00962 (IP=72,GB)
139.59.187.185	24	EE	None	2021-03-27 00:00:00	2021-06-25 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=185,GB)
139.59.187.185	24	EE	None	2021-03-27 00:00:00	2021-06-25 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=185,GB)
139.59.188.18	24	GLM	None	2021-04-04 00:00:00	2021-07-03 00:00:00	None	HTTP: SQL Injection - Exploit - Web Attacks (IP=18,GB)
139.59.188.18	32	GLM	None	2021-04-04 00:00:00	2021-07-03 00:00:00	None	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - TT # 21C00926 (IP=18,GB)
139.59.191.232	24	DT	None	2021-03-25 00:00:00	2021-06-23 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=232,GB)
139.59.2.188	24	BMP	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=188,IN)
139.59.21.157	24	RW	None	2021-05-09 00:00:00	2021-08-09 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=157,IN)
139.59.214.129	24	BMP	None	2021-05-11 00:00:00	2021-08-09 00:00:00	None	SQL injection - 6hr Web Attacks (IP=129,DE)
139.59.224.172	24	EE	None	2021-04-19 00:00:00	2021-07-19 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire (IP=172,SG) | updated by RW Block expiration extended with reason INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=172,S
139.59.224.172	24	RW	None	2021-04-19 00:00:00	2021-07-19 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire (IP=172,SG) | updated by RW Block expiration extended with reason INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=172,S
139.59.230.97	24	EE	None	2021-03-27 00:00:00	2021-06-25 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=97,SG)
139.59.232.245	24	RR	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=245,SG)
139.59.236.157	24	RR	None	2021-05-31 00:00:00	2021-08-29 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=157,SG)
139.59.236.157	32	wmp	None	2021-05-13 00:00:00	2021-08-13 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=157,SG)
139.59.242.84	24	BMP	None	2021-04-10 00:00:00	2021-07-10 00:00:00	None	CitrixNetScalerGateway - Hive Case 5233 (IP=84,SG) | updated by RW Block expiration extended with reason SERVER-WEBAPP Ulterius web server directory traversal attempt - Sourcefire (IP=84,SG) SERVER-WEBAPP Ulterius web server directory traversal attempt
139.59.242.84	24	RW	None	2021-04-10 00:00:00	2021-07-10 00:00:00	None	CitrixNetScalerGateway - Hive Case 5233 (IP=84,SG) | updated by RW Block expiration extended with reason SERVER-WEBAPP Ulterius web server directory traversal attempt - Sourcefire (IP=84,SG) SERVER-WEBAPP Ulterius web server directory traversal attempt
139.59.243.116	24	DT	None	2021-03-21 00:00:00	2021-06-19 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=79,SG)
139.59.244.186	24	EE	None	2021-03-19 00:00:00	2021-06-17 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=186,SG)
139.59.248.159	24	GM	None	2021-03-29 00:00:00	2021-06-29 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=159,SG)
139.59.251.214	24	RB	None	2021-04-13 00:00:00	2021-07-12 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - 6hr web attacks (IP=214,SG)
139.59.29.37	24	RR	None	2021-04-01 00:00:00	2021-06-30 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt -SourceFire (IP=37,IN)
139.59.30.115	24	RR	None	2020-12-04 00:00:00	2021-03-04 00:00:00	None	SQL 1 = 1 - possible sql injection attempt - SourceFire (IP=115,IN)
139.59.30.205	32	srm	None	2021-05-11 00:00:00	2021-08-09 00:00:00	None	Firepower Suspicious Scan Activity (IP=205,IN)
139.59.38.122	24	RR	None	2021-05-23 00:00:00	2021-08-21 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=122,IN)
139.59.42.108	24	BMP	None	2021-03-30 00:00:00	2021-06-28 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=108,IN)
139.59.46.174	24	RW	None	2021-05-02 00:00:00	2021-08-02 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=174,IN)
139.59.59.99	24	WR	None	2021-05-26 00:00:00	2021-08-24 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6 hr web attacks (IP=99, IN)
139.59.59.99	24	WR	None	2021-05-26 00:00:00	2021-08-24 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6 hr web attacks (IP=99, IN)
139.59.6.58	24	GM	None	2021-04-03 00:00:00	2021-07-03 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=58,IN)
139.59.61.51	24	RB	None	2021-04-05 00:00:00	2021-07-04 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - SourceFire (IP=51,IN)
139.59.62.109	24	BMP	None	2021-02-16 00:00:00	2021-05-15 00:00:00	None	SERVER-WEBAPP Cisco Ultra Services Framework command injection attempt - 6hr Web Attacks (IP=109,IN)
139.59.63.126	24	RW	None	2021-05-09 00:00:00	2021-08-09 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=126,IN)
139.59.64.91	24	RR	None	2021-02-20 00:00:00	2021-05-21 00:00:00	None	SERVER-WEBAPP JBoss admin-console access - SourceFire (IP=91,IN)
139.59.71.173	24	CR	None	2021-05-06 00:00:00	2021-08-06 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=173,IN)
139.59.78.47	32	RR	None	2020-09-01 00:00:00	2021-04-06 00:00:00	None	HTTP: Apache Struts 2 Remote Code Execution (CVE-2017-5638) - TT# 20C03805 (IP=47,IN) | updated by GM Block was inactive. Reactivated on 20210106 with reason HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - TT # 21C00385 (IP=47,IN)
139.59.81.90	24	CR	None	2021-04-28 00:00:00	2021-07-28 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attemp - Sourcefire (IP=90,IN)
139.59.81.90	24	CR	None	2021-04-28 00:00:00	2021-07-28 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attemp - Sourcefire (IP=90,IN)
139.59.82.168	24	ZH	None	2021-06-27 00:00:00	2021-09-25 00:00:00	None	SERVER-WEBAPP DrayTek multiple products command injection attempt (1:53589:2) - Sourcefire Rpt (IP=168,IN)
139.59.82.243	24	GM	None	2021-03-11 00:00:00	2021-06-11 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=243,IN)
139.59.82.243	24	GM	None	2021-03-11 00:00:00	2021-06-11 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=243,IN)
139.59.82.243	24	GM	None	2021-03-11 00:00:00	2021-06-11 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=243,IN)
139.59.84.189	24	RR	None	2021-05-22 00:00:00	2021-08-20 00:00:00	None	FTP Login Failed - Failed Logons (IP=189,IN)
139.59.85.190	24	KD	None	2021-06-08 00:00:00	2021-09-07 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerabilityt- Web Attacks (IP=190,IN)
139.59.9.61	32	srm	None	2021-05-11 00:00:00	2021-08-09 00:00:00	None	Firepower Suspicious Scan Activity (IP=61,IN)
139.59.91.112	24	EE	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire (IP=112,IN)
139.59.98.176	32	wmp	None	2021-05-21 00:00:00	2021-08-21 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=176,SG)
139.60.184.102	24	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=102,PR)
139.64.245.88	24	GM	None	2020-12-19 00:00:00	2021-03-19 00:00:00	None	HTTP SQL Injection Attempt - Web Attacks (IP=88,CA)
139.9.123.121	32	KH	None	2021-09-29 00:00:00	2021-12-28 00:00:00	None	FTKNOX_HRC_IPS - TT# 21C02008 (IP=121,CN)
139.9.123.121	32	KH	None	2021-09-29 00:00:00	2021-12-28 00:00:00	None	FTKNOX_HRC_IPS - TT# 21C02008 (IP=121,CN)
139.9.123.121	32	KH	None	2021-09-29 00:00:00	2021-12-28 00:00:00	None	FTKNOX_HRC_IPS - TT# 21C02008 (IP=121,CN)
139.9.123.121	32	KH	None	2021-09-29 00:00:00	2021-12-28 00:00:00	None	FTKNOX_HRC_IPS - TT# 21C02008 (IP=121,CN)
139.9.123.121	32	KH	None	2021-09-29 00:00:00	2021-12-28 00:00:00	None	FTKNOX_HRC_IPS - TT# 21C02008 (IP=121,CN)
139.9.151.231	24	RB	None	2021-03-18 00:00:00	2021-06-16 00:00:00	None	SERVER-WEBAPP JBoss admin-console access - Sourcefire (IP=231,CN)
139.9.173.7	24	BB	None	2021-08-07 00:00:00	2021-11-05 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=7,CN)
139.9.198.174	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=174,CN)
139.9.202.125	24	BMP	None	2021-06-01 00:00:00	2021-08-30 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=125,CN)
139.9.202.125	24	BMP	None	2021-06-01 00:00:00	2021-08-30 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=125,CN)
139.9.66.224	24	KD	None	2021-06-10 00:00:00	2021-09-11 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - Source Fire (IP=224,CN)
139.9.75.6	24	RR	None	2021-03-04 00:00:00	2021-06-02 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=6,CN)
139.9.92.188	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=188,CN)
139.91.183.79	24	EE	None	2021-03-27 00:00:00	2021-06-25 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=79,GR)
139.99.103.70	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	SG TO-S-2020-0750 Malicious Email Activity
139.99.115.204	17	CJC	None	2020-12-13 00:00:00	2021-12-13 00:00:00	None	Hive Case # 4481 - FireEye Blog IP related to SunBurst Backdoor (IP=204,SG)
139.99.133.186	24	DT	None	2021-03-14 00:00:00	2021-06-14 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=186,AU)
139.99.137.192	32	wmp	None	2021-04-19 00:00:00	2021-07-19 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=192,AU)
139.99.138.251	32	wmp	None	2020-08-20 00:00:00	2021-10-21 00:00:00	None	HIVE Case #3601 COLS-NA-TIP-20-0260 (IP=251,AU) | updated by dbc Block expiration extended with reason AU TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
139.99.144.53	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	AU TO-S-2020-0493 Malware Activity
139.99.157.213	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	AU TO-S-2021-0876 Hive Case 4166 Malware Activity
139.99.167.177	24	EE	None	2021-06-29 00:00:00	2021-09-27 00:00:00	None	HIVE Case #5669 IOC_ Nobelium (IP=177,AU)
139.99.186.165	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	AU TO-S-2020-0303 Malicious Email Activity
139.99.22.94	32	dbc	None	2020-03-24 00:00:00	2021-03-24 00:00:00	None	SG TO-S-2020-0369 Malicious Email Activity
139.99.33.151	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	SG Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
139.99.9.198	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	SG TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
14.102.17.222	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	IN TO-S-2020-0303 Malicious Email Activity
14.102.18.188	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	IN TO-S-2020-0303 Malicious Email Activity
14.102.44.156	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	IN TO-S-2020-0331 Malicious Web Application Activity
14.102.49.28	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	IN TO-S-2020-0331 Malicious Web Application Activity
14.102.93.178	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	IN Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
14.102.94.83	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	IN Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
14.102.97.204	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=204,IN)
14.105.94.178	24	RR	None	2021-06-06 00:00:00	2021-09-04 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=178,CN)
14.105.94.37	24	BMP	None	2021-03-23 00:00:00	2021-06-21 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=37,CN)
14.106.242.190	24	CR	None	2021-05-18 00:00:00	2021-08-16 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability - Web Attacks (IP=190,CN)
14.106.244.90	24	UA	None	2021-05-20 00:00:00	2021-08-19 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=90,CN)
14.106.245.197	24	BMP	None	2021-05-08 00:00:00	2021-08-07 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - 6hr Web Attacks (IP=197,CN)
14.12.49.64	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	JP Hive Case 4237 TO-S-2021-0910 Malware Activity
14.135.120.21	24	CW	None	2019-10-24 00:00:00	2021-04-26 00:00:00	None	Generic ArcSight scan attempt (IP=21,CN) | updated by EE Block was inactive. Reactivated on 20210126 with reason INDICATOR-SCAN DNS (1:42785:4) - Sourcefire (IP=21,CN)
14.136.94.164	24	RR	None	2021-05-19 00:00:00	2021-08-17 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - SourceFire (IP=164,HK)
14.139.160.211	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	IN TO-S-2020-0535 Malicious Email Activity
14.139.160.213	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	IN TO-S-2020-0535 Malicious Email Activity
14.139.180.87	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	IN TO-S-2020-0535 Malicious Email Activity
14.139.186.14	24	FT	None	2020-11-25 00:00:00	2021-02-25 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - 6hr web attacks (IP=186,IN)
14.139.224.0	19	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,IN)
14.141.87.51	24	RW	None	2021-03-08 00:00:00	2021-06-08 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=51,IN)
14.152.34.77	24	GM	None	2021-04-02 00:00:00	2021-07-02 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=77,CN)
14.161.120.120	32	wmp	None	2021-01-27 00:00:00	2021-04-27 00:00:00	None	Firepower Suspicious Scan Activity (IP=120,VN)
14.161.48.201	32	srm	None	2021-01-28 00:00:00	2021-04-28 00:00:00	None	Firepower Suspicious Scan Activity (IP=201,VN)
14.163.85.228	24	RW	None	2021-04-28 00:00:00	2021-07-28 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6 hr failed logons (IP=228,PK)
14.165.242.213	24	KD	None	2021-09-01 00:00:00	2021-11-30 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt -6hr Failed Logons (IP=213,VN)
14.166.125.26	24	KD	None	2021-09-05 00:00:00	2021-12-04 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6hr Failed Logons (IP=26,VN)
14.170.154.192	24	RB	None	2021-04-27 00:00:00	2021-07-26 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt- Sourcefire (IP=192,VN)
14.170.154.192	24	RR	None	2021-04-27 00:00:00	2021-07-26 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - SourceFire (IP=192,VN)
14.170.59.81	24	KH	None	2021-06-30 00:00:00	2021-09-28 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt (1:19559:13) - SourceFire (IP=81,VN)
14.173.101.156	24	ZH	None	2021-07-15 00:00:00	2021-10-13 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6hr Failed Logons (IP=156,VN)
14.18.109.223	24	DT	None	2021-03-25 00:00:00	2021-06-23 00:00:00	None	TCP: SYN Host Sweep (IP=223,CN)
14.187.202.97	24	RT	None	2021-05-27 00:00:00	2021-08-25 00:00:00	None	Apache mod_cgi Bash Environment Variable Code Injection - 6 HR Web Attack (IP=97,VN) | updated by RT Block was inactive. Reactivated on 20210527 with reason POLICY-OTHER PHP uri tag injection attempt - Sourcefire Report (IP=97,VN) POLICY-OTHER PHP uri
14.187.202.97	24	EE HTTP:	None	2021-01-26 00:00:00	2021-08-25 00:00:00	None	Apache mod_cgi Bash Environment Variable Code Injection - 6 HR Web Attack (IP=97,VN) | updated by RT Block was inactive. Reactivated on 20210527 with reason POLICY-OTHER PHP uri tag injection attempt - Sourcefire Report (IP=97,VN) POLICY-OTHER PHP uri
14.187.202.97	24	RW	None	2021-01-26 00:00:00	2021-08-25 00:00:00	None	Apache mod_cgi Bash Environment Variable Code Injection - 6 HR Web Attack (IP=97,VN) | updated by RT Block was inactive. Reactivated on 20210527 with reason POLICY-OTHER PHP uri tag injection attempt - Sourcefire Report (IP=97,VN) POLICY-OTHER PHP uri
14.199.190.88	24	RR	None	2021-06-07 00:00:00	2021-09-05 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - Web Attacks (IP=88,HK)
14.200.148.87	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	AU TO-S-2020-0331 Malicious Web Application Activity
14.201.11.188	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	AU TO-S-2020-0493 Malware Activity
14.202.114.46	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	AU TO-S-2020-0298 Malicious Email Activity
14.202.150.6	24	EE	None	2021-03-27 00:00:00	2021-06-25 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=6,AU)
14.207.126.161	32	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	TH TO-S-2020-0838 Malware Activity
14.207.203.65	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	TH TO-S-2020-0331 Malicious Web Application Activity
14.207.75.228	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	TH TO-S-2020-0298 Malicious Email Activity
14.22.240.0	21	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	VN TO-S-2020-0298 Malicious Email Activity
14.224.128.0	20	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=0,VN)
14.226.240.0	21	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	VN TO-S-2020-0298 Malicious Email Activity
14.227.201.55	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	VN Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
14.228.104.0	21	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,VN)
14.228.139.37	32	TLM	None	2021-06-10 00:00:00	2021-12-10 00:00:00	None	HIVE CASE #5606 TO-S-2021-1338
14.228.241.0	32	srm	None	2021-04-07 00:00:00	2021-07-07 00:00:00	None	Firepower Suspicious Scan Activity (IP=0,VN)
14.229.202.177	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	VN Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
14.229.47.25	24	EE	None	2021-03-27 00:00:00	2021-06-25 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - Failed Logon (IP=25,VN)
14.229.92.200	24	EE	None	2021-01-13 00:00:00	2021-04-13 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt (1:19559:13) - SOURCEFIRE (IP=200,VN)
14.23.106.202	24	RR	None	2020-10-20 00:00:00	2021-01-18 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=202,CN)
14.231.128.0	20	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5629 TO-S-2021-1303 (IP=0,VN)
14.231.132.153	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	VN TO-S-2020-0331 Malicious Web Application Activity
14.232.132.14	24	RR	None	2021-06-21 00:00:00	2021-09-19 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - Failed Logns (IP=14,VN)
14.232.33.212	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=212,VN)
14.233.94.75	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	VN Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
14.234.144.0	20	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	VN TO-S-2021-0876 Hive Case 4166 Malware Activity
14.234.85.118	24	EE	None	2021-02-07 00:00:00	2021-05-08 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6 HR Failed Logons (IP=118,VN)
14.236.80.0	20	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	VN TO-S-2021-0876 Hive Case 4166 Malicious Web Application Activity
14.240.121.121	32	wmp	None	2021-05-28 00:00:00	2021-08-28 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=121,VN)
14.240.166.66	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	VN TO-S-2020-0331 Malicious Web Application Activity
14.241.112.0	20	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,VN)
14.241.185.197	24	WR	None	2021-06-23 00:00:00	2021-09-21 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt (1:19559:13) - Sourcefire Report (IP=197,VN)
14.241.209.27	32	wmp	None	2021-01-27 00:00:00	2021-04-27 00:00:00	None	Firepower Suspicious Scan Activity (IP=27,VN)
14.241.239.2	32	wmp	None	2021-01-27 00:00:00	2021-04-27 00:00:00	None	Firepower Suspicious Scan Activity (IP=2,VN)
14.241.240.0	20	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,VN)
14.241.90.33	24	EEI	None	2021-01-26 00:00:00	2021-04-26 00:00:00	None	NDICATOR-SCAN SSH brute force login attempt - 6 HR Failed Logons (IP=33,VN)
14.242.115.240	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	VN Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
14.242.151.92	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	VN TO-S-2020-0331 Malicious Web Application Activity
14.243.16.0	20	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	VN TO-S-2020-0750 Malicious Email Activity
14.245.112.0	20	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,VN)
14.245.80.0	20	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,VN)
14.245.96.0	20	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	VN TO-S-2021-1007 Malware Activity
14.246.111.148	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	VN TO-S-2020-0331 Malicious Web Application Activity
14.246.176.0	20	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=0,VN)
14.246.233.101	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	VN Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
14.246.52.65	24	BMP	None	2020-11-14 00:00:00	2021-02-22 00:00:00	None	FTP Login Failed - 6hr Failed Logons (IP=65,VN)
14.246.64.0	20	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	VN Hive Case 4237 TO-S-2021-0910 Malware Activity
14.247.32.0	20	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	VN TO-S-2020-0298 Malicious Email Activity
14.248.110.134	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=134,VN)
14.248.157.38	32	jkc	None	2021-04-21 00:00:00	2021-10-21 00:00:00	None	Case # 5273 IOC_TO-S-2021-1233 Malicious callback IP
14.248.160.0	20	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	VN Hive Case 4187 TO-S-2021-0898 Malware Activity
14.248.62.130	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	VN Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
14.249.224.0	20	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	VN TO-S-2021-0876 Hive Case 4166 Malicious Web Application Activity
14.249.64.214	24	BMP	None	2021-03-16 00:00:00	2021-06-14 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6hr Failed Logons (IP=214,VN)
14.250.128.0	20	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5629 TO-S-2021-1303 (IP=0,VN)
14.250.45.46	24	BMP	None	2021-03-08 00:00:00	2021-06-08 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6hr Failed Logons (IP=46,VN)
14.251.142.85	24	BMP	None	2021-01-14 00:00:00	2021-04-14 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6hr Failed Logons (IP=85,VN)
14.251.205.3	24	RR	None	2021-05-31 00:00:00	2021-08-29 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - Failed Logons (IP=3,VN)
14.254.0.0	19	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	VN TO-S-2021-0876 Hive Case 4166 Malware Activity
14.254.33.111	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	VN TO-S-2020-0331 Malicious Web Application Activity
14.254.96.0	19	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=0,VN)
14.255.16.198	32	jkc	None	2021-04-21 00:00:00	2021-10-21 00:00:00	None	Case # 5273 IOC_TO-S-2021-1233 Malicious callback IP
14.29.254.1	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepwer Suspicious Scan Activity (IP=1,CN)
14.49.37.210	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	KR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
14.55.121.238	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	KR TO-S-2020-0298 Malicious Email Activity
14.63.168.98	32	TLM	None	2021-06-17 00:00:00	2021-12-17 00:00:00	None	HIVE Case #5644 TO-S-2021-1352 (IP=98,KR)
14.63.174.196	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=196,KR)
14.63.218.195	24	RB	None	2020-10-07 00:00:00	2021-01-05 00:00:00	None	Hello Peppa Scan - 6hr web attacks (IP=195,KR)
14.98.161.0	24	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	IN Hive Case 4237 TO-S-2021-0910 Malware Activity
14.98.19.205	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	IN TO-S-2020-0535 Malicious Email Activity
14.98.201.98	32	dbc	None	2020-01-08 00:00:00	2021-01-08 00:00:00	None	IN TO-S-2020-0236 Malicious Reconnaissance Activity
140.112.36.193	24	EE	None	2021-02-07 00:00:00	2021-05-08 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt - SourceFire (IP=192,TW)
140.118.175.200	24	BMP	None	2020-10-06 00:00:00	2021-01-06 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - 6hr Web Attacks (IP=200,TW)
140.143.16.21	24	AR	None	2021-07-19 00:00:00	2021-10-17 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=21,CN)
140.143.17.184	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=184,CN)
140.143.170.131	24	EE	None	2021-01-10 00:00:00	2021-04-10 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt (1:51395:1) - SourceFire (IP=131,CN)
140.143.193.243	32	wmp	None	2021-01-29 00:00:00	2021-04-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=243,CN)
140.143.201.52	24	EE	None	2020-12-29 00:00:00	2021-03-29 00:00:00	None	SERVER-WEBAPP vBulletin template rendering arbitrary PHP code execution attempt - 6 HR Web Attack (IP=52,CN)
140.143.64.191	32	srm	None	2021-04-07 00:00:00	2021-07-07 00:00:00	None	Firepower Suspicious Scan Activity (IP=191,CN)
140.148.225.123	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	MX TO-S-2020-0298 Malicious Email Activity
140.148.230.57	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	MX TO-S-2020-0298 Malicious Email Activity
140.203.155.137	24	EE	None	2021-03-19 00:00:00	2021-06-17 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP= 137,IE)
140.206.223.59	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=59,CN)
140.206.86.124	32	srm	None	2021-05-19 00:00:00	2021-08-17 00:00:00	None	Firepower Suspicious Scan Activity (IP=124,CN)
140.206.86.125	32	wmp	None	2021-05-28 00:00:00	2021-08-28 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=125,CN)
140.206.86.125	24	RW	None	2020-08-20 00:00:00	2021-10-13 00:00:00	None	SERVER-WEBAPP Zeroshell Linux Router command injection attempt - Sourcefire (IP=125,CN) | updated by RR Block was inactive. Reactivated on 20210715 with reason SERVER-WEBAPP Zeroshell Linux Router command injection attempt - Web Attacks (IP=125,CN)
140.210.90.75	32	srm	None	2021-02-05 00:00:00	2021-12-10 00:00:00	None	Firepower Suspicious Scan Activity (IP=75,CN) | updated by AR Block was inactive. Reactivated on 20210911 with reason HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 21C01820 (IP=75,US) HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 21C01820 (IP=75,US)
140.210.90.75	32	AR	None	2021-09-11 00:00:00	2021-12-10 00:00:00	None	Firepower Suspicious Scan Activity (IP=75,CN) | updated by AR Block was inactive. Reactivated on 20210911 with reason HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 21C01820 (IP=75,US) HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 21C01820 (IP=75,US)
140.210.90.91	24	RR	None	2021-05-05 00:00:00	2021-08-03 00:00:00	None	SSH User Authentication Brute Force Attempt - Failed Logons (IP=91,CN)
140.213.147.0	24	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	ID TO-S-2021-0876 Hive Case 4166 Malware Activity
140.238.177.83	32	srm	None	2021-02-05 00:00:00	2021-08-12 00:00:00	None	HIVE Case #Firepower Firepower (IP=83,BR) | updated by srm Block was inactive. Reactivated on 20210514 with reason Firepower Suspicious Scan Activity (IP=83,BR)
140.238.180.28	24	BMP	None	2021-03-27 00:00:00	2021-06-25 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=28,BR)
140.238.242.141	32	EE	None	2021-04-12 00:00:00	2021-07-11 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attack (IP=141,US)
140.238.243.4	24	DT	None	2021-04-05 00:00:00	2021-07-04 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=4,IN)
140.238.29.164	24	UA	None	2021-06-23 00:00:00	2021-09-21 00:00:00	None	Attempted Access - Inbound Brute Force - TT# 21C01358 (IP=164,KR)
140.249.20.167	32	srm	None	2021-04-07 00:00:00	2021-07-07 00:00:00	None	Firepower Suspicious Scan Activity (IP=167,CN)
140.249.50.137	24	KH	None	2021-09-05 00:00:00	2021-12-04 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=137,CN)
140.32.108.252	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=252,US)
140.82.114.9	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	DE TO-S-2020-0698 Malicious Email Activity
140.82.18.98	32	BMP	None	2021-04-02 00:00:00	2021-07-01 00:00:00	None	SQL injection - 6hr Web Attacks (IP=98,US)
140.82.18.98	24	DT	None	2021-04-04 00:00:00	2021-07-03 00:00:00	None	Self Report/Scan TT# 21C00977 (IP=98,US)
140.82.54.233	24	DT	None	2021-03-13 00:00:00	2021-06-13 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=233,FR)
140.82.57.84	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	NL TO-S-2020-0331 Malicious Email Activity
140.82.62.244	32	DT	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Unauthorized Access-Probe/UDP: Host Sweep - TT# 21C01007 (IP=244,US)
140.86.39.132	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	NL Hive Case 4237 TO-S-2021-0910 Malware Activity
141.0.202.242	32	dbc	None	2020-01-08 00:00:00	2021-01-08 00:00:00	None	FR TO-S-2020-0236 Malicious Email Activity
141.105.109.145	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	ES TO-S-2020-0303 Malicious Email Activity
141.134.198.167	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	BE TO-S-2020-0459 Malware Activity
141.136.64.0	19	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	AM TO-S-2020-0838 Malware Activity
141.138.142.126	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	NL TO-S-2020-0331 Malicious Email Activity
141.138.168.128	32	dbc	None	2020-05-13 00:00:00	2021-05-13 00:00:00	None	Unaffiliated TO-S-2020-0503 Malicious Email Activity
141.138.168.151	32	wmp	None	2020-08-31 00:00:00	2021-10-21 00:00:00	None	HIVE Case #3723 COLS-NA-TIP-20-0275 (IP=151,NL) | updated by dbc Block expiration extended with reason NL TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
141.138.168.154	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=154,NL)
141.197.8.144	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=144,US)
141.226.144.0	20	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	IL TO-S-2020-0303 Malicious Email Activity
141.239.236.27	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=27,US)
141.255.7.232	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	GR TO-S-2020-0303 Malicious Email Activity
141.255.93.117	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	GR TO-S-2020-0298 Malicious Email Activity
141.43.182.162	32	dbc	None	2020-06-08 00:00:00	2021-06-08 00:00:00	None	DE TO-S-2020-0592 Malicious Email Activity
141.98.10.221	24	EE	None	2021-03-03 00:00:00	2021-06-02 00:00:00	None	Unauthorized Access-Probe / UDP: Host Sweep - TT# 21C00551 (IP=221,LT)
141.98.11.0	24	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	LT Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
141.98.80.0	22	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	PA TO-S-2020-0459 Malware Activity
141.98.80.22	32	dbc	None	2020-03-24 00:00:00	2021-03-24 00:00:00	None	NL TO-S-2020-0369 Malware Activity
141.98.80.40	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	NL TO-S-2020-0303 Malicious Email Activity
141.98.80.58	24	RW	None	2021-06-25 00:00:00	2021-09-23 00:00:00	None	SQL injection - Web Attacks (IP=58,NL)
141.98.81.0	24	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	PA TO-S-2020-0298 Malicious Email Activity
141.98.83.104	24	BB	None	2021-07-16 00:00:00	2021-10-15 00:00:00	None	SERVER-OTHER OpenSSL TLSv1.1 heartbeat read overrun attempt - SourceFire (IP=104,PN) | updated by RW Block expiration extended with reason SERVER-OTHER OpenSSL TLSv1.1 heartbeat read overrun attempt (1:30524:5) - Sourcefire (IP=104,PA) SERVER-OTHER OpenSSL TLSv1.1 heartbeat read overrun attempt (1:30524:5) - Sourcefire (IP=104,PA)
141.98.83.104	24	RW	None	2021-07-17 00:00:00	2021-10-15 00:00:00	None	SERVER-OTHER OpenSSL TLSv1.1 heartbeat read overrun attempt - SourceFire (IP=104,PN) | updated by RW Block expiration extended with reason SERVER-OTHER OpenSSL TLSv1.1 heartbeat read overrun attempt (1:30524:5) - Sourcefire (IP=104,PA) SERVER-OTHER OpenSSL TLSv1.1 heartbeat read overrun attempt (1:30524:5) - Sourcefire (IP=104,PA)
141.98.83.139	32	wmp	None	2021-06-02 00:00:00	2021-09-02 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=139,PA)
142.105.151.124	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malware Activity
142.11.193.220	32	TLM	None	2021-07-29 00:00:00	2021-10-27 00:00:00	None	HIVE Case #5884 TO-S-2021-1435 (IP=220,US)
142.11.195.233	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=233,US)
142.11.211.250	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	US TO-S-2020-0750 Malware Activity
142.11.213.54	32	TLM	None	2021-07-29 00:00:00	2021-10-27 00:00:00	None	HIVE Case #5884 TO-S-2021-1435 (IP=54,US)
142.11.216.236	32	wmp	None	2020-09-15 00:00:00	2021-10-21 00:00:00	None	HIVE Case #3853 TO-S-2020-0804 COLS-NA-TIP-20-0291 (IP=236,US) | updated by dbc Block expiration extended with reason US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
142.112.113.103	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	CA Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
142.154.16.0	20	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5637 TO-S-2021-1321 (IP=0,SA)
142.154.22.64	24	CR	None	2021-05-04 00:00:00	2021-08-04 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt_Sourcefire (IP=64,SA)
142.169.78.245	32	jkc	None	2020-06-26 00:00:00	2021-06-26 00:00:00	None	Case # 3146 - IOC_ CTO 20-172 malicious callback IP (ip=245 CA)
142.190.52.166	32	dbc	None	2020-05-22 00:00:00	2021-05-27 00:00:00	None	Unafilliated TO-S-2020-0559 Malicious Email Activity | updated by dbc Block expiration extended with reason Unafilliated TO-S-2020-0559.01 Malicious Email Activity
142.196.206.74	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=74,US)
142.202.188.232	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=232,undefined)
142.202.189.114	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
142.202.190.18	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	US TO-S-2020-0750 Malicious Email Activity
142.202.190.42	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
142.202.25.140	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=140,US)
142.217.209.163	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=163,CA)
142.234.80.88	32	RB	None	2021-03-16 00:00:00	2021-06-16 00:00:00	None	HTTP: Apache HTTP Server mod_proxy Denial of Service - TT# 21C00699 (IP=88,US)
142.4.123.21	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	US Hive Case 4237 TO-S-2021-0910 Malware Activity
142.4.123.23	32	wmp	None	2020-08-20 00:00:00	2021-10-08 00:00:00	None	HIVE Case #3630 CTO-20-231 (IP=23,US) | updated by dbc Block expiration extended with reason HIVE Case #4064 TO-S-2020-0859 (IP=23,US)
142.4.209.40	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	CA TO-S-2020-0493 Malware Activity
142.4.212.175	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	CA TO-S-2020-0459 Malware Activity
142.4.27.1	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=1,US)
142.4.5.116	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=116,US)
142.4.50.75	32	dbc	None	2020-06-08 00:00:00	2021-06-08 00:00:00	None	US TO-S-2020-0592 Malware Activity
142.4.7.212	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	US TO-S-2020-0493 Malware Activity
142.4.96.35	32	dbc	None	2020-03-24 00:00:00	2021-03-24 00:00:00	None	US TO-S-2020-0369 Malicious Email Activity
142.44.142.188	24	RW	None	2021-04-11 00:00:00	2021-07-11 00:00:00	None	Unauthorized Access-Probe / UDP: Host Sweep - TT# 21C00997 (IP=188,CA)
142.44.151.107	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	CA TO-S-2020-0459 Malware Activity
142.44.156.131	32	RR	None	2021-03-09 00:00:00	2021-06-07 00:00:00	None	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00577 (IP=131,US)
142.44.212.109	32	GM	None	2021-01-06 00:00:00	2021-04-06 00:00:00	None	Unauthorized Access-Probe//UDP: Host Sweep - TT # 21C00386 (IP=109,CA)
142.44.213.196	32	RB	None	2020-11-22 00:00:00	2021-02-22 00:00:00	None	Unauthorized Access-Probe / UDP: Host Sweep - TT# 21C00253 (IP=196,CA)
142.44.214.3	32	RB	None	2020-10-19 00:00:00	2021-01-17 00:00:00	None	Unauthorized Access-Probe / UDP: Host Sweep - TT# 21C00151 (IP=3,CA)
142.44.214.91	32	wmp	None	2021-02-09 00:00:00	2021-05-09 00:00:00	None	Firepower Suspicious Scan Activity (IP=91,CA)
142.44.243.172	24	KH	None	2021-08-30 00:00:00	2021-11-28 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - 6hr Web Attacks (IP=172,CA)
142.44.246.156	24	SW	None	2021-06-09 00:00:00	2021-09-07 00:00:00	None	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt - Web Attacks(IP=156, CA)
142.44.246.156	24	SW	None	2021-06-09 00:00:00	2021-09-07 00:00:00	None	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt - Web Attacks(IP=156, CA) SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt - Web Attacks(IP=156, CA)
142.44.246.156	24	SW	None	2021-06-09 00:00:00	2021-09-07 00:00:00	None	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt (1:41420:2) - Source Fire (IP=156,CA)
142.44.246.156	24	SW	None	2021-06-09 00:00:00	2021-09-07 00:00:00	None	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt (1:41420:2) - Source Fire (IP=156,CA)
142.44.246.3	24	EE	None	2021-03-12 00:00:00	2021-06-10 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=3,CA)
142.44.251.104	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	CA TO-S-2020-0493 Malware Activity
142.54.177.5	32	BMP	None	2021-09-16 00:00:00	2021-12-15 00:00:00	None	HTTP: PHP Webshell Upload Attempt - TT# 21C01872 (IP=5,US)
142.93.0.76	32	RW	None	2021-05-02 00:00:00	2021-08-02 00:00:00	None	HTTP: Apache Struts OGNL Code Execution - TT# 221C0113 (IP=76,US)
142.93.100.199	24	RR	None	2021-03-30 00:00:00	2021-06-28 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=199,DE)
142.93.105.27	24	CR	None	2021-04-30 00:00:00	2021-07-30 00:00:00	None	HTTP SQL injection_Web Attack Report (IP=27,DE)
142.93.106.170	24	RR	None	2021-05-04 00:00:00	2021-08-02 00:00:00	None	SQL injection - Web Attacks (IP=170,DE)
142.93.107.41	24	RB	None	2021-04-19 00:00:00	2021-07-18 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=41,DE)
142.93.108.123	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	DE TO-S-2020-0331 Malicious Email Activity
142.93.108.61	24	EE HTTP:	None	2021-03-19 00:00:00	2021-06-17 00:00:00	None	PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=61,DE)
142.93.109.25	24	CR	None	2021-04-30 00:00:00	2021-07-30 00:00:00	None	HTTP SQL injection_Web Attack Report (IP=25,DE)
142.93.111.170	24	RB	None	2021-05-09 00:00:00	2021-08-09 00:00:00	None	Hive Case #5368 (IP=170,DE)
142.93.119.116	32	CR	None	2021-05-19 00:00:00	2021-08-17 00:00:00	None	Attempted Access - Inbound Brute Force - TT# 21C01191 (IP=116,US)
142.93.119.92	32	RB	None	2021-06-19 00:00:00	2021-09-17 00:00:00	None	SQL injection - 6hr web attacks (IP=92,US)
142.93.12.43	32	wmp	None	2021-04-22 00:00:00	2021-07-22 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=43,US)
142.93.121.61	32	RT	None	2021-07-21 00:00:00	2021-10-19 00:00:00	None	SERVER-WEBAPP Apache Unomi OGNL MVEL2 remote command execution attempt - 6HR Web Attack (IP=61,US)
142.93.121.61	32	RT	None	2021-07-21 00:00:00	2021-10-19 00:00:00	None	SERVER-WEBAPP Apache Unomi OGNL MVEL2 remote command execution attempt - 6HR Web Attack (IP=61,US)
142.93.121.72	32	RT	None	2021-07-21 00:00:00	2021-10-19 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - 6HR Web Attack (IP=72,US)
142.93.121.72	32	RT	None	2021-07-21 00:00:00	2021-10-19 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - 6HR Web Attack (IP=72,US)
142.93.125.13	32	RT	None	2021-07-21 00:00:00	2021-10-19 00:00:00	None	POLICY-OTHER Adobe ColdFusion component browser access attempt - 6HR Web Attack (IP=13,US)
142.93.125.180	32	RT	None	2021-07-21 00:00:00	2021-10-19 00:00:00	None	SERVER-WEBAPP JBoss web console access attempt - 6HR Web Attack (IP=180,US)
142.93.125.73	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	US TO-S-2020-0493 Malware Activity
142.93.126.36	32	RT	None	2021-07-21 00:00:00	2021-10-19 00:00:00	None	HTTP SQL Injection Attempt - 6HR Web Attack (IP=36,US)
142.93.126.36	32	RT	None	2021-07-21 00:00:00	2021-10-19 00:00:00	None	HTTP SQL Injection Attempt - 6HR Web Attack (IP=36,US)
142.93.139.141	32	RR	None	2021-08-31 00:00:00	2021-11-30 00:00:00	None	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - TT# 21C01693 (IP=141,US)
142.93.139.255	32	RR	None	2021-08-31 00:00:00	2021-11-30 00:00:00	None	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - TT# 21C01696 (IP=255,US)
142.93.141.108	24	GM	None	2021-03-29 00:00:00	2021-06-29 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=108,NL)
142.93.145.183	24	KH	None	2021-09-22 00:00:00	2021-12-21 00:00:00	None	SQL injection - 6 hr Web Attacks (IP=183,CA)
142.93.150.162	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	CA TO-S-2020-0298 Malware Activity
142.93.157.249	24	EE	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire (IP=249,CA)
142.93.158.201	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	CA TO-S-2020-0298 Malware Activity
142.93.162.28	32	wmp	None	2021-05-14 00:00:00	2021-08-14 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=28,DE)
142.93.163.217	24	CR	None	2021-04-30 00:00:00	2021-07-30 00:00:00	None	HTTP SQL injection_Web Attack Report (IP=217,DE)
142.93.166.216	24	BMP	None	2021-05-13 00:00:00	2021-08-11 00:00:00	None	SQL injection - 6hr Web Attacks (IP=216,DE)
142.93.166.216	24	BMP	None	2021-05-13 00:00:00	2021-08-11 00:00:00	None	SQL injection - 6hr Web Attacks (IP=216,DE) SQL injection - 6hr Web Attacks (IP=216,DE)
142.93.166.72	24	RB	None	2021-05-07 00:00:00	2021-08-05 00:00:00	None	SQL injection - 6hr web attack (IP=72,DE)
142.93.167.147	24	BMP	None	2021-05-11 00:00:00	2021-08-09 00:00:00	None	SQL injection - 6hr Web Attacks (IP=147,DE)
142.93.17.234	32	wmp	None	2021-01-27 00:00:00	2021-04-27 00:00:00	None	Suspicious Scan Activity (IP=234,US)
142.93.170.57	32	wmp	None	2021-05-14 00:00:00	2021-08-14 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=57,DE)
142.93.171.57	32	wmp	None	2021-05-14 00:00:00	2021-08-14 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=57,DE)
142.93.172.200	24	CR	None	2021-05-04 00:00:00	2021-08-03 00:00:00	None	SQL injection - 6hr Web Attacks (IP=200,DE)
142.93.172.62	24	BMP	None	2021-05-13 00:00:00	2021-08-11 00:00:00	None	SQL injection - 6hr Web Attacks (IP=62,DE)
142.93.173.244	24	GM	None	2021-03-27 00:00:00	2021-06-26 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=244,DE) | updated by EE Block expiration extended with reason HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=244,DE) HTTP: PHPUnit Remote Code Execution Vu
142.93.173.244	24	EE	None	2021-03-28 00:00:00	2021-06-26 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=244,DE) | updated by EE Block expiration extended with reason HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=244,DE) HTTP: PHPUnit Remote Code Execution Vu
142.93.173.30	24	BMP	None	2021-05-13 00:00:00	2021-08-11 00:00:00	None	SQL injection - 6hr Web Attacks (IP=30,DE)
142.93.173.30	24	BMP	None	2021-05-13 00:00:00	2021-08-11 00:00:00	None	SQL injection - 6hr Web Attacks (IP=30,DE) SQL injection - 6hr Web Attacks (IP=30,DE)
142.93.174.6	24	RR	None	2021-05-14 00:00:00	2021-08-12 00:00:00	None	SQL union select - possible sql injection attempt - GET parameter - Web Attacks (IP=6,DE)
142.93.176.112	32	RR	None	2021-03-08 00:00:00	2021-06-06 00:00:00	None	SERVER-WEBAPP Java XML deserialization remote code execution attempt - SourceFire (IP=112,US)
142.93.183.128	32	GM	None	2020-12-20 00:00:00	2021-03-20 00:00:00	None	Masscan TCP Port Scanner - FireEye CMS (IP=128,US)
142.93.185.140	32	RB	None	2021-04-26 00:00:00	2021-08-21 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr web attacks (IP=140,US) | updated by RB Block expiration extended with reason HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=140,US) | updated by RR Block expir
142.93.188.38	32	EE SERVER-WEBAPP	None	2021-01-09 00:00:00	2021-04-09 00:00:00	None	PHPUnit PHP remote code execution attempt - 6 HR Web Attack (IP=38,US)
142.93.192.116	32	BMP	None	2021-09-03 00:00:00	2021-12-02 00:00:00	None	SERVER-WEBAPP Kibana Console for Elasticsearch local file inclusion attempt (1:48815:3) - SourceFire (IP=116,US)
142.93.193.37	32	RB	None	2021-03-30 00:00:00	2021-06-28 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Sourcefire (IP=37,US)
142.93.194.135	32	RT	None	2021-07-21 00:00:00	2021-10-19 00:00:00	None	HTTP: SQL Injection - Exploit - 6HR Web Attack (IP=135,US)
142.93.195.169	32	RT	None	2021-06-23 00:00:00	2021-09-21 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - Sourcefire Report (IP=169,US)
142.93.196.43	32	RT	None	2021-07-21 00:00:00	2021-10-19 00:00:00	None	HTTP SQL Injection Attempt - 6HR Web Attack (IP=43,US)
142.93.207.94	32	RB	None	2020-12-02 00:00:00	2021-03-02 00:00:00	None	SERVER-WEBAPP Oracle WebLogic Server command injection attempt - Sourcefire (IP=94,US)
142.93.208.0	20	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	IN TO-S-2020-0298 Malicious Email Activity
142.93.21.39	32	wmp	None	2021-01-27 00:00:00	2021-04-27 00:00:00	None	Suspicious Scan Activity (IP=39,US)
142.93.211.235	24	RT	None	2021-06-10 00:00:00	2021-09-08 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - 6 HR WebAttack (IP=235,IN)
142.93.211.235	24	RT	None	2021-06-10 00:00:00	2021-09-08 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - 6 HR WebAttack (IP=235,IN)
142.93.226.235	32	NAB	None	2020-10-30 00:00:00	2021-01-28 00:00:00	None	HIVE Case #4238 COLS-NA-TIP-20-0344 (IP=235,NL)
142.93.24.172	32	wmp	None	2021-01-25 00:00:00	2021-04-25 00:00:00	None	Suspicious Scan Activity (IP=172,US)
142.93.242.13	32	ZH	None	2021-08-09 00:00:00	2021-11-07 00:00:00	None	SQL injection - 6hr Web Attacks (IP=13,US)
142.93.244.120	32	ZH	None	2021-08-09 00:00:00	2021-11-07 00:00:00	None	SQL injection - 6hr Web Attacks (IP=120,US)
142.93.244.79	32	ZH	None	2021-08-09 00:00:00	2021-11-07 00:00:00	None	SQL injection - 6hr Web Attacks (IP=79,US)
142.93.248.43	32	ZH	None	2021-08-09 00:00:00	2021-11-07 00:00:00	None	SQL injection - 6hr Web Attacks (IP=43,US)
142.93.250.23	32	RB	None	2021-03-29 00:00:00	2021-06-27 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr web attacks (IP=23,US)
142.93.252.245	32	DT	None	2021-03-30 00:00:00	2021-06-28 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=245,US)
142.93.252.59	32	ZH	None	2021-08-09 00:00:00	2021-11-07 00:00:00	None	SQL injection - 6hr Web Attacks (IP=59,US)
142.93.252.89	32	EE	None	2020-12-01 00:00:00	2021-03-01 00:00:00	None	SSH User Authentication Brute Force Attempt - Failed Logons (IP=89,US)
142.93.255.144	32	ZH	None	2021-08-09 00:00:00	2021-11-07 00:00:00	None	SQL injection - 6hr Web Attacks (IP=144,US)
142.93.255.151	32	ZH	None	2021-08-09 00:00:00	2021-11-07 00:00:00	None	SQL injection - 6hr Web Attacks (IP=151,US)
142.93.255.226	32	ZH	None	2021-08-09 00:00:00	2021-11-07 00:00:00	None	SERVER-APACHE Apache Struts remote code execution attempt - POST parameter - Sourcefire Rpt (IP=226,US)
142.93.255.229	32	ZH	None	2021-08-09 00:00:00	2021-11-07 00:00:00	None	SQL injection - 6hr Web Attacks (IP=229,US)
142.93.27.46	32	BMP	None	2021-01-14 00:00:00	2021-04-14 00:00:00	None	OS-OTHER Bash CGI environment variable injection attempt - FirePower (IP=46,US)
142.93.3.147	32	RW	None	2021-04-19 00:00:00	2021-07-19 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=147,US)
142.93.31.92	32	FT	None	2021-01-24 00:00:00	2021-04-24 00:00:00	None	Artica Web Proxy SQL Injection Vulnerability - Web Attacks (IP=92,US)
142.93.37.52	24	GM	None	2021-03-29 00:00:00	2021-06-29 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=52,GB)
142.93.39.151	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	GB TO-S-2020-0298 Malicious Email Activity
142.93.49.104	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=104,US)
142.93.5.181	32	RW	None	2021-04-19 00:00:00	2021-07-19 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=181,US)
142.93.54.126	32	RB	None	2021-06-20 00:00:00	2021-09-18 00:00:00	None	File /etc/passwd Access Attempt Detect- IPS Events (IP=126,US)
142.93.55.117	32	KH	None	2021-09-11 00:00:00	2021-12-10 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=117,US)
142.93.57.243	32	CR	None	2021-06-24 00:00:00	2021-09-22 00:00:00	None	Command Injection_ABC report (IP=243,US)
142.93.62.54	32	ZH	None	2021-06-18 00:00:00	2021-09-16 00:00:00	None	SQL Injection - 6hr Web Attacks (IP=54,US)
142.93.63.151	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	US TO-S-2020-0493 Malware Activity
142.93.65.155	32	CR	None	2021-05-20 00:00:00	2021-08-19 00:00:00	None	File /etc/passwd Access Attempt Detect - IPS Event (IP=155,US)
142.93.67.5	32	BMP	None	2021-06-18 00:00:00	2021-09-16 00:00:00	None	SERVER-ORACLE Oracle WebLogic Server remote code execution attempt (B-type) (1:1000135:3) - SourceFire (IP=5,US)
142.93.68.22	32	DT	None	2021-06-24 00:00:00	2021-09-22 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=22,US)
142.93.68.81	32	RB	None	2021-05-16 00:00:00	2021-08-14 00:00:00	None	SQL injection - 6hr web attacks (IP=81,US)
142.93.69.142	32	AR	None	2021-07-04 00:00:00	2021-10-02 00:00:00	None	SQL injection - 6 Hr Web Attack (IP=142,US)
142.93.7.13	32	ZH	None	2021-06-18 00:00:00	2021-09-16 00:00:00	None	SERVER-OTHER HP Integrated Lights-Out HTTP headers processing buffer overflow attempt (1:45682:2) - Sourcefire Rpt (IP=13,US)
142.93.71.102	32	RW	None	2021-05-17 00:00:00	2021-08-15 00:00:00	None	HTTP: SQL Injection - Exploit - Web Attacks (IP=102,US)
142.93.8.145	32	RB	None	2021-02-17 00:00:00	2021-05-17 00:00:00	None	Nuclei Vulnerability Scanner - IPS Events (IP=145,US) | updated by wmp Block expiration extended with reason Imperva Distributed Nuclei Scanner (IP=145,US)
142.93.84.93	32	BMP	None	2021-01-26 00:00:00	2021-04-26 00:00:00	None	SQL injection - 6hr Web Attacks (IP=93,US)
142.93.85.147	32	BMP	None	2021-01-14 00:00:00	2021-04-14 00:00:00	None	SERVER-WEBAPP vBulletin template rendering arbitrary PHP code execution attempt (1:54768:2) - FirePower (IP=147,US)
142.93.85.216	32	wmp	None	2021-01-13 00:00:00	2021-04-13 00:00:00	None	Suspicious Scan Activity (IP=216,US)
142.93.87.180	32	EE SQL	None	2021-01-26 00:00:00	2021-04-26 00:00:00	None	injection - 6 HR Web Attack (IP=180,US)
142.93.88.241	32	BMP	None	2021-01-26 00:00:00	2021-04-26 00:00:00	None	SQL injection - 6hr Web Attacks (IP=241,US)
142.93.89.250	32	RW	None	2021-04-02 00:00:00	2021-07-02 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability - 6hr web attacks (IP=250,US)
142.93.9.0	32	RW	None	2021-04-02 00:00:00	2021-09-03 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability - 6hr web attacks (IP=0,US) | updated by RR Block expiration extended with reason HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=0,US)
142.93.93.203	32	BMP	None	2021-01-26 00:00:00	2021-04-26 00:00:00	None	SQL injection - 6hr Web Attacks (IP=23,US)
142.93.98.246	24	RR	None	2021-05-04 00:00:00	2021-08-02 00:00:00	None	SQL injection - Web Attacks (IP=246,DE)
143.0.68.0	22	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	BR TO-S-2020-0303 Malicious Email Activity
143.110.147.19	32	BMP	None	2021-04-02 00:00:00	2021-07-01 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=19,US)
143.110.156.254	24	BMP	None	2021-02-17 00:00:00	2021-05-16 00:00:00	None	SERVER-OTHER Spring Data Commons remote code execution attempt (1:46473:1) - SourceFire (IP=254,US)
143.110.159.18	32	GM	None	2020-11-29 00:00:00	2021-03-01 00:00:00	None	muieblackcat PHP Vulnerability Scanner - FireEye CMS (IP=18,US)
143.110.159.50	32	wmp	None	2021-02-17 00:00:00	2021-05-17 00:00:00	None	Imperva Distributed Nuclei Scanner (IP=50,US)
143.110.159.69	32	CR	None	2021-01-06 00:00:00	2021-04-06 00:00:00	None	Nuclei Vulnerability Scanner - IPS Events (IP=69,US)
143.110.177.17	24	FT	None	2021-03-30 00:00:00	2021-06-28 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=17,IN)
143.110.179.61	24	FT	None	2021-03-21 00:00:00	2021-06-19 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=179,IN)
143.110.183.243	24	GM	None	2020-11-03 00:00:00	2021-02-03 00:00:00	None	HTTP: SQL Injection - Exploit II - Web Attacks (IP=243,IN)
143.110.183.86	24	WR	None	2021-06-26 00:00:00	2021-09-24 00:00:00	None	SERVER-WEBAPP Microsoft Exchange Server server side request forgery attempt (1:57242:4) - SourceFire (IP=86,IN)
143.110.184.164	24	WR	None	2021-06-26 00:00:00	2021-09-24 00:00:00	None	Adobe ColdFusion Administrator Access Restriction - 6HR Web Attack (IP=164,IN)
143.110.185.228	32	RR	None	2021-03-02 00:00:00	2021-05-31 00:00:00	None	POLICY-OTHER SAP NetWeaver AS LM Configuration Wizard access detected - SourceFire (IP=228,US)
143.110.185.228	24	RB	None	2021-03-02 00:00:00	2021-05-31 00:00:00	None	POLICY-OTHER SAP NetWeaver AS LM Configuration Wizard access detected - Sourcefire (IP=228,IN)
143.110.186.209	24	WR	None	2021-06-26 00:00:00	2021-09-24 00:00:00	None	SERVER-WEBAPP Cisco RV Series Routers information disclosure attempt (3:48949:2) - SourceFire (IP=209,IN)
143.110.187.81	24	DT	None	2021-04-05 00:00:00	2021-07-04 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=4,IN)
143.110.188.218	24	ZH	None	2021-06-27 00:00:00	2021-09-25 00:00:00	None	OS-OTHER Bash CGI environment variable injection attempt (1:31978:5) - Sourcefire Rpt (IP=218,IN)
143.110.188.54	32	wmp	None	2021-01-29 00:00:00	2021-04-29 00:00:00	None	FireEye IPS Nuclei Vulnerability Scanner (IP=54,US)
143.110.190.64	24	WR	None	2021-06-26 00:00:00	2021-09-24 00:00:00	None	SERVER-WEBAPP D-Link hedwig.cgi directory traversal attempt (1:44454:2) - SourceFire (IP=64,IN)
143.110.191.32	24	WR	None	2021-06-26 00:00:00	2021-09-24 00:00:00	None	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt (1:41421:2) - SourceFire (IP=32,IN)
143.110.208.208	32	RR	None	2021-05-06 00:00:00	2021-08-04 00:00:00	None	SQL injection - Web Attacks (IP=208,US)
143.110.208.210	32	RR	None	2021-05-06 00:00:00	2021-08-04 00:00:00	None	SQL injection - Web Attacks (IP=210,US)
143.110.208.56	32	RR	None	2021-05-06 00:00:00	2021-08-04 00:00:00	None	SQL injection - Web Attacks (IP=56,US)
143.110.208.79	32	RR	None	2021-05-06 00:00:00	2021-08-04 00:00:00	None	SQL injection - Web Attacks (IP=79,US)
143.110.209.11	24	BMP	None	2021-05-25 00:00:00	2021-08-23 00:00:00	None	Trojan.Ursnif - Hive Case 5450 (IP=11,CA)
143.110.211.120	24	RT	None	2021-05-27 00:00:00	2021-08-25 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire Report (IP=120,CA)
143.110.213.150	24	EE	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire (IP=150,CA)
143.110.213.154	32	EE	None	2021-03-27 00:00:00	2021-06-25 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=154,US)
143.110.216.9	32	RR	None	2021-05-06 00:00:00	2021-08-04 00:00:00	None	SQL injection - Web Attacks (IP=9,US)
143.110.218.156	32	BMP	None	2021-03-27 00:00:00	2021-06-25 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=156,US)
143.110.219.233	24	BMP	None	2021-03-25 00:00:00	2021-06-25 00:00:00	None	Webshell.Binary.php.FEC2 - Hive case 5094 (IP=233,CA)
143.110.219.238	24	FT	None	2021-03-21 00:00:00	2021-06-19 00:00:00	None	HTTP: PHP File Upload Vulnerability Detected - Web Attacks (IP=238,CA)
143.110.224.251	32	GM	None	2021-03-27 00:00:00	2021-06-25 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=251,US)
143.110.226.251	32	wmp	None	2021-02-17 00:00:00	2021-05-17 00:00:00	None	Imperva Distributed Nuclei Scanner (IP=251,US)
143.110.228.123	32	RR	None	2021-02-18 00:00:00	2021-05-19 00:00:00	None	SERVER-WEBAPP vBulletin template rendering arbitrary PHP code execution attempt - SourceFire (IP=123,US)
143.110.229.104	32	RR	None	2021-01-07 00:00:00	2021-04-07 00:00:00	None	Nuclei Vulnerability Scanner - IPS Events (IP=104,US)
143.110.229.106	32	RR	None	2021-01-07 00:00:00	2021-04-07 00:00:00	None	Nuclei Vulnerability Scanner - IPS Events (IP=106,US)
143.110.229.217	32	wmp	None	2021-02-18 00:00:00	2021-05-18 00:00:00	None	Imperva Nuclei Vulnerability Scanner (IP=217,US)
143.110.230.201	24	BMP	None	2021-02-17 00:00:00	2021-05-16 00:00:00	None	SERVER-APACHE Apache Tomcat remote JSP file upload attempt (1:44531:3) - SourceFire (IP=201,US)
143.110.234.148	24	BMP	None	2021-02-17 00:00:00	2021-05-16 00:00:00	None	SERVER-OTHER Spring Data Commons remote code execution attempt (1:46473:1) - SourceFire (IP=148,US)
143.110.235.214	32	BMP	None	2021-03-10 00:00:00	2021-06-10 00:00:00	None	SQL injection - 6hr Web Attacks (IP=214,US)
143.110.237.33	32	RR	None	2021-01-07 00:00:00	2021-04-07 00:00:00	None	Nuclei Vulnerability Scanner - IPS Events (IP=33,US)
143.110.240.72	24	BMP	None	2020-11-14 00:00:00	2021-02-22 00:00:00	None	POLICY-OTHER Adobe ColdFusion admin interface access attempt - 6hr Web Attacks (IP=72,IN)
143.110.241.208	24	WR	None	2021-06-26 00:00:00	2021-09-24 00:00:00	None	Adobe ColdFusion Administrator Access Restriction - 6HR Web Attack (IP=208,IN)
143.110.244.190	32	GM	None	2021-04-16 00:00:00	2021-07-16 00:00:00	None	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - TT # 21C01029 (IP=190,US)
143.110.244.233	32	GM	None	2021-04-16 00:00:00	2021-07-16 00:00:00	None	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - TT # 21C01022 (IP=223,US)
143.110.244.95	24	WR	None	2021-06-26 00:00:00	2021-09-24 00:00:00	None	OS-OTHER Bash CGI environment variable injection attempt (1:31978:5) - SourceFire (IP=95,IN)
143.110.246.82	24	WR	None	2021-06-26 00:00:00	2021-09-24 00:00:00	None	SQL injection - 6HR Web Attack (IP=82,IN)
143.110.248.236	24	ZH	None	2021-06-27 00:00:00	2021-09-25 00:00:00	None	POLICY-OTHER SAP NetWeaver AS LM Configuration Wizard access detected (1:54573:2) - Sourcefire Rpt (IP=236,IN)
143.110.249.53	32	srm	None	2021-04-20 00:00:00	2021-07-19 00:00:00	None	Firepower Suspicious Scan Activity (IP=53,IN)
143.110.250.88	32	DT	None	2021-09-06 00:00:00	2021-12-05 00:00:00	None	SERVER-WEBAPP VMWare vSphere Client remote code execution attempt - Web Attacks (IP=88,US)
143.110.250.88	24	DT	None	2021-09-06 00:00:00	2021-12-05 00:00:00	None	SERVER-WEBAPP VMWare vSphere Client remote code execution attempt (1:57720:1) - Source Fire (IP=130,IN)
143.110.252.108	32	GM	None	2021-04-16 00:00:00	2021-07-16 00:00:00	None	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - TT # 21C01021 (IP=108,US)
143.110.252.23	32	GM	None	2021-04-16 00:00:00	2021-07-16 00:00:00	None	HTTP: Apache Struts2 Remote Command Execution Vulnerability - TT # 21C01025 (IP=23,US)
143.110.252.26	32	GM	None	2021-04-16 00:00:00	2021-07-16 00:00:00	None	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - TT # 21C01023 (IP=26,US)
143.110.252.41	32	EE	None	2021-04-13 00:00:00	2021-07-12 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attack (IP=41,US)
143.110.252.43	32	GM	None	2021-04-16 00:00:00	2021-07-16 00:00:00	None	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - TT # 21C01027 (IP=43,US)
143.110.252.88	32	GM	None	2021-04-16 00:00:00	2021-07-16 00:00:00	None	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - TT # 21C01026 (IP=88,US)
143.110.253.122	24	EE	None	2021-03-27 00:00:00	2021-06-25 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=122,IN)
143.110.253.31	32	RR	None	2021-05-14 00:00:00	2021-08-12 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=31,US)
143.110.255.132	24	RB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr failed logons (IP=132,IN)
143.114.160.49	32	dbc	None	2020-05-22 00:00:00	2021-05-27 00:00:00	None	Unafilliated TO-S-2020-0559 Malicious Email Activity | updated by dbc Block expiration extended with reason Unafilliated TO-S-2020-0559.01 Malicious Email Activity
143.166.83.19	32	dbc	None	2020-05-22 00:00:00	2021-05-27 00:00:00	None	Unafilliated TO-S-2020-0559 Malicious Email Activity | updated by dbc Block expiration extended with reason Unafilliated TO-S-2020-0559.01 Malicious Email Activity
143.198.112.48	32	BMP	None	2021-04-02 00:00:00	2021-07-01 00:00:00	None	SQL injection - 6hr Web Attacks (IP=48,US)
143.198.112.49	32	EE	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Webshell.Binary.php.FEC2 - Hive Case 5175 (IP=49,US)
143.198.112.50	32	EE	None	2021-04-04 00:00:00	2021-07-03 00:00:00	None	SERVER-WEBAPP Fortigate SSL VPN cross site scripting attempt Web Attack (IP=50,US)
143.198.112.51	32	BMP	None	2021-04-02 00:00:00	2021-07-01 00:00:00	None	SQL injection - 6hr Web Attacks (IP=51,US)
143.198.112.53	32	BMP	None	2021-04-02 00:00:00	2021-07-01 00:00:00	None	HTTP: Grandstream UCM6200 SQL Injection Vulnerability (CVE-2020-5722) - 6hr Web Attacks (IP=53,US)
143.198.112.54	32	EE	None	2021-04-04 00:00:00	2021-07-03 00:00:00	None	SQL injection Web Attack (IP=54,US)
143.198.112.55	32	BMP	None	2021-04-02 00:00:00	2021-07-01 00:00:00	None	SQL injection - 6hr Web Attacks (IP=55,US)
143.198.112.56	32	RW	None	2021-04-01 00:00:00	2021-07-01 00:00:00	None	Web server exploit attempt - Hive Case 5180 (IP=56,US)
143.198.112.58	32	EE	None	2021-04-04 00:00:00	2021-07-03 00:00:00	None	SQL injection - Web Attack (IP=58,US)
143.198.112.61	32	EE	None	2021-04-04 00:00:00	2021-07-03 00:00:00	None	HTTP: SQL Injection - Exploit Web Attack (IP=61,US)
143.198.112.64	32	EE	None	2021-04-02 00:00:00	2021-07-01 00:00:00	None	HTTP: Apache Struts OGNL Code Execution - TT# 21C00918 IP=64,US)
143.198.112.65	32	BMP	None	2021-04-02 00:00:00	2021-07-01 00:00:00	None	SQL injection - 6hr Web Attacks (IP=65,US)
143.198.116.92	32	EE	None	2021-04-20 00:00:00	2021-07-19 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attack (IP=92,US)
143.198.117.11	32	RR	None	2021-04-26 00:00:00	2021-07-26 00:00:00	None	SQL injection - Web Attacks (IP=11,US) | updated by BMP Block expiration extended with reason SERVER-WEBAPP WordPress Yuzo Related Posts plugin cross site scripting attempt (1:49796:1) - SourceFire (IP=11,US)
143.198.117.114	32	AR	None	2021-06-09 00:00:00	2021-09-07 00:00:00	None	SQL injection - 6 HR Web Attack (IP=114,US)
143.198.119.116	32	RR	None	2021-04-23 00:00:00	2021-07-23 00:00:00	None	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - TT# 21C01064 (IP=116,US)
143.198.120.20	32	BMP	None	2021-04-02 00:00:00	2021-07-01 00:00:00	None	SQL injection - 6hr Web Attacks (IP=20,US)
143.198.120.233	32	BMP	None	2021-04-02 00:00:00	2021-07-01 00:00:00	None	HTTP: SQL Injection - Exploit - 6hr Web Attacks (IP=23,US)
143.198.120.234	32	BMP	None	2021-04-02 00:00:00	2021-07-01 00:00:00	None	HTTP SQL Injection Attempt - 6hr Web Attacks (IP=234,US)
143.198.120.235	32	BMP	None	2021-04-02 00:00:00	2021-07-01 00:00:00	None	SQL injection - 6hr Web Attacks (IP=235,US)
143.198.120.236	32	BMP	None	2021-04-02 00:00:00	2021-07-01 00:00:00	None	SQL injection - 6hr Web Attacks (IP=236,US)
143.198.120.44	32	BMP	None	2021-04-02 00:00:00	2021-07-01 00:00:00	None	Adobe ColdFusion Administrator Access Restriction - 6hr Web Attacks (IP=44,US)
143.198.121.231	32	RT	None	2021-05-27 00:00:00	2021-08-25 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire Report (IP=231,US)
143.198.122.232	32	KH	None	2021-08-16 00:00:00	2021-11-14 00:00:00	None	Command Injection - ABC Report (IP=232,US)
143.198.124.202	32	BMP	None	2021-05-06 00:00:00	2021-08-04 00:00:00	None	SQL injection - 6hr Web Attacks (IP=202,US)
143.198.125.255	32	CR	None	2021-04-28 00:00:00	2021-07-28 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attemp - Sourcefire (IP=255,US)
143.198.127.124	32	GM	None	2021-04-22 00:00:00	2021-07-21 00:00:00	None	Adobe ColdFusion Administrator Access Restriction - Web Attacks (IP=124,US)
143.198.16.71	32	DT	None	2021-09-01 00:00:00	2021-11-30 00:00:00	None	SERVER-APACHE Apache Struts remote code execution attempt - POST parameter (1:23631:7) - Source Fire (IP=71,US)
143.198.161.117	32	CR	None	2021-07-20 00:00:00	2021-10-18 00:00:00	None	Possible Cross-site Scripting Attack - IPS Events (IP=117,US)
143.198.161.123	32	RR	None	2021-07-23 00:00:00	2021-10-21 00:00:00	None	Command Injection - Automated Block (IP=123,US)
143.198.161.180	32	AR	None	2021-06-09 00:00:00	2021-09-07 00:00:00	None	SQL injection - 6 HR Web Attack (IP=180,US)
143.198.161.33	32	KD	None	2021-07-20 00:00:00	2021-10-18 00:00:00	None	SERVER-WEBAPP VMware View Planner logupload arbitrary file upload attempt (1:57438:1) - Source Fire (IP=33,US)
143.198.161.35	32	KD	None	2021-07-20 00:00:00	2021-10-18 00:00:00	None	HTTP Request Brute Force Attack - Failed Logons (IP=35, US)
143.198.161.6	32	UA	None	2021-07-11 00:00:00	2021-10-09 00:00:00	None	SQL injection - 6 Hr Web Attack (IP=80,VN)
143.198.161.67	32	RR	None	2021-07-23 00:00:00	2021-10-21 00:00:00	None	Command Injection - Automated Block (IP=67,US)
143.198.161.68	32	KD	None	2021-07-20 00:00:00	2021-10-18 00:00:00	None	OS-OTHER Bash CGI environment variable injection attempt (1:31978:5) - Source Fire (IP=68,US)
143.198.161.86	32	RR	None	2021-07-20 00:00:00	2021-10-18 00:00:00	None	Command Injection (IP=86,US)
143.198.162.158	32	DT	None	2021-08-13 00:00:00	2021-11-11 00:00:00	None	File /etc/passwd Access Attempt Detect - IPS Events (IP=158,US)
143.198.163.16	32	BMP	None	2021-06-25 00:00:00	2021-09-23 00:00:00	None	SQL injection - 6hr Web Attacks (IP=16,US)
143.198.167.0	24	ZH	None	2021-08-03 00:00:00	2021-11-01 00:00:00	None	Self-Report: URL manipulation incl. path traversal and other fingerprinting - TT# 21C01514 (IP=0,US)
143.198.167.115	32	BMP	None	2021-06-16 00:00:00	2021-09-14 00:00:00	None	Adobe ColdFusion Administrator Access Restriction - 6hr Web Attacks (IP=15,US)
143.198.167.12	32	BMP	None	2021-06-16 00:00:00	2021-09-14 00:00:00	None	Adobe ColdFusion Administrator Access Restriction - 6hr Web Attacks (IP=12,US)
143.198.167.136	32	BMP	None	2021-06-16 00:00:00	2021-09-14 00:00:00	None	Adobe ColdFusion Administrator Access Restriction - 6hr Web Attacks (IP=136,US)
143.198.167.36	32	BMP	None	2021-06-16 00:00:00	2021-09-14 00:00:00	None	Adobe ColdFusion Administrator Access Restriction - 6hr Web Attacks (IP=36,US)
143.198.167.58	32	BMP	None	2021-06-16 00:00:00	2021-09-14 00:00:00	None	Adobe ColdFusion Administrator Access Restriction - 6hr Web Attacks (IP=58,US)
143.198.167.88	32	UA	None	2021-08-03 00:00:00	2021-11-01 00:00:00	None	SERVER-WEBAPP Wordpress File Manager plugin elFinder remote code execution attempt - 6hr Web Attacks (IP=88,US)
143.198.171.106	32	ZH	None	2021-07-13 00:00:00	2021-10-11 00:00:00	None	Adobe ColdFusion Administrator Access Restriction - 6hr Web Attacks (IP=106,US)
143.198.171.233	32	BMP	None	2021-06-16 00:00:00	2021-09-14 00:00:00	None	Adobe ColdFusion Administrator Access Restriction - 6hr Web Attacks (IP=233,US)
143.198.171.238	32	BMP	None	2021-06-16 00:00:00	2021-09-14 00:00:00	None	Adobe ColdFusion Administrator Access Restriction - 6hr Web Attacks (IP=238,US)
143.198.171.244	32	BMP	None	2021-06-16 00:00:00	2021-09-14 00:00:00	None	Adobe ColdFusion Administrator Access Restriction - 6hr Web Attacks (IP=244,US)
143.198.171.246	32	BMP	None	2021-06-16 00:00:00	2021-09-14 00:00:00	None	Adobe ColdFusion Administrator Access Restriction - 6hr Web Attacks (IP=246,US)
143.198.171.96	32	WR	None	2021-06-18 00:00:00	2021-09-16 00:00:00	None	Unauthorized Access-Probe - TT# 21C01328 (IP=96,US)
143.198.173.14	32	RR	None	2021-06-20 00:00:00	2021-09-18 00:00:00	None	SQL injection - Web Attacks (IP=14,US)
143.198.173.97	32	ZH	None	2021-08-19 00:00:00	2021-11-17 00:00:00	None	ABC Command Injection (IP=97,US)
143.198.174.156	32	RR	None	2021-06-20 00:00:00	2021-09-18 00:00:00	None	AR RCC-CONUS HTTP_GET_Psble_F5TMUI_RCE_RC130840 - TT# 21C01347 (IP=156,US)
143.198.175.146	32	AR	None	2021-08-21 00:00:00	2021-11-19 00:00:00	None	SQL injection - 6Hr Web Attack (IP=146,US)
143.198.175.208	32	BMP	None	2021-06-23 00:00:00	2021-09-21 00:00:00	None	SQL injection - 6hr Web Attacks (IP=208,US)
143.198.176.0	24	ZH	None	2021-08-03 00:00:00	2021-11-01 00:00:00	None	Self-Report: URL manipulation incl. path traversal and other fingerprinting - TT# 21C01513 (IP=0,US)
143.198.178.0	24	ZH	None	2021-08-03 00:00:00	2021-11-01 00:00:00	None	Self-Report: URL manipulation incl. path traversal and other fingerprinting - TT# 21C01512 (IP=0,US)
143.198.178.245	32	UA	None	2021-08-03 00:00:00	2021-11-01 00:00:00	None	HTTP: SQL Injection - Exploit II - 6hr Web Attacks (IP=245,US)
143.198.180.104	32	RR	None	2021-08-31 00:00:00	2021-11-29 00:00:00	None	SQL injection - Web Attacks (IP=104,US)
143.198.182.170	24	RR	None	2021-08-31 00:00:00	2021-11-29 00:00:00	None	Command Injection - Automated Block (IP=170,US)
143.198.184.0	24	ZH	None	2021-08-03 00:00:00	2021-11-01 00:00:00	None	Self-Report: URL manipulation incl. path traversal and other fingerprinting - TT# 21C01511 (IP=0,US)
143.198.184.219	32	UA	None	2021-08-03 00:00:00	2021-11-01 00:00:00	None	SERVER-WEBAPP Oracle-BI convert servlet XML external entity injection attempt - 6hr Web Attacks (IP=219,US)
143.198.184.242	32	UA	None	2021-08-03 00:00:00	2021-11-01 00:00:00	None	OS-OTHER Bash CGI environment variable injection attempt (1:31978:5) - Sourcefire (IP=242,US)
143.198.186.0	24	ZH	None	2021-08-03 00:00:00	2021-11-01 00:00:00	None	Self-Report: URL manipulation incl. path traversal and other fingerprinting - TT# 21C01509 (IP=0,US)
143.198.186.54	32	UA	None	2021-08-03 00:00:00	2021-11-01 00:00:00	None	OS-OTHER Bash CGI environment variable injection attempt - 6hr Web Attacks (IP=54,US)
143.198.187.3	32	UA	None	2021-08-04 00:00:00	2021-11-02 00:00:00	None	SQL 1 = 0 - possible sql injection attempt - 6hr Web Attacks (IP=3,US)
143.198.189.231	32	KH	None	2021-07-22 00:00:00	2021-10-20 00:00:00	None	Possible Cross-site Scripting Attack - FE IPS (IP=231,US)
143.198.197.232	24	RW	None	2021-05-02 00:00:00	2021-08-02 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=232,SG)
143.198.205.13	32	CR	None	2021-05-04 00:00:00	2021-08-04 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt_Sourcefire (IP=13,US)
143.198.207.170	32	CR	None	2021-05-04 00:00:00	2021-08-04 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt_Sourcefire (IP=170,US)
143.198.208.110	32	CR	None	2021-05-13 00:00:00	2021-08-11 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=110,US)
143.198.211.175	24	RW	None	2021-03-31 00:00:00	2021-06-30 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Sourcefire (IP=175,SG)
143.198.22.64	32	RB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr failed logons (IP=64,US)
143.198.222.53	32	RR	None	2021-03-23 00:00:00	2021-06-21 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=53,US)
143.198.234.72	32	EE	None	2021-04-06 00:00:00	2021-07-14 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attack (IP=72,US) | updated by DT Block expiration extended with reason HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr web attacks (IP=72,US)
143.198.236.115	32	wmp	None	2021-03-16 00:00:00	2021-06-16 00:00:00	None	FireEye IPS Nuclei Vulnerability Scanner (IP=115,US)
143.198.236.59	32	BMP	None	2021-03-16 00:00:00	2021-06-14 00:00:00	None	Webshell.Binary.php.FEC2 - Hive Case 5062 (IP=59,US)
143.198.236.99	32	wmp	None	2021-03-16 00:00:00	2021-06-16 00:00:00	None	FireEye IPS Nuclei Vulnerability Scanner (IP=99,US)
143.198.237.247	32	KH	None	2021-07-12 00:00:00	2021-10-10 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6 hr Web Attacks (IP=247,US)
143.198.239.95	32	DT	None	2021-03-22 00:00:00	2021-06-20 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=95,US)
143.198.28.181	32	GM	None	2021-04-03 00:00:00	2021-08-11 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=181,US) | updated by BMP Block expiration extended with reason HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=181,US)
143.198.31.33	32	RR	None	2021-04-07 00:00:00	2021-09-07 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=33,US) | updated by SW Block expiration extended with reason SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=33,US)
143.198.33.1	32	AR	None	2021-07-11 00:00:00	2021-10-09 00:00:00	None	Adobe ColdFusion Administrator Access Restriction - 6 Hr Web Attacks (IP=1,US)
143.198.46.205	32	UA	None	2021-07-11 00:00:00	2021-10-09 00:00:00	None	Adobe ColdFusion Administrator Access Restriction - Web Attacks (IP=205,US)
143.198.49.82	24	BMP	None	2021-03-10 00:00:00	2021-06-10 00:00:00	None	SQL injection - 6hr web attacks (IP=82,US)
143.198.50.109	32	RW	None	2021-03-10 00:00:00	2021-06-10 00:00:00	None	SERVER-WEBAPP Java XML deserialization remote code execution attempt - 6hr web attacks (IP=109,US)
143.198.50.199	32	wmp	None	2021-02-25 00:00:00	2021-05-26 00:00:00	None	FireEye IPS Nuclei Vulnerability Scanner (IP=199,US)
143.198.53.96	24	BMP	None	2021-03-10 00:00:00	2021-06-10 00:00:00	None	Adobe ColdFusion Administrator Access Restriction - 6hr web attacks (IP=96,US)
143.198.55.0	24	BMP	None	2021-03-10 00:00:00	2021-06-10 00:00:00	None	HTTP: SQL Injection - 6hr web attacks (IP=61,US)
143.198.57.216	32	wmp	None	2021-03-04 00:00:00	2021-06-04 00:00:00	None	FireEye IPS Nuclei Vulnerability Scanner (IP=216,US)
143.198.57.218	32	wmp	None	2021-03-04 00:00:00	2021-06-04 00:00:00	None	FireEye IPS Nuclei Vulnerability Scanner (IP=218,US)
143.198.57.223	32	wmp	None	2021-03-04 00:00:00	2021-06-04 00:00:00	None	FireEye IPS Nuclei Vulnerability Scanner (IP=223,US)
143.198.57.224	32	wmp	None	2021-03-04 00:00:00	2021-06-28 00:00:00	None	FireEye IPS Nuclei Vulnerability Scanner (IP=224,US) | updated by BMP Block expiration extended with reason HTTP: rConfig ajaxServerSettingsChk.php Command Injection Vulnerability - 6hr Web Attacks (IP=224,US)
143.198.57.226	32	wmp	None	2021-03-04 00:00:00	2021-06-04 00:00:00	None	FireEye IPS Nuclei Vulnerability Scanner (IP=226,US)
143.198.57.230	32	wmp	None	2021-03-04 00:00:00	2021-06-28 00:00:00	None	FireEye IPS Nuclei Vulnerability Scanner (IP=230,US) | updated by BMP Block expiration extended with reason SERVER-WEBAPP vBulletin template rendering arbitrary PHP code execution attempt - 6hr Web Attacks (IP=230,US)
143.198.57.231	32	wmp	None	2021-03-04 00:00:00	2021-06-04 00:00:00	None	FireEye IPS Nuclei Vulnerability Scanner (IP=231,US)
143.198.57.233	32	wmp	None	2021-03-04 00:00:00	2021-06-28 00:00:00	None	FireEye IPS Nuclei Vulnerability Scanner (IP=233,US) | updated by BMP Block expiration extended with reason SERVER-WEBAPP Multiple routers getcfg.php credential disclosure attempt - 6hr Web Attacks (IP=233,US)
143.198.57.234	24	FT	None	2021-03-03 00:00:00	2021-06-02 00:00:00	None	HTTP SQL Injection Attempt - Web Attacks (IP=234,US)
143.198.58.160	24	BMP	None	2021-03-10 00:00:00	2021-06-10 00:00:00	None	SQL injection - 6hr web attacks (IP=160,US)
143.198.61.21	24	BMP	None	2021-03-10 00:00:00	2021-06-10 00:00:00	None	SQL injection - 6hr web attacks (IP=21,US)
143.198.61.70	32	DT	None	2021-03-25 00:00:00	2021-06-23 00:00:00	None	HTTP: rConfig ajaxServerSettingsChk.php Command Injection Vulnerability - 6hr Web Attacks (IP=70,US)
143.198.62.68	24	BMP	None	2021-03-10 00:00:00	2021-06-10 00:00:00	None	SQL injection - 6hr web attacks (IP=68,US)
143.198.68.207	32	DT	None	2021-03-20 00:00:00	2021-06-18 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=207,US)
143.198.72.84	32	BMP	None	2021-04-02 00:00:00	2021-07-01 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=84,US)
143.198.74.183	32	RW	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=183,US)
143.198.74.32	32	EE	None	2021-04-02 00:00:00	2021-07-01 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire(IP=32,US)
143.198.76.94	32	RW	None	2021-05-14 00:00:00	2021-08-14 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - web attacks (IP=94,US)
143.198.9.12	32	RR	None	2021-09-13 00:00:00	2021-12-12 00:00:00	None	Possible Cross-site Scripting Attack - IPS Event (IP=12,US)
143.198.96.51	32	RW	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Sourcefire (IP=51,US)
143.202.112.0	24	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	BR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
143.202.224.0	22	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	BR TO-S-2020-0303 Malicious Email Activity
143.208.191.6	24	RW	None	2021-03-18 00:00:00	2021-06-18 00:00:00	None	SERVER-WEBAPP JBoss admin-console access - Sourcefire (IP=6,BR)
143.208.232.0	22	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	BR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
143.208.84.0	22	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	BR TO-S-2020-0331 Malicious Web Application Activity
143.224.45.26	24	EE	None	2021-01-15 00:00:00	2021-04-15 00:00:00	None	User Agent String Fuzz Faster U Fool v1.0.2 - Hive Case 4715 (IP=26,AT)
143.244.128.179	24	ZH	None	2021-06-27 00:00:00	2021-09-25 00:00:00	None	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt (1:41421:2) - Sourcefire Rpt (IP=179,IN)
143.244.144.46	32	ZH	None	2021-06-12 00:00:00	2021-09-10 00:00:00	None	SERVER-WEBAPP Microsoft Exchange Server server side request forgery attempt (1:57244:4) - Sourcefire Rpt (IP=46,US)
143.244.144.47	32	DT	None	2021-08-13 00:00:00	2021-11-11 00:00:00	None	Atlassian Crowd CVE-2019-11580 Remote Code Execution - IPS Events (IP=47,US)
143.244.145.177	32	RR	None	2021-06-28 00:00:00	2021-09-26 00:00:00	None	MULTIPLE UNRECOGNIZED TECHNIQUES; FORWARD TO DEV TEAM (IP=177,US)
143.244.146.13	32	AR	None	2021-07-10 00:00:00	2021-10-08 00:00:00	None	SERVER-WEBAPP Liferay arbitrary Java object deserialization attempt (1:56800:3) - SourceFire (IP=13,US)
143.244.147.111	32	BMP	None	2021-06-23 00:00:00	2021-09-21 00:00:00	None	SQL injection - 6hr Web Attacks (IP=111,US)
143.244.147.196	32	ZH	None	2021-06-24 00:00:00	2021-09-22 00:00:00	None	SQL injection - 6hr web attacks (IP=196,US)
143.244.147.78	32	UA	None	2021-06-22 00:00:00	2021-09-22 00:00:00	None	SERVER-OTHER Hashicorp Consul services API remote code execution attempt (IP=78,US)
143.244.147.82	32	UA	None	2021-06-22 00:00:00	2021-09-22 00:00:00	None	SERVER-APACHE Apache Struts freemarker tag OGNL expression injection attempt (IP=82,US)
143.244.149.244	32	RT	None	2021-07-01 00:00:00	2021-09-29 00:00:00	None	SQL union select - possible sql injection attempt - GET parameter (1:13990:26) - Sourcefire Report (IP=244,US)
143.244.150.53	32	RR	None	2021-08-31 00:00:00	2021-11-29 00:00:00	None	Command Injection - Automated Block (IP=53,US)
143.244.152.42	32	UA	None	2021-06-16 00:00:00	2021-09-14 00:00:00	None	Self Report / ColdFusion Error Reporting - TT# 21C01319 (IP=42, US)
143.244.153.109	32	UA	None	2021-06-22 00:00:00	2021-09-22 00:00:00	None	SERVER-WEBAPP Atlassian OAuth plugin multiple versions server side request forgery attempt (IP=109,US)
143.244.155.24	32	RT	None	2021-07-01 00:00:00	2021-09-29 00:00:00	None	SQL 1 = 1 - possible sql injection attempt (1:30040:5) - Sourcefire Report (IP=244,US)
143.244.156.182	32	RR	None	2021-06-13 00:00:00	2021-09-11 00:00:00	None	SQL injection - Web Attacks (IP=182,US)
143.244.158.0	32	ZH	None	2021-07-13 00:00:00	2021-10-11 00:00:00	None	SQL injection - 6hr Web Attacks (IP=0,US)
143.244.158.198	32	RT	None	2021-07-01 00:00:00	2021-09-29 00:00:00	None	SERVER-WEBAPP Kibana Console for Elasticsearch local file inclusion attempt (1:48815:3) - Sourcefire Report (IP=244,US)
143.244.158.236	32	KH	None	2021-07-13 00:00:00	2021-10-11 00:00:00	None	Self Report / Unsuccessful Activity - TT# 21C01433 (IP=236,US)
143.244.159.28	32	BB	None	2021-07-24 00:00:00	2021-10-22 00:00:00	None	SQL injection - Web Attacks (IP=28,US)
143.244.159.36	32	UA	None	2021-09-01 00:00:00	2021-11-30 00:00:00	None	SQL injection - 6hr web attacks (IP=36,US)
143.244.160.132	32	RB	None	2021-06-19 00:00:00	2021-09-17 00:00:00	None	AR RCC-CONUS HTTP_GET_Psble_F5TMUI_RCE_RC130840 - TT# 21C01346 (IP=132,US)
143.244.160.157	32	BMP	None	2021-06-23 00:00:00	2021-09-21 00:00:00	None	SQL injection - 6hr Web Attacks (IP=157,US)
143.244.161.10	32	RW	None	2021-08-11 00:00:00	2021-11-09 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=10,US)
143.244.161.21	32	KD	None	2021-06-16 00:00:00	2021-09-15 00:00:00	None	HTTP: SQL Injection - Exploit - Web Attacks (IP=21,US)
143.244.162.184	32	UA	None	2021-09-01 00:00:00	2021-11-30 00:00:00	None	SQL injection - 6hr web attacks (IP=184,US)
143.244.162.32	32	RR	None	2021-06-28 00:00:00	2021-09-26 00:00:00	None	Command Injection (IP=32,US)
143.244.162.33	32	UA	None	2021-09-01 00:00:00	2021-11-30 00:00:00	None	SQL injection - 6hr web attacks (IP=33,US)
143.244.163.140	32	BMP	None	2021-06-17 00:00:00	2021-09-15 00:00:00	None	SQL injection - 6hr Web Attacks (IP=140,US)
143.244.163.232	32	BMP	None	2021-06-17 00:00:00	2021-09-15 00:00:00	None	SQL injection - 6hr Web Attacks (IP=232,US)
143.244.163.46	32	ZH	None	2021-07-13 00:00:00	2021-10-11 00:00:00	None	HTTP: SQL Injection - Exploit - 6hr Web Attacks (IP=46,US)
143.244.163.9	32	AR	None	2021-08-21 00:00:00	2021-11-19 00:00:00	None	SQL injection - 6Hr Web Attack (IP=9,US)
143.244.164.152	32	BMP	None	2021-06-23 00:00:00	2021-09-21 00:00:00	None	SQL injection - 6hr Web Attacks (IP=152,US)
143.244.164.195	32	RB	None	2021-08-13 00:00:00	2021-11-11 00:00:00	None	SQL injection - 6hr web attacks (IP=195,US)
143.244.164.201	32	ZH	None	2021-06-18 00:00:00	2021-09-16 00:00:00	None	SQL Injection - 6hr Web Attacks (IP=201,US)
143.244.164.224	32	ZH	None	2021-06-18 00:00:00	2021-09-16 00:00:00	None	SQL Injection - 6hr Web Attacks (IP=224,US)
143.244.164.237	32	CR	None	2021-06-24 00:00:00	2021-09-22 00:00:00	None	Command Injection_ABC report (IP=237,US)
143.244.164.24	32	RB	None	2021-06-19 00:00:00	2021-09-17 00:00:00	None	SQL injection - 6hr web attacks (IP=24,US)
143.244.165.1	32	KD	None	2021-06-16 00:00:00	2021-09-15 00:00:00	None	SQL injection - Web Attacks (IP=1,US)
143.244.165.10	32	KD	None	2021-06-16 00:00:00	2021-09-15 00:00:00	None	HTTP: Adobe ColdFusion Directory Traversal Information Disclosure Vulnerability - Web Attacks (IP=10,US)
143.244.165.16	32	DT	None	2021-08-31 00:00:00	2021-11-29 00:00:00	None	SQL injection - Web Attacks (IP=16,US)
143.244.165.175	32	BMP	None	2021-06-23 00:00:00	2021-09-21 00:00:00	None	SQL injection - 6hr Web Attacks (IP=175,US)
143.244.165.2	32	KD	None	2021-06-16 00:00:00	2021-09-15 00:00:00	None	SQL injection - Web Attacks (IP=2,US)
143.244.165.3	32	KD	None	2021-06-16 00:00:00	2021-09-15 00:00:00	None	SQL injection - Web Attacks (IP=3,US)
143.244.165.4	32	KD	None	2021-06-16 00:00:00	2021-09-15 00:00:00	None	SQL injection - Web Attacks (IP=4,US)
143.244.165.99	32	RB	None	2021-06-20 00:00:00	2021-09-18 00:00:00	None	File /etc/passwd Access Attempt Detect- IPS Events (IP=99,US)
143.244.167.233	32	AR	None	2021-08-13 00:00:00	2021-11-11 00:00:00	None	HTTP SQL Injection Attempt - 6hr Web Attacks (IP=233,US)
143.244.167.75	32	BMP	None	2021-06-23 00:00:00	2021-09-21 00:00:00	None	SQL injection - 6hr Web Attacks (IP=75,US)
143.244.168.132	32	CR	None	2021-06-24 00:00:00	2021-09-22 00:00:00	None	Command Injection_ABC report (IP=132,US)
143.244.169.221	32	KD	None	2021-06-16 00:00:00	2021-09-15 00:00:00	None	SQL injection - Web Attacks (IP=221,US)
143.244.169.223	32	KD	None	2021-06-16 00:00:00	2021-09-15 00:00:00	None	SQL injection - Web Attacks (IP=223,US)
143.244.169.224	32	KD	None	2021-06-16 00:00:00	2021-09-15 00:00:00	None	SQL injection - Web Attacks (IP=224,US)
143.244.169.225	32	KD	None	2021-06-16 00:00:00	2021-09-15 00:00:00	None	SQL injection - Web Attacks (IP=225,US)
143.244.169.226	32	KD	None	2021-06-16 00:00:00	2021-09-15 00:00:00	None	SQL injection - Web Attacks (IP=226,US)
143.244.169.227	32	KD	None	2021-06-16 00:00:00	2021-09-15 00:00:00	None	SQL injection - Web Attacks (IP=227,US)
143.244.169.229	32	KD	None	2021-06-16 00:00:00	2021-09-15 00:00:00	None	SQL injection - Web Attacks (IP=229,US)
143.244.169.230	32	KD	None	2021-06-16 00:00:00	2021-09-15 00:00:00	None	SQL injection - Web Attacks (IP=230,US)
143.244.169.231	32	KD	None	2021-06-16 00:00:00	2021-09-15 00:00:00	None	SQL injection - Web Attacks (IP=231,US)
143.244.169.232	32	KD	None	2021-06-16 00:00:00	2021-09-15 00:00:00	None	SQL injection - Web Attacks (IP=232,US)
143.244.169.234	32	KD	None	2021-06-16 00:00:00	2021-09-15 00:00:00	None	SQL injection - Web Attacks (IP=234,US)
143.244.169.235	32	KD	None	2021-06-16 00:00:00	2021-09-15 00:00:00	None	SQL injection - Web Attacks (IP=235,US)
143.244.169.236	32	KD	None	2021-06-16 00:00:00	2021-09-15 00:00:00	None	Adobe ColdFusion Administrator Access Restriction - Web Attacks (IP=236,US)
143.244.169.238	32	KD	None	2021-06-16 00:00:00	2021-09-15 00:00:00	None	Adobe ColdFusion Administrator Access Restriction - Web Attacks (IP=238,US)
143.244.169.240	32	KD	None	2021-06-16 00:00:00	2021-09-15 00:00:00	None	SQL injection - Web Attacks (IP=240,US)
143.244.169.241	32	KD	None	2021-06-16 00:00:00	2021-09-15 00:00:00	None	SQL injection - Web Attacks (IP=241,US)
143.244.169.242	32	KD	None	2021-06-16 00:00:00	2021-09-15 00:00:00	None	Adobe ColdFusion Administrator Access Restriction - Web Attacks (IP=242,US)
143.244.169.244	32	KD	None	2021-06-16 00:00:00	2021-09-15 00:00:00	None	Adobe ColdFusion Administrator Access Restriction - Web Attacks (IP=244,US)
143.244.169.245	32	KD	None	2021-06-16 00:00:00	2021-09-15 00:00:00	None	Adobe ColdFusion Administrator Access Restriction - Web Attacks (IP=245,US)
143.244.169.246	32	KD	None	2021-06-16 00:00:00	2021-09-15 00:00:00	None	Adobe ColdFusion Administrator Access Restriction - Web Attacks (IP=246,US)
143.244.169.247	32	KD	None	2021-06-16 00:00:00	2021-09-15 00:00:00	None	SQL injection - Web Attacks (IP=247,US)
143.244.169.248	32	KD	None	2021-06-16 00:00:00	2021-09-15 00:00:00	None	SQL injection - Web Attacks (IP=248,US)
143.244.169.249	32	KD	None	2021-06-16 00:00:00	2021-09-15 00:00:00	None	SQL injection - Web Attacks (IP=249,US)
143.244.169.250	32	KD	None	2021-06-16 00:00:00	2021-09-15 00:00:00	None	SQL injection - Web Attacks (IP=250,US)
143.244.169.251	32	KD	None	2021-06-16 00:00:00	2021-09-15 00:00:00	None	SQL injection - Web Attacks (IP=251,US)
143.244.169.252	32	KD	None	2021-06-16 00:00:00	2021-09-15 00:00:00	None	SQL injection - Web Attacks (IP=252,US)
143.244.169.255	32	KD	None	2021-06-16 00:00:00	2021-09-15 00:00:00	None	SQL injection - Web Attacks (IP=255,US)
143.244.170.211	32	UA	None	2021-09-01 00:00:00	2021-11-30 00:00:00	None	SQL injection - 6hr web attacks (IP=211,US)
143.244.172.126	32	CR	None	2021-06-24 00:00:00	2021-09-22 00:00:00	None	Command Injection_ABC report (IP=126,US)
143.244.172.131	32	SW	None	2021-06-17 00:00:00	2021-09-16 00:00:00	None	SQL injection - Web Attacks (IP=131,US) | updated by ZH Block expiration extended with reason SQL Injection - 6hr Web Attacks (IP=131,US)
143.244.172.14	32	BMP	None	2021-06-23 00:00:00	2021-09-21 00:00:00	None	SQL injection - 6hr Web Attacks (IP=14,US)
143.244.172.18	32	ZH	None	2021-06-18 00:00:00	2021-09-16 00:00:00	None	SQL Injection - 6hr Web Attacks (IP=18,US)
143.244.172.189	32	CR	None	2021-06-24 00:00:00	2021-09-22 00:00:00	None	Command Injection _ABC report (IP=189,US)
143.244.172.235	32	CR	None	2021-06-24 00:00:00	2021-09-22 00:00:00	None	Command Injection_ABC report (IP=235,US)
143.244.172.245	32	BMP	None	2021-06-23 00:00:00	2021-09-21 00:00:00	None	SQL injection - 6hr Web Attacks (IP=245,US)
143.244.172.53	32	ZH	None	2021-06-18 00:00:00	2021-09-16 00:00:00	None	SQL Injection - 6hr Web Attacks (IP=53,US)
143.244.172.59	32	ZH	None	2021-06-18 00:00:00	2021-09-16 00:00:00	None	File /etc/passwd Access Attempt Detect- IPS Events (IP=59,US)
143.244.172.9	32	ZH	None	2021-06-18 00:00:00	2021-09-16 00:00:00	None	SERVER-WEBAPP Symantec Messaging Gateway KavaChart Component directory traversal attempt (1:40451:2) - Sourcefire Rpt (IP=9,US)
143.244.172.94	32	ZH	None	2021-06-18 00:00:00	2021-09-16 00:00:00	None	SQL Injection - 6hr Web Attacks (IP=94,US)
143.244.173.121	32	DT	None	2021-08-31 00:00:00	2021-11-29 00:00:00	None	SQL injection - Web Attacks (IP=121,US)
143.244.173.150	32	RR	None	2021-07-23 00:00:00	2021-10-21 00:00:00	None	Command Injection - Automated Block (IP=150,US)
143.244.174.252	32	KD	None	2021-06-16 00:00:00	2021-09-15 00:00:00	None	SQL injection - Web Attacks (IP=252,US)
143.244.175.12	32	AR	None	2021-08-13 00:00:00	2021-11-11 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6hr Web Attacks (IP=12,US)
143.244.175.69	32	ZH	None	2021-07-13 00:00:00	2021-10-11 00:00:00	None	SQL injection - 6hr Web Attacks (IP=69,US)
143.244.177.202	32	BMP	None	2021-09-03 00:00:00	2021-12-02 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=202,US)
143.255.128.38	32	srm	None	2021-01-28 00:00:00	2021-04-28 00:00:00	None	Firepower Suspicious Scan Activity (IP=38,BR)
143.255.144.0	22	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	BR TO-S-2020-0331 Malicious Web Application Activity
143.255.204.0	22	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	BR TO-S-2020-0303 Malicious Email Activity
143.255.228.0	22	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	BR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
143.255.240.0	22	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	BR TO-S-2020-0331 Malicious Web Application Activity
143.255.244.0	22	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	BR TO-S-2020-0303 Malicious Email Activity
143.255.92.0	22	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5629 TO-S-2021-1303 (IP=0,BR)
143.44.136.32	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=32,PH)
143.44.136.34	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=34,PH)
143.84.101.250	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	US TO-S-2020-0870 Application Vulnerability Exploit
143.84.38.158	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	US TO-S-2020-0870 Application Vulnerability Exploit
143.84.8.62	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	US TO-S-2020-0870 Application Vulnerability Exploit
143.84.99.114	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	US TO-S-2020-0870 Application Vulnerability Exploit
143.92.36.12	24	RR	None	2020-12-22 00:00:00	2021-03-22 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=12,KH)
143.92.40.130	32	wmp	None	2021-04-20 00:00:00	2021-07-20 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=130,HK)
143.92.45.244	24	RR	None	2020-12-25 00:00:00	2021-03-25 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=244,HK)
143.92.48.216	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	KH TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
143.92.48.38	24	EE	None	2021-08-11 00:00:00	2021-11-09 00:00:00	None	HIVE Case #5975 IOC_Anatomy of Native IIS Malware (IP=38,HK)
143.92.59.4	24	EE	None	2021-04-13 00:00:00	2021-07-12 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attack (IP=4,KH)
143.92.59.88	32	dbc	None	2020-05-22 00:00:00	2021-05-27 00:00:00	None	Unafilliated TO-S-2020-0559 Malicious Email Activity | updated by dbc Block expiration extended with reason Unafilliated TO-S-2020-0559.01 Malicious Email Activity
143.95.101.72	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malware Activity
143.95.103.93	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
143.95.147.233	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	US TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
143.95.229.16	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
143.95.238.130	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=130,US)
143.95.244.200	32	dbc	None	2020-09-23 00:00:00	2021-09-23 00:00:00	None	US TO-S-2020-0826 Hive Case 3950 Malicious Email Activity
143.95.41.123	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
143.95.43.72	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=72,US)
143.95.73.224	32	NAB	None	2020-10-28 00:00:00	2021-01-26 00:00:00	None	HIVE Case #4192 COLS-NA-TIP-20-0322 (IP=224,US)
143.95.79.242	32	wmp	None	2020-09-15 00:00:00	2021-10-29 00:00:00	None	HIVE Case #3853 TO-S-2020-0804 COLS-NA-TIP-20-0291 (IP=242,US) | updated by dbc Block expiration extended with reason US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
143.95.80.46	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	US TO-S-2020-0535 Malware Activity
143.95.91.230	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	US TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
144.126.210.215	32	RW	None	2021-02-18 00:00:00	2021-05-18 00:00:00	None	SERVER-APACHE Apache Struts remote code execution attempt - GET parameter - Sourcefire (IP=215,US)
144.126.211.17	32	wmp	None	2021-02-18 00:00:00	2021-05-18 00:00:00	None	Imperva Nuclei Vulnerability Scanner (IP=17,US)
144.126.211.43	32	KD	None	2021-06-08 00:00:00	2021-09-07 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt- Web Attacks (IP=43,US)
144.126.213.120	32	RR	None	2021-02-18 00:00:00	2021-05-19 00:00:00	None	SERVER-WEBAPP vBulletin template rendering arbitrary PHP code execution attempt - SourceFire (IP=120,US)
144.126.213.210	32	wmp	None	2021-03-11 00:00:00	2021-06-11 00:00:00	None	FireEye IPS File /etc/passwd Access Attempt Detect (IP=210,US)
144.126.215.161	32	RW	None	2021-02-16 00:00:00	2021-05-16 00:00:00	None	Nuclei Vulnerability Scanner - Fireeye IPS (IP=161,US)
144.126.215.52	32	GM	None	2021-02-04 00:00:00	2021-05-04 00:00:00	None	SQL injection - Web Attacks (IP=52,US)
144.126.217.192	32	RW	None	2021-02-16 00:00:00	2021-05-16 00:00:00	None	Nuclei Vulnerability Scanner - Fireeye IPS (IP=192,US)
144.126.217.231	32	RW	None	2021-03-10 00:00:00	2021-06-10 00:00:00	None	HTTP: Adobe ColdFusion Directory Traversal Information Disclosure Vulnerability - 6hr web attacks (IP=231,US)
144.126.219.150	32	wmp	None	2021-02-10 00:00:00	2021-05-10 00:00:00	None	FireEye IPS Nuclei Vulnerability Scanner (IP=150,US)
144.126.219.204	32	BMP	None	2021-02-16 00:00:00	2021-05-16 00:00:00	None	HTTP: Apache mod_cgi Bash Environment Variable Code Injection - 6hr Web Attacks (IP=204,US) | updated by RW Block expiration extended with reason Nuclei Vulnerability Scanner - Fireeye IPS (IP=204,US)
144.126.219.53	32	wmp	None	2021-02-10 00:00:00	2021-05-10 00:00:00	None	FireEye IPS Nuclei Vulnerability Scanner (IP=53,US)
144.126.219.73	32	BMP	None	2021-03-08 00:00:00	2021-06-08 00:00:00	None	HTTP: SQL Injection - Exploit - 6hr Web Attacks (IP=73,US)
144.126.220.184	32	RR	None	2021-02-18 00:00:00	2021-05-19 00:00:00	None	SERVER-WEBAPP vBulletin template rendering arbitrary PHP code execution attempt - SourceFire (IP=184,US)
144.126.221.134	32	wmp	None	2021-02-09 00:00:00	2021-05-09 00:00:00	None	FireEye IPS Nuclei Vulnerability Scan Activity (IP=134,US)
144.126.221.171	32	RW	None	2021-02-18 00:00:00	2021-05-18 00:00:00	None	SERVER-APACHE Apache Struts remote code execution attempt - GET parameter - Sourcefire (IP=171,US)
144.126.222.130	32	wmp	None	2021-02-10 00:00:00	2021-05-10 00:00:00	None	FireEye IPS Nuclei Vulnerability Scanner (IP=130,US)
144.126.222.14	32	RW	None	2021-02-18 00:00:00	2021-05-18 00:00:00	None	SERVER-APACHE Apache Struts remote code execution attempt - GET parameter - Sourcefire (IP=14,US)
144.126.222.55	32	wmp	None	2021-02-10 00:00:00	2021-05-10 00:00:00	None	FireEye IPS Nuclei Vulnerability Scanner (IP=55,US)
144.126.222.79	32	wmp	None	2021-02-10 00:00:00	2021-05-10 00:00:00	None	FireEye IPS Nuclei Vulnerability Scanner (IP=79,US)
144.126.223.27	32	RW	None	2021-02-16 00:00:00	2021-05-16 00:00:00	None	Nuclei Vulnerability Scanner - Fireeye IPS (IP=27,US)
144.126.223.40	32	wmp	None	2021-02-25 00:00:00	2021-05-26 00:00:00	None	FireEye IPS Nuclei Vulnerability Scanner (IP=40,US)
144.127.249.23	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	NO Hive Case 4237 TO-S-2021-0910 Malicious Reconnaissance Activity
144.132.18.25	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	AU TO-S-2020-0298 Malicious Email Activity
144.137.29.26	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	AU Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
144.140.214.82	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	AU TO-S-2020-0303 Malicious Email Activity
144.168.164.26	32	DT	None	2021-03-14 00:00:00	2021-06-14 00:00:00	None	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00678 (IP=26,CA)
144.168.41.90	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
144.172.64.52	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	US TO-S-2021-1007 Malicious Email Activity
144.172.67.119	32	ZH	None	2021-07-20 00:00:00	2021-10-18 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt (1:28556:3) - Sourcefire Rpt (IP=119,US)
144.202.115.141	32	RB	None	2021-03-11 00:00:00	2021-06-09 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=141,US)
144.202.243.18	32	JKC	None	2020-06-11 00:00:00	2021-06-11 00:00:00	None	Malicious IP Hive Case 2987 COLS-NA TIP 20-0165 CTO 20-156 (ip=18, US)
144.202.26.75	32	EE	None	2021-03-22 00:00:00	2021-06-20 00:00:00	None	HTTP: PHP File Upload Vulnerability Detected - Web Attack (IP=75,US)
144.202.77.96	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	US Hive Case 4237 TO-S-2021-0910 Malware Activity
144.204.16.1	32	kmw	None	2020-01-02 00:00:00	2021-01-02 00:00:00	None	FR TO-S-2020-0228 Malicious Email Activity
144.208.125.150	32	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5629 TO-S-2021-1303 (IP=150,US)
144.208.64.39	32	NAB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HIVE Case #5136 TO-S-21-1197 TO-S-21-1197.01 (IP=39,US)
144.208.65.76	32	TLM	None	2021-07-29 00:00:00	2021-10-27 00:00:00	None	HIVE Case #5884 TO-S-2021-1435 (IP=76,US)
144.208.71.115	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	US TO-S-2020-0303 Malware Activity
144.208.75.114	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	US TO-S-2021-1007 Malicious Email Activity
144.217.113.192	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	CA TO-S-2020-0493 Malware Activity
144.217.126.189	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	CA Hive Case 4237 TO-S-2021-0910 Malicious Reconnaissance Activity
144.217.129.208	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	CA TO-S-2020-0303 Malicious Email Activity
144.217.207.84	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	CA Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
144.217.250.195	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	Unaffiliated TO-S-2020-0535 Malicious Email Activity
144.217.252.7	24	EE	None	2021-04-04 00:00:00	2021-07-03 00:00:00	None	Unauthorized Access-Probe UDP: Host Sweep TT# 21C00959 (IP=7,CA)
144.217.255.89	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	CA TO-S-2021-1007 Malware Activity
144.217.34.153	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	CA TO-S-2021-0876 Hive Case 4166 Malicious Web Application Activity
144.217.50.246	24	EE	None	2021-08-18 00:00:00	2021-11-15 00:00:00	None	HIVE Case #5918 IOC_LOKIBOT (IP=246,CA)
144.217.50.246	24	EE	None	2021-08-18 00:00:00	2021-11-15 00:00:00	None	HIVE Case #5918 IOC_LOKIBOT (IP=246,CA)
144.217.60.211	24	EE	None	2021-04-13 00:00:00	2021-07-12 00:00:00	None	SERVER-WEBAPP RevSlider information disclosure attempt - Web Attack (IP=211,CA)
144.217.68.19	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	CA TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
144.217.77.48	24	BMP	None	2021-02-02 00:00:00	2021-05-02 00:00:00	None	Unauthorized Access-Probe / UDP Host Sweep - TT# 21C00457 (IP=48,CA)
144.217.80.80	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	CA TO-S-2020-0331 Malware Activity
144.34.168.192	32	wmp	None	2020-10-22 00:00:00	2021-01-20 00:00:00	None	HIVE Case #4172 CTO-20-295 (IP=192,US)
144.48.240.91	24	SW	None	2021-07-31 00:00:00	2021-10-29 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt (1:19559:13) - SourceFire (IP=91, HK)
144.48.36.145	32	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	AU TO-S-2020-0315 Malicious Web Application Activity
144.48.69.166	24	KD	None	2021-09-04 00:00:00	2021-12-03 00:00:00	None	SERVER-WEBAPP Atlassian Confluence OGNL injection remote code execution attempt (1:58094:1) - SOURCEFIRE REPORT (IP=166,HK)
144.48.82.168	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	MM Hive Case 4187 TO-S-2021-0898 Command and Control Exploit
144.48.82.216	32	dbc	None	2020-08-26 00:00:00	2021-08-26 00:00:00	None	NL TO-S-2020-0758 Malicious Web Application Activity
144.76.115.28	32	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5637 TO-S-2021-1321 (IP=28,DE)
144.76.117.26	32	NAB	None	2021-04-05 00:00:00	2021-07-04 00:00:00	None	HIVE Case #5201 TO-S-21-1209 (IP=26,DE)
144.76.162.70	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	DE TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
144.76.165.117	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	DE Hive Case 4187 TO-S-2021-0898 Malicious Web Application Activity
144.76.183.242	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	DE TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
144.76.19.167	32	dbc	None	2020-01-08 00:00:00	2021-01-08 00:00:00	None	DE TO-S-2020-0236 Malware Activity
144.76.223.43	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	DE TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
144.76.54.86	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	DE TO-S-2020-0698 Malicious Email Activity
144.76.96.142	32	NAB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HIVE Case #5136 TO-S-21-1197 TO-S-21-1197.01 (IP=142,DE)
144.76.96.82	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	DE Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
144.9.50.77	32	dbc	None	2020-05-22 00:00:00	2021-05-27 00:00:00	None	Unafilliated TO-S-2020-0559 Malicious Email Activity | updated by dbc Block expiration extended with reason Unafilliated TO-S-2020-0559.01 Malicious Email Activity
144.91.113.66	24	RR	None	2021-09-07 00:00:00	2021-12-06 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=66,DE)
144.91.115.46	32	wmp	None	2020-07-29 00:00:00	2021-10-08 00:00:00	None	HIVE Case #3421 COLS-NA-TIP-20-0234 (IP=46,DE) | updated by dbc Block expiration extended with reason HIVE Case #4064 TO-S-2020-0859 (IP=46,DE)
144.91.118.102	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	DE Hive Case 4237 TO-S-2021-0910 Malware Activity
144.91.119.160	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	DE TO-S-2020-0698 Malware Activity
144.91.121.126	24	BMP	None	2021-03-25 00:00:00	2021-06-23 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=126,DE)
144.91.124.22	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=22,DE)
144.91.127.82	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	DE TO-S-2021-0876 Hive Case 4166 Malware Activity
144.91.68.96	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	DE Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
144.91.70.164	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	DE TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
144.91.75.37	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	DE Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
144.91.81.242	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	DE Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
144.91.83.19	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	DE Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
144.91.91.116	32	KF	None	2019-11-04 00:00:00	2021-10-29 00:00:00	None	Generic ArcSight scan attempt (IP=116,US) | updated by dbc Block was inactive. Reactivated on 20201029 with reason DE Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
145.131.30.248	32	kmw	None	2020-01-02 00:00:00	2021-01-02 00:00:00	None	NL TO-S-2020-0228 Malicious Email Activity
145.131.31.20	32	dbc	None	2020-09-23 00:00:00	2021-09-23 00:00:00	None	NL TO-S-2020-0826 Hive Case 3950 Malicious Email Activity
145.220.25.28	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	NL Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
145.255.0.161	32	jkc	None	2020-06-26 00:00:00	2021-06-26 00:00:00	None	Case # 3146 - IOC_ CTO 20-172 malicious callback IP (ip=161,RU)
145.255.2.185	32	jkc	None	2020-06-26 00:00:00	2021-06-26 00:00:00	None	Case # 3146 - IOC_ CTO 20-172 malicious callback IP (ip=185,RU)
145.255.3.208	32	jkc	None	2020-06-26 00:00:00	2021-06-26 00:00:00	None	Case # 3146 - IOC_ CTO 20-172 malicious callback IP (ip=208,RU)
146.0.35.70	32	NAB	None	2020-10-28 00:00:00	2021-01-26 00:00:00	None	HIVE Case #4192 COLS-NA-TIP-20-0322 (IP=70,DE)
146.0.60.0	22	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=0,KZ)
146.148.9.233	24	GM	None	2021-03-29 00:00:00	2021-06-29 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=233,BE)
146.164.126.197	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	BR Hive Case 4187 TO-S-2021-0898 Malware Activity
146.177.17.16	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	GB TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
146.185.219.132	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	IL TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
146.185.219.144	32	dbc	None	2020-09-17 00:00:00	2021-09-17 00:00:00	None	IL TO-S-2020-0805 Malicious Email Activity
146.185.219.151	32	NAB	None	2021-03-08 00:00:00	2021-06-06 00:00:00	None	HIVE Case #5021 TO-S-2021-1116 COLS-NA-TIP-21-0047 (IP=151,IL)
146.196.106.217	24	GM	None	2021-02-12 00:00:00	2021-05-12 00:00:00	None	SERVER-WEBAPP LifeRay arbitrary Java object deserialization attempt - Web Attack (IP=217,HK)
146.196.33.86	24	RB	None	2021-04-27 00:00:00	2021-07-26 00:00:00	None	SQL injection - 6hr web attacks (IP=86,IN)
146.196.33.86	24	RB	None	2021-04-27 00:00:00	2021-07-26 00:00:00	None	SQL injection - 6hr web attacks (IP=86,IN)
146.196.43.0	24	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	ID Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
146.196.54.172	24	GM	None	2021-03-29 00:00:00	2021-06-29 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=172,HK)
146.196.65.0	24	dbc	None	2020-03-24 00:00:00	2021-03-24 00:00:00	None	US TO-S-2020-0369 Malicious Email Activity
146.20.112.65	32	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	US TO-S-2020-0315 Malicious Email Activity
146.255.68.0	24	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	MK Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
146.56.194.189	24	CR	None	2020-12-30 00:00:00	2021-04-01 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Sourcefire (IP=189,CN)
146.56.203.50	24	RR	None	2020-11-09 00:00:00	2021-02-07 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Web Attacks (IP=50,CN)
146.56.219.98	24	RB	None	2020-11-16 00:00:00	2021-02-14 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Sourcefire (IP=98,CN)
146.59.132.184	32	wmp	None	2021-02-08 00:00:00	2021-05-08 00:00:00	None	Firepower Suspicious Scan Activity (IP=184,NO)
146.59.151.176	32	EE	None	2021-03-10 00:00:00	2021-06-08 00:00:00	None	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00666 (IP=176,FR)
146.59.151.192	24	EE	None	2021-04-02 00:00:00	2021-07-01 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=192,NO)
146.59.153.145	24	EE	None	2021-03-27 00:00:00	2021-06-25 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=145,FR)
146.59.153.145	24	EE	None	2021-03-27 00:00:00	2021-06-25 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=145,NO)
146.59.18.8	32	TLM	None	2021-07-29 00:00:00	2021-10-27 00:00:00	None	HIVE Case #5884 TO-S-2021-1435 (IP=8,FR)
146.59.195.190	32	CR	None	2021-05-26 00:00:00	2021-08-24 00:00:00	None	Attempted Access - Inbound Brute Force - TT# 21C01201 (IP=190,FR)
146.59.195.190	32	CR	None	2021-05-26 00:00:00	2021-08-24 00:00:00	None	Attempted Access - Inbound Brute Force - TT# 21C01201 (IP=190,FR) Attempted Access - Inbound Brute Force - TT# 21C01201 (IP=190,FR)
146.59.195.190	24	BMP	None	2021-03-30 00:00:00	2021-06-28 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - 6hr Web Attacks (IP=190,NO)
146.59.230.81	24	BMP	None	2021-04-01 00:00:00	2021-06-30 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=81,NO)
146.71.124.50	32	dbc	None	2020-05-13 00:00:00	2021-05-13 00:00:00	None	Unaffiliated TO-S-2020-0503 Malicious Email Activity
146.71.79.198	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	US TO-S-2020-0298 Malicious Email Activity
146.71.85.20	32	RW	None	2020-11-05 00:00:00	2021-02-05 00:00:00	None	Malicious IP - Hive Case 4259 (IP=20,US)
146.83.204.0	24	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,CL)
146.88.18.91	32	TLM	None	2021-07-29 00:00:00	2021-10-27 00:00:00	None	HIVE Case #5884 TO-S-2021-1435 (IP=91,AU)
146.88.236.54	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=54,FR)
146.88.236.84	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	FR TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
146.88.24.0	22	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	IN TO-S-2020-0838 Malicious Email Activity
147.135.103.243	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
147.135.11.155	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	US TO-S-2020-0698 Malicious Email Activity
147.135.130.69	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	FR TO-S-2020-0493 Malware Activity
147.135.161.113	32	NAB	None	2021-04-05 00:00:00	2021-07-04 00:00:00	None	HIVE Case #5201 TO-S-21-1209 (IP=113,ES)
147.135.165.22	32	GM	None	2021-04-16 00:00:00	2021-07-16 00:00:00	None	Attempted Access - Inbound Brute Force - TT # 21C01020 (IP=22,FR)
147.135.192.204	32	kmw	None	2020-01-02 00:00:00	2021-01-02 00:00:00	None	FR TO-S-2020-0228 Malicious Email Activity
147.135.204.64	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	FR Hive Case 4187 TO-S-2021-0898 Malicious Web Application Activity
147.135.46.125	32	dbc	None	2020-09-17 00:00:00	2021-09-17 00:00:00	None	US TO-S-2020-0805 Malicious Email Activity
147.135.68.51	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	US TO-S-2020-0493 Malware Activity
147.139.135.29	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	ID Hive Case 4187 TO-S-2021-0898 Malicious Web Application Activity
147.139.161.157	24	DT	None	2021-03-30 00:00:00	2021-06-28 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=157,ID)
147.139.181.212	24	BMP	None	2021-03-30 00:00:00	2021-06-28 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=212,ID)
147.139.182.225	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=225,ID)
147.139.192.220	24	EE	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attack (IP=220,ID)
147.139.36.75	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	IN TO-S-2021-1007 Malicious Reconnaissance Activity
147.139.4.93	32	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	IN TO-S-2020-0315 Malicious Email Activity
147.139.40.190	32	jkc	None	2021-04-21 00:00:00	2021-10-21 00:00:00	None	Case # 5273 IOC_TO-S-2021-1233 Malicious callback IP
147.158.1.238	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	MY Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
147.158.160.0	19	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	MY Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
147.158.98.113	32	dbc	None	2020-03-24 00:00:00	2021-03-24 00:00:00	None	MY TO-S-2020-0369 Malicious Email Activity
147.182.128.208	32	BMP	None	2021-06-22 00:00:00	2021-09-20 00:00:00	None	rConfig SQL Injection Vulnerability - 6hr Web Attacks (IP=208,US)
147.182.128.246	32	BMP	None	2021-06-22 00:00:00	2021-09-20 00:00:00	None	rConfig SQL Injection Vulnerability - 6hr Web Attacks (IP=246,US)
147.182.128.75	32	DT	None	2021-06-24 00:00:00	2021-09-22 00:00:00	None	SERVER-WEBAPP Cisco ASA directory traversal attempt (3:54598:2) - Source Fire (IP=75,US)
147.182.128.85	32	DT	None	2021-06-24 00:00:00	2021-09-22 00:00:00	None	SERVER-WEBAPP Jenkins Groovy metaprogramming remote code execution attempt (1:49499:1) - Source Fire (IP=85,US)
147.182.132.39	32	UA	None	2021-09-01 00:00:00	2021-11-30 00:00:00	None	SQL injection - 6hr web attacks (IP=39,US)
147.182.133.134	32	BMP	None	2021-06-23 00:00:00	2021-09-21 00:00:00	None	SQL injection - 6hr Web Attacks (IP=134,US)
147.182.133.137	32	BMP	None	2021-06-23 00:00:00	2021-09-21 00:00:00	None	SQL injection - 6hr Web Attacks (IP=137,US)
147.182.133.153	32	BMP	None	2021-06-23 00:00:00	2021-09-21 00:00:00	None	SQL injection - 6hr Web Attacks (IP=153,US)
147.182.133.154	32	BMP	None	2021-06-23 00:00:00	2021-09-21 00:00:00	None	SQL injection - 6hr Web Attacks (IP=154,US)
147.182.133.159	32	BMP	None	2021-06-23 00:00:00	2021-09-21 00:00:00	None	SQL injection - 6hr Web Attacks (IP=159,US)
147.182.133.161	32	BMP	None	2021-06-23 00:00:00	2021-09-21 00:00:00	None	SQL injection - 6hr Web Attacks (IP=161,US)
147.182.133.169	32	BMP	None	2021-06-23 00:00:00	2021-09-21 00:00:00	None	SQL injection - 6hr Web Attacks (IP=169,US)
147.182.133.174	32	BMP	None	2021-06-23 00:00:00	2021-09-21 00:00:00	None	SQL injection - 6hr Web Attacks (IP=174,US)
147.182.135.117	32	KH	None	2021-07-13 00:00:00	2021-10-11 00:00:00	None	Self Report/SQL Injection Attempts - TT# 21C01432 (IP=117,US)
147.182.135.64	32	BMP	None	2021-06-25 00:00:00	2021-09-23 00:00:00	None	SQL injection - 6hr Web Attacks (IP=64,US)
147.182.136.0	24	ZH	None	2021-08-03 00:00:00	2021-11-01 00:00:00	None	Self-Report: URL manipulation incl. path traversal and other fingerprinting - TT# 21C01510 (IP=0,US)
147.182.136.21	32	BMP	None	2021-06-22 00:00:00	2021-09-20 00:00:00	None	rConfig SQL Injection Vulnerability - 6hr Web Attacks (IP=21,US)
147.182.136.28	32	BMP	None	2021-06-22 00:00:00	2021-09-20 00:00:00	None	rConfig SQL Injection Vulnerability - 6hr Web Attacks (IP=28,US)
147.182.136.30	32	DT	None	2021-06-24 00:00:00	2021-09-22 00:00:00	None	INDICATOR-OBFUSCATION select concat statement - possible sql injection (1:19437:6) - Source Fire (IP=30,US)
147.182.136.47	32	DT	None	2021-06-24 00:00:00	2021-09-22 00:00:00	None	SERVER-APACHE Apache Tomcat remote JSP file upload attempt (1:44531:3) - Source Fire (IP=47,US)
147.182.136.58	32	DT	None	2021-06-24 00:00:00	2021-09-22 00:00:00	None	SQL injection - Web Attacks (IP=58,US)
147.182.136.77	32	DT	None	2021-06-24 00:00:00	2021-09-22 00:00:00	None	SERVER-WEBAPP WordPress Yuzo Related Posts plugin cross site scripting attempt (1:49796:1) - Source Fire (IP=77,US)
147.182.136.83	32	ZH	None	2021-08-02 00:00:00	2021-10-31 00:00:00	None	Malware Object Download - FE Alerts (IP=83,US)
147.182.137.29	32	BMP	None	2021-06-23 00:00:00	2021-09-21 00:00:00	None	OS-OTHER Bash CGI environment variable injection attempt - 6hr Web Attacks (IP=29,US)
147.182.139.251	32	KD	None	2021-08-24 00:00:00	2021-11-22 00:00:00	None	SQL injection - Web Attacks (IP=251,US)
147.182.139.84	32	RR	None	2021-08-31 00:00:00	2021-11-29 00:00:00	None	SQL injection - Web Attacks (IP=84,US)
147.182.141.191	32	ZH	None	2021-07-13 00:00:00	2021-10-11 00:00:00	None	SQL injection - 6hr Web Attacks (IP=191,US)
147.182.142.53	32	RR	None	2021-08-31 00:00:00	2021-11-29 00:00:00	None	Command Injection - Automated Block (IP=53,US)
147.182.143.3	32	RB	None	2021-09-14 00:00:00	2021-12-13 00:00:00	None	ColdFusion error - TT# 21C01847 (IP=3,US)
147.182.161.116	32	SW	None	2021-08-10 00:00:00	2021-11-08 00:00:00	None	SERVER-APACHE Apache Struts2 blacklisted method redirect (1:27244:6) - SourceFire (IP=116, US)
147.182.161.166	32	SW	None	2021-07-22 00:00:00	2021-10-20 00:00:00	None	SQL injection - WebAttacks (IP=166, US)
147.182.164.149	32	UA	None	2021-09-01 00:00:00	2021-11-30 00:00:00	None	SQL injection - 6hr web attacks (IP=149,US)
147.182.164.151	32	KD	None	2021-08-24 00:00:00	2021-11-22 00:00:00	None	HTTP: PHP File Inclusion Vulnerability- Web Attacks (IP=151,US)
147.182.164.251	32	CR	None	2021-07-07 00:00:00	2021-10-05 00:00:00	None	File /etc/passwd Access Attempt Detect - IPS Events (IP=251,US)
147.182.165.19	32	KD	None	2021-08-24 00:00:00	2021-11-22 00:00:00	None	SQL injection - Web Attacks (IP=19,US)
147.182.165.213	32	KH	None	2021-09-11 00:00:00	2021-12-10 00:00:00	None	SERVER-WEBAPP JBoss JMX console access attempt (1:21516:9) - Sourcefire (IP=213,US)
147.182.166.123	32	KD	None	2021-08-24 00:00:00	2021-11-22 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - TT# 21C01587 (IP=123,US)
147.182.166.209	32	RW	None	2021-07-01 00:00:00	2021-10-01 00:00:00	None	External IP attempting to exploit web server - Fireeye Web (IP=209,US)
147.182.166.219	32	RW	None	2021-07-01 00:00:00	2021-10-01 00:00:00	None	External IP attempting to exploit web server - Fireeye Web (IP=219,US)
147.182.168.23	32	KD	None	2021-08-24 00:00:00	2021-11-22 00:00:00	None	SQL injection - Web Attacks (IP=23,US)
147.182.169.20	32	KD	None	2021-08-24 00:00:00	2021-11-22 00:00:00	None	SQL injection - Web Attacks (IP=20,US)
147.182.169.242	32	AR	None	2021-08-21 00:00:00	2021-11-19 00:00:00	None	SQL injection - 6Hr Web Attack (IP=242,US)
147.182.170.98	32	KD	None	2021-08-24 00:00:00	2021-11-22 00:00:00	None	SQL injection - Web Attacks (IP=98,US)
147.182.171.126	32	ZH	None	2021-08-22 00:00:00	2021-11-20 00:00:00	None	SQL injection - 6hr Web Attacks (IP=126,US)
147.182.172.19	32	CR	None	2021-07-07 00:00:00	2021-10-05 00:00:00	None	File /etc/passwd Access Attempt Detect - IPS Events (IP=19,US)
147.182.172.33	32	BMP	None	2021-08-15 00:00:00	2021-11-13 00:00:00	None	SERVER-WEBAPP SAP NetWeaver xMII directory traversal attempt (1:38988:2) - SoureFire (IP=33,US)
147.182.174.100	32	RW	None	2021-07-01 00:00:00	2021-10-01 00:00:00	None	External IP attempting to exploit web server - Fireeye Web (IP=100,US)
147.182.174.111	32	RW	None	2021-07-01 00:00:00	2021-10-01 00:00:00	None	External IP attempting to exploit web server - Fireeye Web (IP=111,US)
147.182.174.114	32	RW	None	2021-07-01 00:00:00	2021-10-01 00:00:00	None	External IP attempting to exploit web server - Fireeye Web (IP=114,US)
147.182.174.116	32	KH	None	2021-08-06 00:00:00	2021-11-04 00:00:00	None	Possible Cross-site Scripting Attack - FE IPS (IP=116,US)
147.182.174.134	32	RW	None	2021-07-01 00:00:00	2021-10-01 00:00:00	None	External IP attempting to exploit web server - Fireeye Web (IP=134,US)
147.182.174.80	32	RW	None	2021-07-01 00:00:00	2021-10-01 00:00:00	None	External IP attempting to exploit web server - Fireeye Web (IP=80,US)
147.182.174.85	32	RW	None	2021-07-01 00:00:00	2021-10-01 00:00:00	None	External IP attempting to exploit web server - Fireeye Web (IP=85,US)
147.182.174.90	32	RW	None	2021-07-01 00:00:00	2021-10-01 00:00:00	None	External IP attempting to exploit web server - Fireeye Web (IP=90,US)
147.182.176.145	32	UA	None	2021-09-01 00:00:00	2021-11-30 00:00:00	None	Adobe SQL injection - 6hr web attacks (IP=145,US)
147.182.177.199	32	AR	None	2021-08-21 00:00:00	2021-11-19 00:00:00	None	SQL injection - 6Hr Web Attack (IP=199,US)
147.182.179.17	32	SW	None	2021-08-10 00:00:00	2021-11-08 00:00:00	None	SERVER-WEBAPP Netgear passwordrecovered.cgi insecure admin password disclosure attempt (1:41504:3) - SourceFire (IP=17, US)
147.182.179.71	32	KH	None	2021-08-31 00:00:00	2021-11-29 00:00:00	None	File /etc/passwd Access Attempt Detect - FE IPS (IP=71,US)
147.182.179.71	24	RR	None	2021-08-31 00:00:00	2021-11-29 00:00:00	None	Command Injection - Automated Block (IP=71,US)
147.182.183.55	32	UA	None	2021-07-11 00:00:00	2021-10-09 00:00:00	None	SQL injection - Web Attacks (IP=55,US)
147.182.183.71	32	UA	None	2021-07-11 00:00:00	2021-10-09 00:00:00	None	SERVER-ORACLE Oracle iPlanet Web Server unauthenticated information disclosure attempt (1:54214:1) - Sourcefire (IP=71,US)
147.182.183.72	32	UA	None	2021-07-11 00:00:00	2021-10-09 00:00:00	None	SQL injection - Web Attacks (IP=72,US)
147.182.183.73	32	UA	None	2021-07-11 00:00:00	2021-10-15 00:00:00	None	SQL injection - Web Attacks (IP=73,US) | updated by RR Block expiration extended with reason Command Injection (IP=73,US) | updated by RR Block expiration extended with reason Command Injection - Web Attacks (IP=73,US)
147.182.183.74	32	UA	None	2021-07-11 00:00:00	2021-10-09 00:00:00	None	SQL injection - Web Attacks (IP=74,US)
147.182.183.75	32	UA	None	2021-07-11 00:00:00	2021-10-09 00:00:00	None	SQL injection - Web Attacks (IP=75,US)
147.182.183.80	32	UA	None	2021-07-11 00:00:00	2021-10-09 00:00:00	None	SQL injection - Web Attacks (IP=80,US)
147.182.183.91	32	UA	None	2021-07-11 00:00:00	2021-10-09 00:00:00	None	SQL injection - Web Attacks (IP=91,US)
147.182.184.185	32	ZH	None	2021-07-13 00:00:00	2021-10-15 00:00:00	None	SQL injection - 6hr Web Attacks (IP=185,US) | updated by RR Block expiration extended with reason SERVER-WEBAPP vBulletin template rendering arbitrary PHP code execution attempt (IP=185,US) | updated by RR Block expiration extended with reason SERVER-WEBAPP vBulletin template rendering arbitrary PHP code execution attempt - Web Attacks (IP=185,US)
147.182.185.63	32	UA	None	2021-07-11 00:00:00	2021-10-15 00:00:00	None	SQL injection - Web Attacks (IP=63,US) | updated by RR Block expiration extended with reason Command Injection (IP=63,US) | updated by RR Block expiration extended with reason Command Injection - Web Attacks (IP=63,US)
147.182.187.0	24	ZH	None	2021-08-03 00:00:00	2021-11-01 00:00:00	None	Self-Report: URL manipulation incl. path traversal and other fingerprinting - TT# 21C01508 (IP=0,US)
147.182.187.19	32	UA	None	2021-08-03 00:00:00	2021-11-01 00:00:00	None	SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1272 attack attempt - 6hr Web Attacks (IP=19,US)
147.182.189.165	24	RR	None	2021-08-31 00:00:00	2021-11-29 00:00:00	None	Command Injection - Automated Block (IP=165,US)
147.182.210.148	32	BB	None	2021-08-19 00:00:00	2021-11-17 00:00:00	None	HTTP SQL Injection Attempt - Web Attacks (IP=148,US)
147.182.210.148	24	RR	None	2021-08-19 00:00:00	2021-11-17 00:00:00	None	Command Injection - Automated Block (IP=148,US)
147.182.212.50	32	RR	None	2021-08-30 00:00:00	2021-11-28 00:00:00	None	Possible Cross-site Scripting Attack - IPS Events (IP=20,US)
147.182.220.176	32	KH	None	2021-08-06 00:00:00	2021-11-04 00:00:00	None	Possible Cross-site Scripting Attack - FE IPS (IP=176,US)
147.182.220.48	32	KH	None	2021-08-06 00:00:00	2021-11-04 00:00:00	None	Possible Cross-site Scripting Attack - FE IPS (IP=48,US)
147.182.220.83	32	KH	None	2021-08-06 00:00:00	2021-11-04 00:00:00	None	File /etc/passwd Access Attempt Detect - FE IPS (IP=83,US)
147.182.243.33	32	AR	None	2021-08-30 00:00:00	2021-11-28 00:00:00	None	SQL injection – 6hr Web Attack (IP=33,US)
147.182.80.16	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=16,US)
147.192.99.236	24	WR	None	2021-07-26 00:00:00	2021-10-24 00:00:00	None	Self-report - URL variable string manipulation including SQL - TT# 21C01482 (IP=236,JP)
147.30.244.0	22	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	KZ TO-S-2020-0838 Malware Activity
147.91.111.156	24	EE	None	2021-02-07 00:00:00	2021-05-08 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6 HR Failed Logons (IP=156,RS)
148.0.128.125	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	DO TO-S-2020-0303 Malicious Email Activity
148.103.136.0	22	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,DO)
148.129.129.15	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	US TO-S-2020-0298 Malware Activity
148.163.121.26	32	TLM	None	2021-06-10 00:00:00	2021-12-10 00:00:00	None	HIVE CASE #5606 TO-S-2021-1338
148.163.122.12	32	wmp	None	2020-08-26 00:00:00	2021-10-08 00:00:00	None	HIVE Case #3650 COLS-NA-TIP-20-0271 (IP=12,US) | updated by dbc Block expiration extended with reason HIVE Case #4064 TO-S-2020-0859 (IP=12,US)
148.163.81.2	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=2,US)
148.240.234.190	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	MX TO-S-2020-0298 Malicious Email Activity
148.251.160.39	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	DE TO-S-2020-0535 Malware Activity
148.251.23.50	32	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	DE TO-S-2020-0315 Malicious Email Activity
148.251.27.249	24	RR	None	2020-10-12 00:00:00	2021-01-10 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=249,DE)
148.251.45.170	32	dbc	None	2021-01-20 00:00:00	2021-01-21 00:00:00	None	DE TO-S-2021-1037 Hive Case 4785 Malicious Email Activity | unblocked IP is associated with URL urlscan.io which is used for analysis.
148.251.51.219	32	kmw	None	2020-01-02 00:00:00	2021-01-02 00:00:00	None	DE TO-S-2020-0228 Malicious Email Activity
148.251.70.130	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	DE TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
148.251.85.50	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	DE TO-S-2020-0493 Malware Activity
148.251.85.51	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	DE TO-S-2020-0493 Malware Activity
148.251.85.55	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	DE TO-S-2020-0493 Malware Activity
148.251.85.56	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	DE TO-S-2020-0493 Malware Activity
148.251.9.195	32	dbc	None	2020-06-10 00:00:00	2021-06-10 00:00:00	None	Unaffiliated TO-S-2020-0601 Malicious Email Activity
148.251.91.130	32	wmp	None	2021-03-01 00:00:00	2021-06-01 00:00:00	None	Firepower Suspicious Scan Activity (IP=130,DE)
148.62.44.75	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	US TO-S-2020-0331 Malicious Email Activity
148.66.128.52	24	GM	None	2021-04-03 00:00:00	2021-07-03 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=52,SG)
148.66.135.51	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	SG TO-S-2020-0459 Malware Activity
148.66.136.51	32	wmp	None	2020-09-22 00:00:00	2021-10-29 00:00:00	None	HIVE Case #3941 TO-S-2020-0821 COLS-NA-TIP-20-0298 (IP=51,SG) | updated by dbc Block expiration extended with reason SG Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
148.66.136.55	32	dbc	None	2020-09-17 00:00:00	2021-09-17 00:00:00	None	SG TO-S-2020-0805 Malicious Email Activity
148.66.136.7	32	wmp	None	2020-06-19 00:00:00	2021-08-24 00:00:00	None	HIVE Case #3038 CTO-20-168 (IP=7,SG) | updated by dbc Block expiration extended with reason SG TO-S-2020-0750 Malicious Email Activity
148.66.137.119	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	SG Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
148.66.137.17	32	wmp	None	2020-09-03 00:00:00	2021-10-21 00:00:00	None	HIVE Case #3770 TO-S-2020-0779 COLS-NA-TIP-20-0280 (IP=17,SG) | updated by dbc Block expiration extended with reason SG TO-S-2021-0876 Hive Case 4166 Malicious Web Application Activity
148.66.137.40	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	SG TO-S-2021-1007 Malicious Email Activity
148.66.138.103	32	wmp	None	2020-08-26 00:00:00	2021-10-08 00:00:00	None	HIVE Case #3650 COLS-NA-TIP-20-0271 (IP=103,SG) | updated by dbc Block expiration extended with reason HIVE Case #4064 TO-S-2020-0859 (IP=103,SG)
148.66.138.128	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	SG Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
148.66.138.140	32	wmp	None	2020-08-26 00:00:00	2021-10-08 00:00:00	None	HIVE Case #3650 COLS-NA-TIP-20-0271 (IP=140,SG) | updated by dbc Block expiration extended with reason HIVE Case #4064 TO-S-2020-0859 (IP=140,SG)
148.66.138.143	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	SG TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
148.66.138.157	32	dbc	None	2020-09-01 00:00:00	2021-09-01 00:00:00	None	SG HIVE Case #3744 TO-S-2020-0772 Malicious Email Activity
148.66.138.188	32	TLM	None	2021-07-29 00:00:00	2021-10-27 00:00:00	None	HIVE Case #5884 TO-S-2021-1435 (IP=188,SG)
148.66.139.56	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	SG Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
148.66.142.105	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	SG Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
148.66.142.171	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	SG TO-S-2020-0750 Malicious Email Activity
148.66.145.132	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	SG TO-S-2020-0459 Malware Activity
148.66.145.133	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	SG TO-S-2020-0459 Malware Activity
148.66.145.135	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	SG TO-S-2020-0459 Malware Activity
148.66.145.162	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	SG TO-S-2020-0459 Malware Activity
148.66.145.21	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	SG TO-S-2020-0459 Malware Activity
148.66.145.36	32	RW	None	2019-08-31 00:00:00	2021-04-23 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - TT# 19C03071 (IP=36,US) | updated by dbc Block was inactive. Reactivated on 20200423 with reason SG TO-S-2020-0459 Malware Activity
148.66.145.9	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	SG TO-S-2020-0459 Malware Activity
148.66.146.14	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	SG TO-S-2020-0459 Malware Activity
148.66.146.2	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	SG TO-S-2020-0459 Malware Activity
148.66.146.28	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	SG TO-S-2020-0459 Malware Activity
148.66.146.39	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	SG TO-S-2020-0459 Malware Activity
148.66.146.4	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	SG TO-S-2020-0459 Malware Activity
148.66.146.41	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	SG TO-S-2020-0459 Malware Activity
148.66.147.1	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	SG TO-S-2020-0459 Malware Activity
148.66.147.16	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	SG TO-S-2020-0459 Malware Activity
148.66.147.23	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	SG TO-S-2020-0459 Malware Activity
148.66.147.26	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	SG TO-S-2020-0459 Malware Activity
148.66.147.37	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	SG TO-S-2020-0459 Malware Activity
148.66.147.5	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	SG TO-S-2020-0459 Malware Activity
148.66.147.8	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	SG TO-S-2020-0459 Malware Activity
148.66.152.34	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	SG TO-S-2020-0459 Malware Activity
148.66.153.156	32	wmp	None	2020-08-26 00:00:00	2021-10-08 00:00:00	None	HIVE Case #3650 COLS-NA-TIP-20-0271 (IP=156,SG) | updated by dbc Block expiration extended with reason HIVE Case #4064 TO-S-2020-0859 (IP=156,SG)
148.66.153.158	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	SG TO-S-2020-0459 Malware Activity
148.66.153.190	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	SG TO-S-2020-0459 Malware Activity
148.66.153.52	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	SG TO-S-2020-0459 Malware Activity
148.66.158.188	32	RR	None	2019-07-16 00:00:00	2021-04-23 00:00:00	None	SQL HTTP URI blind injection attempt - 6hr Web Attacks (IP=188,US) | updated by dbc Block was inactive. Reactivated on 20200423 with reason SG TO-S-2020-0459 Malware Activity
148.66.159.102	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	SG TO-S-2020-0459 Malware Activity
148.66.159.130	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	SG TO-S-2020-0459 Malware Activity
148.66.159.87	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	SG TO-S-2020-0459 Malware Activity
148.66.48.0	20	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	HK Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
148.69.142.78	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=78,PT)
148.72.111.211	32	wmp	None	2020-08-25 00:00:00	2021-10-08 00:00:00	None	HIVE Case #3649 COLS-NA-TIP-20-0268 (IP=211,US) | updated by dbc Block expiration extended with reason HIVE Case #4064 TO-S-2020-0859 (IP=211,US)
148.72.144.110	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
148.72.144.180	32	dbc	None	2020-09-17 00:00:00	2021-09-17 00:00:00	None	US TO-S-2020-0805 Malicious Email Activity
148.72.15.42	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=42,US)
148.72.153.211	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	US TO-S-2021-1007 Malware Activity
148.72.192.212	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	US TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
148.72.193.46	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
148.72.194.128	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
148.72.195.6	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
148.72.200.221	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
148.72.200.231	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=231,US)
148.72.201.173	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
148.72.201.79	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	SG TO-S-2021-1007 Malware Activity
148.72.202.133	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
148.72.203.36	32	RB	None	2019-06-22 00:00:00	2021-04-23 00:00:00	None	SQL use of sleep function with and - likely SQL injection_Sourcefire (IP=36 US) | updated by dbc Block was inactive. Reactivated on 20200423 with reason US TO-S-2020-0459 Malware Activity
148.72.206.63	32	NAB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HIVE Case #5136 TO-S-21-1197 TO-S-21-1197.01 (IP=63,SG)
148.72.207.187	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	SG TO-S-2021-1007 Malware Activity
148.72.208.238	32	NAB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HIVE Case #5136 TO-S-21-1197 TO-S-21-1197.01 (IP=238,SG)
148.72.209.150	32	wmp	None	2020-08-19 00:00:00	2021-10-08 00:00:00	None	HIVE Case #3602 COLS-NA-TIP-20-0261 (IP=150,US) | updated by dbc Block expiration extended with reason HIVE Case #4064 TO-S-2020-0859 (IP=150,US)
148.72.23.220	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	US TO-S-2021-1007 Malware Activity
148.72.232.117	32	RR	None	2019-09-17 00:00:00	2021-04-23 00:00:00	None	performing traffic against HRC IP space - TT# 19C03275 (IP=117,US) | updated by dbc Block was inactive. Reactivated on 20200423 with reason US TO-S-2020-0459 Malware Activity
148.72.232.132	32	GM	None	2019-09-27 00:00:00	2021-04-23 00:00:00	None	ABC Generic ArcSight scan attempt (IP=132,US) | updated by dbc Block was inactive. Reactivated on 20200423 with reason US TO-S-2020-0459 Malware Activity
148.72.232.146	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
148.72.232.156	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
148.72.232.25	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
148.72.232.61	32	RR	None	2017-07-30 05:00:00	2021-04-23 00:00:00	None	SQL generic convert injection attempt - GET parameter (IP=61,US) | updated by dbc Block was inactive. Reactivated on 20200423 with reason US TO-S-2020-0459 Malware Activity
148.72.232.67	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
148.72.248.44	32	TLM	None	2021-06-17 00:00:00	2021-12-17 00:00:00	None	HIVE Case #5644 TO-S-2021-1352 (IP=44,SG)
148.72.255.200	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	SG TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
148.72.40.185	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
148.72.54.185	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	US TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
148.72.56.76	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=76,US)
148.72.65.101	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=101,US)
148.72.69.77	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
148.72.71.29	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	US TO-S-2020-0493 Malware Activity
148.72.74.254	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
148.72.75.116	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
148.72.79.214	32	BMP	None	2020-02-23 00:00:00	2021-05-07 00:00:00	None	SQL use of sleep function with and - likely SQL injection - SourceFire (IP=214,US) | updated by dbc Block expiration extended with reason US TO-S-2020-0493 Malware Activity
148.72.83.177	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
148.72.83.231	32	dbc	None	2020-04-08 00:00:00	2021-04-08 00:00:00	None	US TO-S-2020-0419 Malware Activity
148.72.85.138	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
148.72.88.28	32	dbc	None	2020-09-01 00:00:00	2021-09-01 00:00:00	None	US HIVE Case #3744 TO-S-2020-0772 Malicious Email Activity
148.72.9.50	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
148.72.97.127	32	wmp	None	2020-09-22 00:00:00	2021-10-29 00:00:00	None	HIVE Case #3941 TO-S-2020-0821 COLS-NA-TIP-20-0298 (IP=127,US) | updated by dbc Block expiration extended with reason SG Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
149.115.16.11	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	US TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
149.115.28.4	32	dbc	None	2020-09-23 00:00:00	2021-09-23 00:00:00	None	US TO-S-2020-0826 Hive Case 3950 Malicious Email Activity
149.129.130.163	32	NAB	None	2021-01-07 00:00:00	2021-04-07 00:00:00	None	HIVE Case #NA FP Security (IP=163,IN)
149.129.131.134	24	GM	None	2020-11-28 00:00:00	2021-02-28 00:00:00	None	Generic URI Injection wget Attempt - FireEye CMS (IP=134,SG)
149.129.136.24	24	GM	None	2020-11-28 00:00:00	2021-02-28 00:00:00	None	SERVER-WEBAPP ZyXEL P660HN ADSL Router viewlog.asp command injection attempt - Sourcefire (IP=24,SG)
149.129.137.131	24	GM	None	2020-11-28 00:00:00	2021-02-28 00:00:00	None	SERVER-WEBAPP ZyXEL P660HN ADSL Router viewlog.asp command injection attempt - Web Attacks (IP=131,SG)
149.129.139.48	24	GM	None	2020-11-27 00:00:00	2021-02-27 00:00:00	None	SERVER-WEBAPP ZyXEL P660HN ADSL Router viewlog.asp command injection attempt - Web Attacks (IP=48,SG)
149.129.227.118	24	RB	None	2021-04-13 00:00:00	2021-07-12 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr web attacks (IP=118,ID)
149.129.234.59	24	DT	None	2021-03-30 00:00:00	2021-06-28 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=59,ID)
149.129.41.145	32	TLM	None	2021-07-29 00:00:00	2021-10-27 00:00:00	None	HIVE Case #5884 TO-S-2021-1435 (IP=145,SG)
149.129.50.37	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	SG TO-S-2020-0331 Malicious Web Application Activity
149.147.208.0	20	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	KW TO-S-2020-0750 Malicious Email Activity
149.202.10.237	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	FR TO-S-2020-0298 Malicious Email Activity
149.202.110.58	32	NAB	None	2020-10-28 00:00:00	2021-11-03 00:00:00	None	HIVE Case #4192 COLS-NA-TIP-20-0322 (IP=58,FR) | updated by dbc Block expiration extended with reason FR Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
149.202.148.185	24	RR	None	2021-05-23 00:00:00	2021-08-21 00:00:00	None	OS-OTHER Bash CGI environment variable injection attempt - SourceFire (IP=185,FR)
149.202.164.107	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	FR TO-S-2020-0298 Malicious Email Activity
149.202.197.94	32	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	FR TO-S-2020-0315 Malicious Email Activity
149.202.211.74	32	dbc	None	2020-04-08 00:00:00	2021-04-08 00:00:00	None	FR TO-S-2020-0419 Malicious Email Activity
149.202.216.181	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	FR TO-S-2020-0459 Malware Activity
149.202.64.104	32	DT	None	2020-10-08 00:00:00	2021-01-08 00:00:00	None	Unauthorized Access-Probe/UDP: Host Sweep - TT # 21C00062 (IP=104,FR)
149.202.66.213	32	JKC	None	2020-06-11 00:00:00	2021-06-11 00:00:00	None	Malicious IP Hive Case 2987 COLS-NA TIP 20-0165 CTO 20-156 (ip=213, US)
149.202.73.232	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	FR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
149.202.75.212	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	FR TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
149.202.75.212	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	FR TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
149.202.75.212	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	FR TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
149.202.9.7	32	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5637 TO-S-2021-1321 (IP=7,FR)
149.210.130.98	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	NL Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
149.210.131.83	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	NL TO-S-2020-0459 Malware Activity
149.210.143.182	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=182,NL)
149.210.173.69	32	TLM	None	2021-06-10 00:00:00	2021-12-10 00:00:00	None	HIVE CASE #5606 TO-S-2021-1338
149.210.209.84	32	dbc	None	2020-09-17 00:00:00	2021-09-17 00:00:00	None	NL TO-S-2020-0805 Malicious Email Activity
149.210.222.150	24	EE	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attack (IP=150,NL)
149.210.223.155	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	NL TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
149.210.227.22	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	NL TO-S-2020-0303 Malicious Email Activity
149.224.107.93	24	RR	None	2021-06-06 00:00:00	2021-09-04 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - Web Attacks (IP=93,DE)
149.255.0.0	20	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	RU TO-S-2020-0298 Malicious Email Activity
149.255.36.156	32	EE	None	2021-08-18 00:00:00	2021-11-15 00:00:00	None	HIVE Case #5918 IOC_LOKIBOT (IP=156,US)
149.255.36.156	32	EE	None	2021-08-18 00:00:00	2021-11-15 00:00:00	None	HIVE Case #5918 IOC_LOKIBOT (IP=156,US)
149.255.58.36	32	dbc	None	2020-03-24 00:00:00	2021-03-24 00:00:00	None	US TO-S-2020-0369 Malicious Email Activity
149.255.58.42	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	GB TO-S-2020-0303 Malicious Email Activity
149.255.58.66	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	US TO-S-2020-0698 Malware Activity
149.255.58.9	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	GB TO-S-2020-0459 Malware Activity
149.255.60.150	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	GB TO-S-2020-0698 Malicious Email Activity
149.255.60.174	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	GB TO-S-2020-0493 Malware Activity
149.255.62.105	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=105,GB)
149.255.62.105	32	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	GB TO-S-2020-0838 Malicious Email Activity
149.255.62.20	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	GB TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
149.255.62.86	32	dbc	None	2020-05-13 00:00:00	2021-05-13 00:00:00	None	GB TO-S-2020-0503 Malicious Email Activity
149.28.108.18	32	dbc	None	2020-06-10 00:00:00	2021-06-10 00:00:00	None	Unaffiliated TO-S-2020-0601 Malicious Email Activity
149.28.130.175	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	SG TO-S-2020-0459 Malware Activity
149.28.132.220	24	BMP	None	2021-06-03 00:00:00	2021-09-01 00:00:00	None	HTTP: HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=220,SG)
149.28.143.86	24	RB	None	2021-04-05 00:00:00	2021-07-04 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=86,SG)
149.28.148.182	32	wmp	None	2020-08-20 00:00:00	2021-10-08 00:00:00	None	HIVE Case #3601 COLS-NA-TIP-20-0260 (IP=182,SG) | updated by dbc Block expiration extended with reason HIVE Case #4064 TO-S-2020-0859 (IP=182,SG)
149.28.158.56	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	SG TO-S-2021-1007 Malware Activity
149.28.163.202	32	BMP	None	2021-02-11 00:00:00	2021-05-11 00:00:00	None	Unauthorized Access-Probe - TT# 21C00487 (IP=202,US)
149.28.18.201	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	JP TO-S-2020-0493 Malware Activity
149.28.210.117	32	EE	None	2020-12-11 00:00:00	2021-01-11 00:00:00	None	Nuclei Gethub Webscanner - TT# 21C00281 (IP=117,US)
149.28.236.182	32	RW	None	2021-06-16 00:00:00	2021-10-01 00:00:00	None	Nuclei Vulnerability Scanner - Fireeye IPS (IP=182,US) | updated by BMP Block expiration extended with reason Command Injection - ArcSight (IP=182,US)
149.28.24.100	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	JP TO-S-2020-0459 Malware Activity
149.28.244.249	32	dbc	None	2020-09-17 00:00:00	2021-09-17 00:00:00	None	US TO-S-2020-0805 Malicious Email Activity
149.28.30.250	32	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	JP TO-S-2020-0315 Malicious Email Activity
149.28.37.62	32	DT	None	2020-07-03 00:00:00	2021-03-20 00:00:00	None	SERVER-WEBAPP Citrix ADC and Gateway arbitrary code execution attempt - Web Attacks (IP=62,US) | updated by RW Block was inactive. Reactivated on 20201220 with reason HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - TT# 21C00357 (
149.28.58.24	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malicious Email Activity
149.28.91.12	32	ZH	None	2021-08-09 00:00:00	2021-11-07 00:00:00	None	SERVER-WEBAPP SolarWinds Orion authentication bypass attempt - Sourcefire Rpt (IP=12,US)
149.28.91.50	32	GM	None	2020-12-17 00:00:00	2021-03-17 00:00:00	None	ColdFusion errors / Self Report - TT # 21C00303 (IP=50,US)
149.3.110.195	32	srm	None	2021-05-17 00:00:00	2021-08-15 00:00:00	None	Firepower Suspicious Scan Activity (IP=195,GE)
149.3.124.194	32	srm	None	2021-01-29 00:00:00	2021-04-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=194,GE)
149.3.124.223	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=223,GE)
149.3.36.104	24	GM	None	2020-12-25 00:00:00	2021-03-25 00:00:00	None	Generic URI Injection wget Attempt - Web Attacks (IP=104,GE)
149.3.36.79	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=79,GE)
149.3.91.158	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	US TO-S-2020-0303 Malicious Email Activity
149.34.41.178	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	ES TO-S-2020-0331 Malicious Web Application Activity
149.34.46.213	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	ES TO-S-2020-0298 Malicious Email Activity
149.34.47.47	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	ES TO-S-2020-0298 Malicious Email Activity
149.34.61.236	24	SW	None	2021-09-17 00:00:00	2021-12-16 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt - SourceFire (IP=236,ES)
149.56.101.239	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	CA TO-S-2020-0493 Malware Activity
149.56.123.177	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	CA TO-S-2020-0331 Malware Activity
149.56.20.55	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	CA Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
149.56.207.22	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	CA TO-S-2020-0303 Malicious Web Application Activity
149.56.253.71	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	CA TO-S-2020-0493 Malware Activity
149.56.28.9	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	CA Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
149.56.38.89	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	CA Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
149.56.43.112	24	RW	None	2020-11-06 00:00:00	2021-02-06 00:00:00	None	SERVER-WEBAPP Ulterius web server directory traversal attempt - Sourcefire (IP=112,CA)
149.56.81.70	24	EE	None	2021-04-02 00:00:00	2021-07-01 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=70,CA)
149.56.96.80	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	CA TO-S-2020-0698 Malicious Web Application Activity
149.62.170.143	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	ES TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
149.74.72.91	24	KD	None	2021-09-04 00:00:00	2021-12-03 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt (1:19559:13) - SOURCEFIRE REPORT (IP=91,ES)
149.90.209.61	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	PT TO-S-2020-0303 Malicious Email Activity
15.164.52.139	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	KR TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
15.164.91.143	24	RW	None	2020-11-27 00:00:00	2021-02-25 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - SSH scan report (IP=143,KR)
15.200.142.128	32	UA	None	2021-05-18 00:00:00	2021-08-16 00:00:00	None	APP-DETECT SSH server detected on non-standard port - Sourcefire (IP=128,US)
15.200.175.34	32	UA	None	2021-06-22 00:00:00	2021-09-22 00:00:00	None	APP-DETECT SSH server detected on non-standard port (IP=34,US)
15.200.203.73	32	CR	None	2021-05-06 00:00:00	2021-08-06 00:00:00	None	APP-DETECT SSH server detected on non-standard port - Sourcefire (IP=73,US)
15.200.213.185	32	CR	None	2021-05-11 00:00:00	2021-08-11 00:00:00	None	APP-DETECT SSH server detected on non-standard port _Sourcefire (IP=185,US)
15.200.230.15	32	UA	None	2021-06-22 00:00:00	2021-09-22 00:00:00	None	APP-DETECT SSH server detected on non-standard port (IP=15,US)
15.200.244.67	32	UA	None	2021-06-22 00:00:00	2021-09-22 00:00:00	None	APP-DETECT SSH server detected on non-standard port (IP=67,US)
15.200.4.47	32	UA	None	2021-06-22 00:00:00	2021-09-22 00:00:00	None	APP-DETECT SSH server detected on non-standard port (IP=47,US)
15.200.83.110	32	CR	None	2021-05-06 00:00:00	2021-08-06 00:00:00	None	APP-DETECT SSH server detected on non-standard port - Sourcefire (IP=110,US)
15.206.160.202	24	EE	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire (IP=202,IN)
15.206.90.6	32	RB	None	2021-09-03 00:00:00	2021-12-02 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 21C01750 (IP=6,US)
15.207.254.107	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=107,IN)
15.207.43.86	24	KH	None	2021-09-11 00:00:00	2021-12-10 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=86,IN)
15.222.194.168	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	Unaffiliated TO-S-2020-0535 Malicious Email Activity
15.222.242.93	24	ZH	None	2021-06-26 00:00:00	2021-09-24 00:00:00	None	Unauthorized Access-Probe / UDP: Host Sweep TT# 21C01373 (IP=93,CN)
15.223.54.239	32	dbc	None	2020-05-13 00:00:00	2021-05-13 00:00:00	None	Unaffiliated TO-S-2020-0503 Malicious Email Activity
150.107.140.0	22	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	ID TO-S-2020-0303 Malicious Email Activity
150.107.25.70	24	RW	None	2021-04-18 00:00:00	2021-07-18 00:00:00	None	SERVER-WEBAPP Java XML deserialization remote code execution attempt - Sourcefire (IP=70,IN)
150.107.31.190	32	TLM	None	2021-06-17 00:00:00	2021-12-17 00:00:00	None	HIVE Case #5644 TO-S-2021-1352 (IP=190,TH)
150.107.40.0	22	dbc	None	2020-06-10 00:00:00	2021-06-10 00:00:00	None	IN TO-S-2020-0601 Malware Activity
150.107.42.30	24	JKC	None	2020-04-13 00:00:00	2021-04-13 00:00:00	None	CTR-20-0629 MALWARE CAMPAIGN HIVE CASE #2512 (IP=30, IN)
150.107.76.0	24	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,MY)
150.109.11.232	24	RT	None	2021-07-14 00:00:00	2021-10-12 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt_Sourcefire (IP=232,SG) | updated by RT Block was inactive. Reactivated on 20210714 with reason INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire Report (IP=232,SG) INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire Report (IP=232,SG)
150.109.11.232	24	RB	None	2020-03-06 00:00:00	2021-10-12 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt_Sourcefire (IP=232,SG) | updated by RT Block was inactive. Reactivated on 20210714 with reason INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire Report (IP=232,SG) INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire Report (IP=232,SG)
150.109.149.144	32	GM	None	2020-10-06 00:00:00	2021-01-06 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT # 21C00045 (IP=144,SG)
150.109.150.104	24	KH	None	2021-07-30 00:00:00	2021-10-28 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire (IP=104,HK)
150.109.151.134	24	AR	None	2021-06-30 00:00:00	2021-09-28 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire (IP=134,HK)
150.109.16.122	24	BMP	None	2021-06-17 00:00:00	2021-09-15 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) (IP=122,SG) | updated by BMP Block was inactive. Reactivated on 20210617 with reason INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - S
150.109.16.122	24	KF	None	2019-11-22 00:00:00	2021-09-15 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) (IP=122,SG) | updated by BMP Block was inactive. Reactivated on 20210617 with reason INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - S
150.109.164.235	24	BMP	None	2021-06-03 00:00:00	2021-09-01 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire (IP=235,TH)
150.109.164.235	24	BMP	None	2021-06-03 00:00:00	2021-09-01 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire (IP=235,TH)
150.109.167.106	24	ZH	None	2021-06-12 00:00:00	2021-09-10 00:00:00	None	INDICATOR-SCAN DNS version.bind | updated by ZH Block expiration extended with reason INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire Rpt (IP=106,TH) INDICATOR-SCAN DNS version.bind string information disc
150.109.167.106	24	ZH	None	2021-06-12 00:00:00	2021-09-10 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire Rpt (IP=106,TH)
150.109.167.106	24	SW	None	2021-05-25 00:00:00	2021-09-10 00:00:00	None	INDICATOR-SCAN DNS version.bind | updated by ZH Block expiration extended with reason INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire Rpt (IP=106,TH) INDICATOR-SCAN DNS version.bind string information disc
150.109.167.106	24	SW	None	2021-05-25 00:00:00	2021-09-10 00:00:00	None	INDICATOR-SCAN DNS version.bind | updated by ZH Block expiration extended with reason INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire Rpt (IP=106,TH) INDICATOR-SCAN DNS version.bind string information disc
150.109.167.235	32	srm	None	2021-05-19 00:00:00	2021-08-17 00:00:00	None	Firepower Suspicious Scan Activity (IP=235,TH)
150.109.170.100	24	UA	None	2021-05-18 00:00:00	2021-08-16 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=100,TH)
150.109.170.60	32	srm	None	2021-05-14 00:00:00	2021-08-12 00:00:00	None	Firepower Suspicious Scan Activity (IP=60,TH)
150.109.180.125	32	srm	None	2021-05-19 00:00:00	2021-08-17 00:00:00	None	Firepower Suspicious Scan Activity (IP=125,TH)
150.109.180.135	24	SW	None	2021-05-21 00:00:00	2021-08-20 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - SourceFire (IP=135,TH)
150.109.181.149	24	UA	None	2021-06-22 00:00:00	2021-09-22 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (IP=149,TH)
150.109.181.149	24	UA	None	2021-06-22 00:00:00	2021-09-22 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Source Fire (IP=149,TH)
150.109.181.161	32	srm	None	2021-05-17 00:00:00	2021-08-15 00:00:00	None	Firepower Suspicious Scan Activity (IP=161,TH)
150.109.182.140	24	CR	None	2021-05-30 00:00:00	2021-08-28 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=140,TH)
150.109.182.140	24	CR	None	2021-05-30 00:00:00	2021-08-28 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=140,TH)
150.109.183.94	24	PS	None	2021-06-03 00:00:00	2021-09-01 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - SourceFire (1:42785:4) (IP=94,TH)
150.109.183.94	24	PS	None	2021-06-03 00:00:00	2021-09-01 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - SourceFire (1:42785:4) (IP=94,TH)
150.109.194.59	24	ZH	None	2021-07-05 00:00:00	2021-10-03 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire Rpt (IP=59,JP)
150.109.195.243	24	RR	None	2021-03-30 00:00:00	2021-06-28 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=243,JP)
150.109.203.21	24	DT	None	2021-06-29 00:00:00	2021-09-27 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Source Fire (IP=21,JP)
150.109.205.227	24	CR	None	2021-05-31 00:00:00	2021-08-29 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=227,SG)
150.109.205.70	24	EE	None	2020-12-31 00:00:00	2021-03-31 00:00:00	None	INDICATOR-SCAN DNS - SourceFire (IP=70,JA)
150.109.229.166	24	RT	None	2021-07-01 00:00:00	2021-09-29 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire Report (IP=166,KR)
150.109.229.166	24	RT	None	2021-07-01 00:00:00	2021-09-29 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire Report (IP=166,KR)
150.109.23.158	24	CR	None	2021-05-11 00:00:00	2021-08-11 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=158,SG)
150.109.23.36	32	srm	None	2021-05-11 00:00:00	2021-08-09 00:00:00	None	Firepower Suspicious Scan Activity (IP=36,SG)
150.109.230.162	24	BMP	None	2021-06-18 00:00:00	2021-09-16 00:00:00	None	INDICATOR-OBFUSCATION select concat statement - possible sql injection (1:19437:6) - SourceFire (IP=162,HK)
150.109.231.201	24	BMP	None	2021-06-22 00:00:00	2021-09-20 00:00:00	None	INDICATOR-OBFUSCATION select concat statement - possible sql injection (1:19437:6) - SourceFire (IP=201,SG)
150.109.234.173	24	CR	None	2020-07-14 00:00:00	2021-09-24 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=173,KR) | updated by BMP Block was inactive. Reactivated on 20210626 with reason INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - S
150.109.234.173	24	BMP	None	2021-06-26 00:00:00	2021-09-24 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=173,KR) | updated by BMP Block was inactive. Reactivated on 20210626 with reason INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - S
150.109.236.199	24	RR	None	2020-11-15 00:00:00	2021-02-13 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - SourceFire (IP=199,SG)
150.109.238.211	24	UA	None	2021-05-18 00:00:00	2021-08-16 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=211,SG)
150.109.239.89	32	srm	None	2021-05-11 00:00:00	2021-08-09 00:00:00	None	Firepower Suspicious Scan Activity (IP=89,KR)
150.109.44.192	24	RW	None	2020-10-10 00:00:00	2021-01-10 00:00:00	None	HTTP SQL Injection Attempt - 6hr web attacks (IP=192,HK)
150.109.5.248	24	SW	None	2021-05-24 00:00:00	2021-08-23 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt_Sourcefire (IP=248,SG) | updated by SW Block was inactive. Reactivated on 20210524 with reason INDICATOR-SCAN DNS version.bind string information disclosure attempt - SourceFire Repo
150.109.5.248	24	RB	None	2020-03-06 00:00:00	2021-08-23 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt_Sourcefire (IP=248,SG) | updated by SW Block was inactive. Reactivated on 20210524 with reason INDICATOR-SCAN DNS version.bind string information disclosure attempt - SourceFire Repo
150.109.50.64	24	CR	None	2020-05-21 00:00:00	2021-09-15 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - 6hr Web Attacks (IP=64,HK) | updated by BMP Block was inactive. Reactivated on 20210617 with reason SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - 6hr Web Attacks (IP=64,
150.109.50.64	24	BMP	None	2021-06-17 00:00:00	2021-09-15 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - 6hr Web Attacks (IP=64,HK) | updated by BMP Block was inactive. Reactivated on 20210617 with reason SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - 6hr Web Attacks (IP=64,
150.116.204.67	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	TW TO-S-2020-0298 Malicious Email Activity
150.117.94.249	24	RW	None	2021-02-19 00:00:00	2021-05-19 00:00:00	None	Malicious IP - Hive Case 4961 (IP=249,TW)
150.129.102.228	24	FT	None	2020-10-19 00:00:00	2021-01-19 00:00:00	None	APP-DETECT SSH server detected on non-standard port (1:13586:5) - SourceFire (IP=228,IN)
150.129.105.61	32	srm	None	2021-01-29 00:00:00	2021-04-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=61,IN)
150.129.238.106	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	IN TO-S-2020-0331 Malicious Web Application Activity
150.129.4.0	22	TLM	None	2021-06-17 00:00:00	2021-12-17 00:00:00	None	HIVE Case #5644 TO-S-2021-1352 (IP=0,PK)
150.129.41.78	24	GM	None	2021-02-21 00:00:00	2021-05-22 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - 6hr Web Attacks (IP=78,HK)
150.129.80.190	24	RR	None	2020-11-25 00:00:00	2021-02-23 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=190,HK)
150.136.110.102	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	US TO-S-2021-0949 Hive Case 4363 Malicious Email Activity
150.136.146.205	32	BMP	None	2021-04-11 00:00:00	2021-07-10 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=205,US)
150.136.168.10	32	WR	None	2021-05-25 00:00:00	2021-08-23 00:00:00	None	SERVER-WEBAPP Terramaster TOS command injection attempt- 6 hr web attacks (IP=10,US)
150.136.192.92	32	GM	None	2020-08-29 00:00:00	2021-11-11 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=92,US) | updated by UA Block was inactive. Reactivated on 20210813 with reason SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - 6hr Web Attacks - (IP=92,US)
150.136.76.134	32	DT	None	2021-03-14 00:00:00	2021-06-14 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=134,US)
150.138.72.115	24	FT	None	2021-03-21 00:00:00	2021-06-19 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - Web Attacks (IP=115,CN)
150.158.153.61	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=61,CN)
150.158.158.19	24	RB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr web attacks (IP=19,CN)
150.158.159.25	24	GM	None	2020-11-29 00:00:00	2021-03-01 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Web Attacks (IP=25,CN)
150.158.160.5	32	srm	None	2021-03-30 00:00:00	2021-06-30 00:00:00	None	Firepower Suspicious Scan Activity (IP=5,CN)
150.158.168.154	24	GM	None	2021-03-27 00:00:00	2021-06-25 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=154,CN)
150.158.179.122	24	EE	None	2021-01-09 00:00:00	2021-04-10 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - 6 HR Web Attack (IP=122,CN) | updated by RB Block expiration extended with reason SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Sourcefire (IP=122,CN)
150.158.198.220	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	srm Firepwer Suspicious Scan Activity (IP=220,CN)
150.158.4.14	24	FT	None	2020-10-31 00:00:00	2021-01-31 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Atacks (IP=14,CN)
150.162.60.183	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=183,BR)
150.162.90.90	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=90,BR)
150.242.12.41	24	EE	None	2021-04-02 00:00:00	2021-07-01 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=41,IN)
150.60.156.116	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	JP TO-S-2021-1007 Malicious Email Activity
150.60.169.10	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	JP TO-S-2020-0493 Malware Activity
150.95.154.82	24	EE HTTP:	None	2021-03-19 00:00:00	2021-06-17 00:00:00	None	PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=82,JP)
150.95.16.0	22	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,VN)
150.95.178.188	24	EE	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attack (IP=188,JP)
150.95.186.55	32	NAB	None	2020-10-30 00:00:00	2021-01-28 00:00:00	None	HIVE Case #4238 COLS-NA-TIP-20-0344 (IP=55,JP)
150.95.20.161	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	TH TO-S-2020-0698 Malicious Email Activity
150.95.212.229	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	JP Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
150.95.219.216	32	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	JP TO-S-2020-0315 Malicious Web Application Activity
150.95.240.44	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	JP TO-S-2020-0459 Malware Activity
150.95.27.17	24	DT	None	2021-03-22 00:00:00	2021-06-20 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=17,TH)
150.95.52.72	32	wmp	None	2020-09-03 00:00:00	2021-10-29 00:00:00	None	HIVE Case #3770 TO-S-2020-0779 COLS-NA-TIP-20-0280 (IP=72,JP) | updated by dbc Block expiration extended with reason JP Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
150.95.54.225	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	JP TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
150.95.55.15	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	JP TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
150.95.55.157	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	JP TO-S-2021-1007 Malicious Email Activity
150.95.55.170	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	JP TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
150.95.55.7	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	JP TO-S-2020-0698 Malicious Email Activity
150.95.8.228	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	JP TO-S-2020-0493 Malware Activity
151.101.0.64	32	dbc	None	2020-05-22 00:00:00	2021-05-27 00:00:00	None	Unafilliated TO-S-2020-0559 Malicious Email Activity | updated by dbc Block expiration extended with reason Unafilliated TO-S-2020-0559.01 Malicious Email Activity
151.101.1.195	32	dbc	None	2019-04-17 00:00:00	2021-05-21 00:00:00	None	US TO-S-2019-0610 Malicious Email Activity | updated by JKC Block was inactive. Reactivated on 20200618 with reason Malicious domain Hive Case Case 3063 - IOC_ ISO CTOs 20-164,20-165 (ip=165,US) | Unblocked - IP hosts some business sites
151.101.1.95	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	US TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
151.101.113.124	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	DE TO-S-2020-0331 Malicious Email Activity
151.101.121.95	32	wmp	None	2020-07-17 00:00:00	2021-12-11 00:00:00	None	HIVE Case #3353 TO-S-2020-0682 COLS-NA-TIP-20-0223 (IP=95,FR) | updated by jkc Block was inactive. Reactivated on 20201211 with reason FR TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
151.101.122.49	32	dbc	None	2020-06-08 00:00:00	2021-06-08 00:00:00	None	Unafiliated TO-S-2020-0592 Malicious Email Activity
151.101.129.95	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	US TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
151.101.130.159	32	dbc	None	2020-10-21 00:00:00	2021-05-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity | Unblock - IP hosts over 15K sites including some .gov sites
151.101.201.175	32	UA	None	2021-06-16 00:00:00	2021-09-14 00:00:00	None	INDICATOR-OBFUSCATION obfuscated javascript excessive - TT# 21C01317 (IP=175, US)
151.101.38.49	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	NL TO-S-2021-0949 Hive Case 4363 Malicious Email Activity
151.101.62.110	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	US TO-S-2020-0698 Malicious Email Activity
151.101.65.195	32	GLM	None	2018-07-16 05:00:00	2021-06-06 00:00:00	None	SERVER-WEBAPP Lets Encrypt SSL certificate for domain resembling paypal (IP=195,US) | updated by dbc with reason US TO-S-2019-1002 Malicious Email Activity | updated by srm Block was inactive. Reactivated on 20201130 with reason HIVE Case #4425
151.106.100.42	32	TLM	None	2021-06-17 00:00:00	2021-12-17 00:00:00	None	HIVE Case #5644 TO-S-2021-1352 (IP=42,DE)
151.106.12.150	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=150,FR)
151.106.124.73	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=73,DE)
151.106.32.106	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	FR TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
151.106.32.107	32	TLM	None	2021-07-29 00:00:00	2021-10-27 00:00:00	None	HIVE Case #5884 TO-S-2021-1435 (IP=107,FR)
151.106.34.90	24	EE	None	2021-04-04 00:00:00	2021-07-03 00:00:00	None	Unauthorized Access-Probe UDP: Host Sweep TT# 21C00967 (IP=90,NL)
151.106.35.185	32	NAB	None	2020-10-30 00:00:00	2021-01-28 00:00:00	None	HIVE Case #4238 COLS-NA-TIP-20-0344 (IP=185,FR)
151.106.35.187	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	DE TO-S-2020-0750 Malicious Email Activity
151.106.35.226	24	EE	None	2021-04-04 00:00:00	2021-07-03 00:00:00	None	Unauthorized Access-Probe UDP: Host Sweep TT# 21C00966 (IP=226,NL)
151.106.35.227	32	RW	None	2021-03-31 00:00:00	2021-06-30 00:00:00	None	Unauthorized Access-Probe/ UDP: Host Sweep - TT# 21C00910 (IP=227,FR)
151.106.35.99	32	NAB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HIVE Case #5136 TO-S-21-1197 TO-S-21-1197.01 (IP=99,FR)
151.106.40.118	32	GM	None	2020-12-17 00:00:00	2021-03-17 00:00:00	None	Unauthorized Access-Probe / UDP: Host Sweep - TT # 21C00304 (IP=118,FR)
151.106.41.6	24	EE	None	2021-04-04 00:00:00	2021-07-03 00:00:00	None	Unauthorized Access-Probe UDP: Host Sweep TT# 21C00965 (IP=6,NL)
151.106.61.31	24	RB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr failed logons (IP=31,FR)
151.106.96.179	32	TLM	None	2021-06-17 00:00:00	2021-12-17 00:00:00	None	HIVE Case #5644 TO-S-2021-1352 (IP=179,DE)
151.106.97.215	32	NAB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HIVE Case #5136 TO-S-21-1197 TO-S-21-1197.01 (IP=215,DE)
151.11.117.230	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	IT TO-S-2020-0493 Malware Activity
151.124.33.45	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	US TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
151.139.241.4	32	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	US TO-S-2020-0322 Malware Activity
151.15.88.35	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	IT TO-S-2020-0493 Malware Activity
151.20.109.88	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	IT TO-S-2020-0493 Malware Activity
151.22.64.138	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	IT Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
151.226.181.51	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	GB TO-S-2020-0331 Malicious Web Application Activity
151.231.179.163	24	ZH	None	2021-09-28 00:00:00	2021-12-27 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - 6hr Web Attacks (IP=163,GB)
151.236.171.236	32	wmp	None	2021-05-27 00:00:00	2021-08-27 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=236,IQ)
151.237.185.110	32	EE	None	2021-03-10 00:00:00	2021-06-10 00:00:00	None	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00656 (IP=110,SE)
151.237.194.33	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	ES TO-S-2020-0298 Malicious Email Activity
151.24.33.25	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	IT Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
151.248.8.126	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	IT Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
151.251.15.82	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	BG TO-S-2020-0331 Malicious Web Application Activity
151.26.129.100	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	IT TO-S-2020-0459 Malware Activity
151.27.138.193	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	IT TO-S-2020-0303 Malicious Email Activity
151.27.212.64	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	IT TO-S-2020-0303 Malicious Email Activity
151.41.77.196	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	IT Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
151.51.245.10	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	IT Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
151.53.33.210	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	IT TO-S-2020-0331 Malicious Web Application Activity
151.54.57.28	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	IT TO-S-2020-0493 Malware Activity
151.56.78.63	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	IT TO-S-2020-0298 Malicious Email Activity
151.61.80.32	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	IT TO-S-2020-0459 Malware Activity
151.61.83.139	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	IT TO-S-2020-0459 Malware Activity
151.64.148.85	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	IT TO-S-2020-0493 Malware Activity
151.66.191.27	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	IT TO-S-2020-0331 Malicious Web Application Activity
151.72.199.165	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	IT TO-S-2020-0303 Malicious Email Activity
151.73.101.228	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	IT TO-S-2020-0493 Malware Activity
151.73.12.30	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	IT TO-S-2020-0493 Malware Activity
151.73.122.66	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	HIVE Case #Firepower Firepower (IP=66,IT)
151.73.179.172	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	IT TO-S-2020-0303 Malicious Email Activity
151.73.59.221	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	IT Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
151.8.222.4	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	IT TO-S-2020-0459 Malware Activity
151.80.103.84	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	FR TO-S-2020-0459 Malware Activity
151.80.103.84	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	FR TO-S-2020-0459 Malware Activity
151.80.186.20	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=20,FR)
151.80.248.198	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	Unaffiliated TO-S-2020-0535 Malicious Email Activity
151.80.33.64	32	RB	None	2021-09-14 00:00:00	2021-12-13 00:00:00	None	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - TT# 21C01842 (IP=64,FR)
151.80.40.72	24	GM	None	2020-11-29 00:00:00	2021-03-01 00:00:00	None	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt - Web Attacks (IP=72,FR)
151.95.85.35	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	IT Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
152.131.10.195	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=195,US)
152.133.9.9	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=9,US)
152.136.104.225	24	RR	None	2020-12-14 00:00:00	2021-03-14 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Web Attacks (IP=225,CN)
152.136.112.178	24	GM	None	2021-01-03 00:00:00	2021-04-03 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=178,CN)
152.136.116.72	24	DT	None	2020-11-27 00:00:00	2021-02-25 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - SourceFire (IP=72,CN)
152.136.126.34	24	RR	None	2020-10-21 00:00:00	2021-01-19 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=34,CN)
152.136.135.174	24	RW	None	2020-10-28 00:00:00	2021-01-28 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr web attacks (IP=174,CN)
152.136.139.71	24	RW	None	2021-08-17 00:00:00	2021-11-15 00:00:00	None	SERVER-WEBAPP ThinkPHP
152.136.139.71	24	RW	None	2021-08-17 00:00:00	2021-11-15 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt (1:48837:6) - Sourcefire (IP=71,CN)
152.136.149.245	24	RB	None	2020-10-27 00:00:00	2021-01-25 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr web attacks (IP=245,CN)
152.136.15.50	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=50,CN)
152.136.160.0	22	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,CN)
152.136.177.38	24	BMP	None	2020-10-30 00:00:00	2021-01-30 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - SourceFire (IP=38,CN)
152.136.194.153	24	BMP	None	2021-05-08 00:00:00	2021-08-07 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=153,CN)
152.136.198.226	24	RR	None	2021-05-31 00:00:00	2021-08-29 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=226,CN)
152.136.210.237	24	BMP	None	2021-03-23 00:00:00	2021-06-21 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=237,CN)
152.136.22.43	24	RB	None	2021-02-11 00:00:00	2021-05-12 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - 6hr web attacks (IP=43,CN)
152.136.224.146	24	BMP	None	2020-12-06 00:00:00	2021-03-06 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=146,CN)
152.136.54.176	32	BMP	None	2020-12-22 00:00:00	2021-03-22 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - SourceFire (IP=176,CN)
152.160.194.63	32	dbc	None	2020-09-17 00:00:00	2021-09-17 00:00:00	None	US TO-S-2020-0805 Malicious Email Activity
152.172.63.166	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	CL TO-S-2020-0298 Malicious Email Activity
152.173.36.23	24	SW	None	2021-06-28 00:00:00	2021-09-26 00:00:00	None	SQL injection - Web Attacks (IP=23,CL)
152.174.119.182	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	CL TO-S-2020-0298 Malicious Email Activity
152.174.67.103	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	CL TO-S-2020-0331 Malicious Web Application Activity
152.179.93.202	32	RW	None	2020-02-04 00:00:00	2021-07-02 00:00:00	None	SERVER-OTHER Cisco IOS invalid IKE fragment length memory corruption or exhaustion attempt - Sourcefire (IP=202,US) | unblocked: DMVPN spokes | updated by GLM Block was inactive. Reactivated on 20210403 with reason Web (HTTP) Attacks (IP=202,US) Web (HTTP
152.179.93.202	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	SERVER-OTHER Cisco IOS invalid IKE fragment length memory corruption or exhaustion attempt - Sourcefire (IP=202,US) | unblocked: DMVPN spokes | updated by GLM Block was inactive. Reactivated on 20210403 with reason Web (HTTP) Attacks (IP=202,US) Web (HTTP
152.228.142.232	32	CR	None	2021-05-18 00:00:00	2021-08-16 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - Web Attacks (IP=232,US)
152.228.162.77	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=77,FR)
152.228.207.202	32	KD	None	2021-06-08 00:00:00	2021-09-07 00:00:00	None	SQL injection- Web Attacks (IP=202,US)
152.228.207.202	24	RT	None	2021-06-08 00:00:00	2021-09-06 00:00:00	None	SQL injection - 6HR web attacks (IP=202,FR)
152.231.114.18	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	CL TO-S-2020-0535 Malware Activity
152.231.48.0	20	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	AR TO-S-2020-0298 Malicious Email Activity
152.247.70.193	24	GM	None	2021-01-30 00:00:00	2021-04-30 00:00:00	None	Generic URI Injection wget Attempt - FireEye CMS (IP=193,BR)
152.249.92.240	24	RW	None	2021-07-07 00:00:00	2021-10-05 00:00:00	None	SERVER-WEBAPP VMWare vSphere Client remote code execution attempt (1:57720:1) - Sourcefire (IP=240,BR)
152.32.128.223	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	HK TO-S-2020-0303 Malicious Email Activity
152.32.143.4	24	RW	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr web attacks (IP=4,NG)
152.32.144.156	24	RW	None	2021-08-10 00:00:00	2021-11-08 00:00:00	None	Nmap Scanner Traffic Detected - FE IPS (IP=156,JP)
152.32.147.242	24	BMP	None	2021-03-27 00:00:00	2021-06-25 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=242,JP)
152.32.164.0	24	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	TW TO-S-2020-0838 Malicious Web Application Activity
152.32.180.0	24	dbc	None	2020-09-23 00:00:00	2021-09-23 00:00:00	None	AE TO-S-2020-0826 Hive Case 3950 Unspecified Malicious Activity
152.32.190.0	24	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	HK TO-S-2021-1007 Malicious Email Activity
152.32.217.23	24	RW	None	2021-08-10 00:00:00	2021-11-08 00:00:00	None	Nmap Scanner Traffic Detected - FE IPS (IP=23,SG)
152.4.20.106	32	dbc	None	2020-04-08 00:00:00	2021-04-08 00:00:00	None	US TO-S-2020-0419 Malicious Email Activity
152.57.238.202	24	RW	None	2021-07-08 00:00:00	2021-10-06 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt (1:19559:13) - Sourcefire (IP=202,IN)
152.67.163.65	32	RW	None	2021-05-02 00:00:00	2021-08-02 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web attacks (IP=65,US)
152.67.166.99	24	FT	None	2020-12-31 00:00:00	2021-03-31 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - 6hr Web attacks (IP=99,IN)
152.67.222.148	24	BB	None	2021-07-26 00:00:00	2021-10-24 00:00:00	None	SSH User Authentication Brute Force Attempt - Failed Logon (IP=148,KR)
152.67.227.90	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	US TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
152.67.4.192	24	RW	None	2021-04-11 00:00:00	2021-07-11 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Sourcefire (IP=192,IN)
152.67.8.218	32	BMP	None	2021-04-02 00:00:00	2021-07-01 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=218,US)
152.70.98.13	24	RT	None	2021-09-20 00:00:00	2021-12-19 00:00:00	None	Attempted Access - Inbound Brute Force - TT# 21C01899 (IP=13,JP)
152.89.152.0	22	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	IR TO-S-2020-0303 Malicious Email Activity
152.89.155.0	22	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	IR TO-S-2020-0303 Malicious Email Activity | unblocked with reason IR TO-S-2020-0303 TO-S-2020-0303.01 Incorrect IP Range Blocked
152.89.218.83	24	BMP	None	2021-04-20 00:00:00	2021-07-19 00:00:00	None	TrojanDownloader.Qakbot - Hive Case 5267 (IP=83,RU)
153.101.37.130	32	srm	None	2021-04-07 00:00:00	2021-07-07 00:00:00	None	Firepower Suspicious Scan Activity (IP=130,CN)
153.103.64.132	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	US TO-S-2020-0870 Application Vulnerability Exploit
153.120.167.252	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	JP TO-S-2020-0303 Malicious Email Activity
153.122.16.1	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	JP TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
153.122.170.19	32	dbc	None	2020-01-08 00:00:00	2021-01-08 00:00:00	None	JP TO-S-2020-0236 Malicious Email Activity
153.122.47.67	24	BMP	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=67,JP)
153.122.57.217	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	JP Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
153.125.224.209	24	EE	None	2021-03-10 00:00:00	2021-06-10 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6 HR Web Attack (IP=209,JP)
153.126.167.71	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	JP TO-S-2020-0750 Malicious Email Activity
153.126.180.38	32	FT	None	2020-12-17 00:00:00	2021-03-17 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - 6hr Web Attacks (IP=38,JP)
153.127.200.127	32	wmp	None	2021-04-28 00:00:00	2021-07-28 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=127,JP)
153.127.32.46	24	GM	None	2021-02-24 00:00:00	2021-06-24 00:00:00	None	SERVER-WEBAPP JBoss JMX console access attempt - Sourcefire (IP=46,JP)
153.127.46.127	24	GM	None	2021-03-27 00:00:00	2021-06-25 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=127,JP)
153.127.68.21	24	RB	None	2021-03-29 00:00:00	2021-06-27 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=21,JP)
153.142.11.59	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	JP Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
153.149.140.98	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	JP TO-S-2021-1007 Malicious Email Activity
153.149.192.77	32	dbc	None	2020-01-08 00:00:00	2021-01-08 00:00:00	None	JP TO-S-2020-0236 Malicious Email Activity
153.149.236.73	32	dbc	None	2020-01-08 00:00:00	2021-01-08 00:00:00	None	JP TO-S-2020-0236 Malicious Email Activity
153.153.66.90	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	JP TO-S-2021-1007 Malicious Email Activity
153.163.83.106	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	JP TO-S-2021-0876 Hive Case 4166 Malware Activity
153.2.181.108	32	dbc	None	2020-05-22 00:00:00	2021-05-27 00:00:00	None	Unafilliated TO-S-2020-0559 Malicious Email Activity | updated by dbc Block expiration extended with reason Unafilliated TO-S-2020-0559.01 Malicious Email Activity
153.205.122.124	24	WR	None	2021-07-26 00:00:00	2021-10-24 00:00:00	None	Self-report - URL variable string manipulation including SQL - TT# 21C01481 (IP=124,JP)
153.220.43.182	24	EE	None	2021-04-15 00:00:00	2021-07-14 00:00:00	None	SERVER-WEBAPP Liferay arbitrary Java object deserialization attempt - Web Attack (IP=182,JP)
153.232.188.106	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	JP TO-S-2021-0876 Hive Case 4166 Malware Activity
153.3.124.221	24	GM	None	2020-11-29 00:00:00	2021-03-01 00:00:00	None	Generic URI Injection wget Attempt - FireEye CMS (IP=221,CN)
153.3.127.11	32	srm	None	2021-04-07 00:00:00	2021-07-07 00:00:00	None	Firepower Suspicious Scan Activity (IP=11,CN)
153.3.250.139	32	RW	None	2020-10-18 00:00:00	2021-01-18 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 21C00143 (IP=139,CN)
153.34.135.92	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=92,CN)
153.37.152.184	32	srm	None	2021-03-30 00:00:00	2021-06-30 00:00:00	None	Firepower Suspicious Scan Activity (IP=184,CN)
153.92.180.16	32	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	GR TO-S-2020-0838 Malicious Email Activity
154.0.22.135	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	BW TO-S-2020-0331 Malicious Web Application Activity
154.0.22.150	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	BW TO-S-2020-0331 Malicious Web Application Activity
154.120.217.61	32	wmp	None	2021-05-28 00:00:00	2021-08-28 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=61,ZM)
154.120.217.61	24	KD	None	2021-05-28 00:00:00	2021-08-27 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841)- Web Attacks (IP=61,ZM)
154.120.224.0	19	TLM	None	2021-07-29 00:00:00	2021-10-27 00:00:00	None	HIVE Case #5884 TO-S-2021-1435 (IP=0,ZW)
154.120.228.142	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	US TO-S-2020-0303 Malicious Email Activity
154.123.200.104	32	dbc	None	2020-09-17 00:00:00	2021-09-17 00:00:00	None	KE TO-S-2020-0805 Malicious Web Application Activity
154.126.12.75	24	KD	None	2021-06-16 00:00:00	2021-09-15 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt (1:19559:13)- Source fire (IP=75,MG)
154.126.160.0	19	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	CM Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
154.127.248.0	20	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,AO)
154.16.166.11	32	DT	None	2021-03-03 00:00:00	2021-06-02 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Sourcefire (IP=11,US)
154.16.166.14	32	DT	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (IP=14,US)
154.16.249.198	32	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5629 TO-S-2021-1303 (IP=198,US)
154.16.51.109	24	DT	None	2021-06-23 00:00:00	2021-09-21 00:00:00	None	SQL injection - Web Attacks (IP=109,JP)
154.160.1.0	24	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	GH TO-S-2021-1007 Malware Activity
154.176.254.72	24	KD	None	2021-07-30 00:00:00	2021-10-28 00:00:00	None	HTTP: Apache Struts2 XML - TT# 21C01499 (IP=72,EG)
154.178.3.24	24	GM	None	2020-12-19 00:00:00	2021-03-19 00:00:00	None	HTTP: SQL Injection - Exploit - Web Attacks (IP=24,EG)
154.196.140.147	32	NAB	None	2020-10-30 00:00:00	2021-01-28 00:00:00	None	HIVE Case #4238 COLS-NA-TIP-20-0344 (IP=147,HK)
154.197.15.164	24	EE	None	2021-04-08 00:00:00	2021-07-07 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt (1:19559:13) - SourceFire (IP=164,HK)
154.202.56.206	24	RW	None	2021-02-01 00:00:00	2021-05-01 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr web attacks (IP=11,HK)
154.209.3.153	24	RT	None	2021-07-30 00:00:00	2021-10-28 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt (1:51395:1) - Sourcefire Report (IP=153,HK)
154.209.81.3	24	BMP	None	2021-01-01 00:00:00	2021-04-01 00:00:00	None	POLICY-OTHER PHP uri tag injection attempt - SourceFire (IP=3,HK)
154.211.12.6	24	RW	None	2020-11-22 00:00:00	2021-02-22 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Sourcefire (IP=6,HK)
154.213.20.246	24	RR	None	2020-12-14 00:00:00	2021-03-14 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=246,HK)
154.218.7.53	24	RR	None	2021-03-08 00:00:00	2021-06-06 00:00:00	None	SERVER-WEBAPP vBulletin pre-authenticated command injection attempt - Web Attacks (IP=53,HK)
154.221.16.250	24	RB	None	2020-11-22 00:00:00	2021-02-22 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - 6hr web attacks (IP=250,HK)
154.221.21.221	24	RB	None	2021-02-07 00:00:00	2021-05-08 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr web attacks (IP=221,HK)
154.221.27.91	24	EE	None	2021-03-10 00:00:00	2021-06-10 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6 HR Web Attack (IP=91,HK)
154.27.72.115	32	RB	None	2021-02-05 00:00:00	2021-05-05 00:00:00	None	Unauthorized Access-Probe - TT# 21C00470 (IP=115,US)
154.6.28.230	32	RR	None	2021-03-06 00:00:00	2021-06-04 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=230,US)
154.6.28.230	24	RW	None	2021-03-06 00:00:00	2021-06-06 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - 6hr web attacks (IP=230,US)
154.66.133.17	24	EE	None	2021-03-15 00:00:00	2021-06-13 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attack (IP=17,BJ)
154.8.183.58	32	srm	None	2021-03-30 00:00:00	2021-06-30 00:00:00	None	Firepower Suspicious Scan Activity (IP=58,CN)
154.83.12.16	24	EE	None	2021-02-07 00:00:00	2021-05-08 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=16,HK)
154.83.13.159	32	BMP	None	2020-12-23 00:00:00	2021-03-23 00:00:00	None	SERVER-WEBAPP vBulletin pre-authenticated command injection attempt - 6hr Web Attacks (IP=159,US)
154.83.13.159	24	RR	None	2020-12-23 00:00:00	2021-03-23 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=159,HK)
154.83.16.89	24	DT	None	2020-10-05 00:00:00	2021-01-05 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Web Attacks (IP=89,HK)
154.83.17.97	24	RR	None	2020-12-30 00:00:00	2021-03-30 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=97,HK)
154.85.48.108	32	wmp	None	2020-10-22 00:00:00	2021-01-20 00:00:00	None	HIVE Case #4172 CTO-20-295 (IP=108,US)
154.85.51.239	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	HIVE Case #Firepower Firepower (IP=239,US)
154.85.62.149	32	BMP	None	2021-02-17 00:00:00	2021-05-16 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr Web Attacks (IP=149,US)
155.133.132.66	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	FR TO-S-2020-0459 Malware Activity
155.133.138.8	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	PL TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
155.138.199.224	32	wmp	None	2021-01-08 00:00:00	2021-04-08 00:00:00	None	Suspicious Scan Activity (IP=224,US)
155.235.24.16	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	ZA TO-S-2021-1007 Malicious Reconnaissance Activity
155.254.21.128	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	US TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
155.4.188.158	32	RB	None	2021-03-16 00:00:00	2021-06-14 00:00:00	None	SERVER-WEBAPP Liferay arbitrary Java object deserialization attempt - 6hr web attacks (IP=158,SE)
155.4.213.239	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	SE Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
155.4.65.234	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	SE Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
155.81.113.100	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	US TO-S-2020-0870 Application Vulnerability Exploit
155.81.193.10	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	US TO-S-2020-0870 Application Vulnerability Exploit
155.81.193.11	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	US TO-S-2020-0870 Application Vulnerability Exploit
155.81.193.12	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	US TO-S-2020-0870 Application Vulnerability Exploit
155.93.208.0	20	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	ZA Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
155.94.129.148	32	TLM	None	2021-06-17 00:00:00	2021-12-17 00:00:00	None	HIVE Case #5644 TO-S-2021-1352 (IP=148,US)
155.94.138.89	32	NAB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HIVE Case #5136 TO-S-21-1197 TO-S-21-1197.01 (IP=89,US)
155.94.149.3	32	TLM	None	2021-07-29 00:00:00	2021-10-27 00:00:00	None	HIVE Case #5884 TO-S-2021-1435 (IP=3,US)
155.94.156.169	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=169,US)
155.94.174.155	32	TLM	None	2021-06-14 00:00:00	2021-12-14 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=155,US)
155.94.178.63	32	TLM	None	2021-06-17 00:00:00	2021-12-17 00:00:00	None	HIVE Case #5644 TO-S-2021-1352 (IP=63,US)
155.94.179.109	32	NAB	None	2021-04-05 00:00:00	2021-07-04 00:00:00	None	HIVE Case #5201 TO-S-21-1209 (IP=109,US)
155.94.179.22	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=22,US)
155.94.205.108	32	TLM	None	2021-06-17 00:00:00	2021-12-17 00:00:00	None	HIVE Case #5644 TO-S-2021-1352 (IP=108,US)
155.94.228.68	32	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5629 TO-S-2021-1303 (IP=68,US)
156.146.36.97	32	ZH	None	2021-06-28 00:00:00	2021-09-26 00:00:00	None	Unauthorized Access-Probe / UDP Host Sweep TT# 21C01375 (IP=97,US)
156.146.55.78	32	RB	None	2021-01-10 00:00:00	2021-04-10 00:00:00	None	HTTP SQL Injection Attempt - 6hr web attacks (IP=78,US)
156.148.18.23	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	IT TO-S-2020-0698 Malware Activity
156.154.69.10	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	UDP: Port Scan (IP=10,US)
156.194.104.108	24	KD	None	2021-08-10 00:00:00	2021-11-08 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - SourceFire (IP=108,EG)
156.196.76.1	24	DT	None	2021-06-18 00:00:00	2021-09-16 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt (1:19559:13) - Source Fire (IP=61,EG)
156.196.76.1	24	DT	None	2021-06-18 00:00:00	2021-09-16 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6hr Failed Logons (IP=1,EG)
156.197.145.233	24	UA	None	2021-09-27 00:00:00	2021-12-26 00:00:00	None	Attempted Access - Inbound Brute Force - TT# 21C01968 (IP=233,EG)
156.197.145.233	24	UA	None	2021-09-27 00:00:00	2021-12-26 00:00:00	None	Attempted Access - Inbound Brute Force - TT# 21C01968 (IP=233,EG)
156.200.107.242	24	CR	None	2021-05-12 00:00:00	2021-08-10 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=242,EG)
156.200.107.244	24	RR	None	2021-06-05 00:00:00	2021-09-03 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability (IP=244,EG) | updated by RR Block was inactive. Reactivated on 20210605 with reason INDICATOR-SCAN PHP backdoor scan attempt - SourceFire (IP=244,EG) INDICATOR-SCAN PHP backdoor scan attempt - S
156.200.107.244	24	CR	None	2021-05-12 00:00:00	2021-09-03 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability (IP=244,EG) | updated by RR Block was inactive. Reactivated on 20210605 with reason INDICATOR-SCAN PHP backdoor scan attempt - SourceFire (IP=244,EG) INDICATOR-SCAN PHP backdoor scan attempt - S
156.200.107.244	24	RR	None	2020-05-09 00:00:00	2021-09-03 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability (IP=244,EG) | updated by RR Block was inactive. Reactivated on 20210605 with reason INDICATOR-SCAN PHP backdoor scan attempt - SourceFire (IP=244,EG) INDICATOR-SCAN PHP backdoor scan attempt - S
156.203.238.205	24	KH	None	2021-09-12 00:00:00	2021-12-11 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6hr Failed Logons (IP=205,EG)
156.205.165.235	24	UA	None	2021-07-21 00:00:00	2021-10-19 00:00:00	None	Adobe ColdFusion Administrator Access Restriction - 6 hour web attacks (IP=235,EG)
156.206.103.119	24	BMP	None	2020-10-16 00:00:00	2021-01-14 00:00:00	None	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt - SourceFire (IP=119,EG)
156.206.132.111	24	RR	None	2021-08-18 00:00:00	2021-11-16 00:00:00	None	SERVER-WEBAPP Cisco ASA directory traversal attempt - Web Attacks (IP=111,EG)
156.206.149.75	24	RW	None	2020-10-20 00:00:00	2021-01-20 00:00:00	None	SERVER-WEBAPP JBoss JMXInvokerServlet access attempt - 6hr web attacks (IP=75,EG)
156.206.254.100	24	RW	None	2020-10-21 00:00:00	2021-01-21 00:00:00	None	OS-OTHER Bash CGI environment variable injection attempt - 6hr web attacks (IP=100,EG)
156.206.59.32	24	DT	None	2021-08-25 00:00:00	2021-11-23 00:00:00	None	SQL injection - Web Attacks (IP=32,EG)
156.225.14.184	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	CN Hive Case 4237 TO-S-2021-0910 Malware Activity
156.225.2.89	24	BMP	None	2020-10-06 00:00:00	2021-01-06 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - 6hr Web Attacks (IP=89,HK)
156.231.38.66	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	ZA Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
156.234.201.0	24	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	HK TO-S-2020-0315 Malware Activity
156.234.6.49	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=49,HK)
156.234.95.135	32	srm	None	2021-04-30 00:00:00	2021-07-30 00:00:00	None	Firepower Suspicious Scan Activity (IP=135,HK)
156.234.95.135	24	CR	None	2021-04-30 00:00:00	2021-07-30 00:00:00	None	SQL injection - 6 hr failed logons (IP=135,HK)
156.236.65.182	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	US TO-S-2021-1007 Malware Activity
156.236.65.24	32	BMP	None	2021-02-04 00:00:00	2021-05-04 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - 6hr Web Attacks (IP=24,US)
156.236.71.25	32	BMP	None	2020-07-20 00:00:00	2021-01-06 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C03510 (IP=25,US) | updated by DT Block expiration extended with reason HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 21C00056 (I
156.236.74.125	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	US TO-S-2020-0750 Malicious Email Activity
156.237.190.70	32	AR	None	2021-09-03 00:00:00	2021-12-02 00:00:00	None	POLICY-OTHER PHP uri tag injection attempt (1:23111:14) - SourceFire Report (IP=70,US)
156.241.132.9	24	BMP	None	2021-02-28 00:00:00	2021-05-28 00:00:00	None	SERVER-WEBAPP vBulletin pre-authenticated command injection attempt - 6hr Web Attacks (IP=9,HK)
156.247.12.228	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
156.247.13.134	24	DT	None	2021-01-11 00:00:00	2021-04-11 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=134,DE)
156.251.136.4	32	ZH	None	2021-08-29 00:00:00	2021-11-27 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - TT# 21C01663 (IP=4,US)
156.253.5.93	24	BMP	None	2021-03-30 00:00:00	2021-06-28 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=93,ZA)
156.253.8.0	21	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	HK Hive Case 4187 TO-S-2021-0898 Malicious Web Application Activity
156.255.241.179	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	HK Hive Case 4187 TO-S-2021-0898 Malicious Web Application Activity
156.38.171.147	32	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5629 TO-S-2021-1303 (IP=147,ZA)
156.38.171.147	32	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5629 TO-S-2021-1303 (IP=147,ZA)
156.38.175.59	32	jkc	None	2021-04-21 00:00:00	2021-10-21 00:00:00	None	Case # 5273 IOC_TO-S-2021-1233 Malicious callback IP
156.38.216.34	32	NAB	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	HIVE Case #NA FP Security (IP=34,ZA)
156.67.107.176	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	PL TO-S-2020-0298 Malicious Email Activity
156.96.113.109	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	TCP: SYN Host Sweep (IP=109,US)
156.96.115.175	32	RB	None	2021-01-20 00:00:00	2021-04-21 00:00:00	None	Unauthorized Access-Probe - TT# 21C00413 (IP=175,US)
156.96.117.158	32	BMP	None	2020-10-16 00:00:00	2021-01-14 00:00:00	None	Unauthorized Access-Probe - TT# 21C00134 (IP=158,US)
156.96.119.70	32	RW	None	2020-11-21 00:00:00	2021-02-21 00:00:00	None	SERVER-OTHER OpenSSL TLSv1.1 heartbeat read overrun attempt - Sourcefire (IP=70,US)
156.96.46.121	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	US TO-S-2021-1007 Malware Activity
156.96.46.226	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	TCP: SYN Host Sweep (IP=226,US)
157.0.82.80	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=80,CN)
157.100.74.57	24	DT	None	2021-08-20 00:00:00	2021-11-18 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt (1:19559:13) - Sourcefire (IP=57,EC)
157.112.152.58	32	NAB	None	2020-10-30 00:00:00	2021-01-28 00:00:00	None	HIVE Case #4235 COLS-NA-TIP-20-0338 (IP=58,JP)
157.112.152.69	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	JP Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
157.112.176.22	32	dbc	None	2020-06-08 00:00:00	2021-06-08 00:00:00	None	JP TO-S-2020-0592 Malware Activity
157.119.108.0	24	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	IN TO-S-2021-0989 Hive Case # 4493 Unknown Malicious Activity
157.122.164.17	24	KH	None	2021-09-22 00:00:00	2021-12-21 00:00:00	None	Generic URI Injection wget Attempt - Sourcefire (IP=17,CN)
157.131.240.194	32	GM	None	2020-11-28 00:00:00	2021-02-28 00:00:00	None	SERVER-WEBAPP ZyXEL P660HN ADSL Router viewlog.asp command injection attempt - Sourcefire (IP=194,US)
157.147.76.151	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	JP TO-S-2021-0876 Hive Case 4166 Malware Activity
157.185.177.205	32	dbc	None	2020-01-08 00:00:00	2021-01-08 00:00:00	None	US TO-S-2020-0236 Malicious Email Activity
157.185.66.66	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=66,US)
157.230.0.0	24	ZH	None	2021-06-15 00:00:00	2021-09-14 00:00:00	None	DDoS - TT#: 21C01306 (IP=0,US)
157.230.1.171	32	ZH	None	2021-06-12 00:00:00	2021-09-10 00:00:00	None	Adobe ColdFusion Administrator Access Restriction - 6hr Web Attacks (IP=171,US)
157.230.1.171	32	ZH	None	2021-06-12 00:00:00	2021-09-10 00:00:00	None	Adobe ColdFusion Administrator Access Restriction - 6hr Web Attacks (IP=171,US)
157.230.1.57	32	BMP	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=57,US)
157.230.10.238	32	RB	None	2021-04-07 00:00:00	2021-07-06 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Sourcefire (IP=238,US)
157.230.102.58	24	BMP	None	2021-05-14 00:00:00	2021-08-12 00:00:00	None	SQL injection - 6hr Web Attacks (IP=58,DE)
157.230.106.2	24	RW	None	2021-05-01 00:00:00	2021-08-01 00:00:00	None	SQL injection - Web attacks (IP=2,DE)
157.230.107.48	32	wmp	None	2021-06-22 00:00:00	2021-09-22 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=48,DE)
157.230.111.28	24	BMP	None	2021-04-30 00:00:00	2021-07-29 00:00:00	None	SQL injection - 6hr Web Attacks (IP=28,DE)
157.230.113.44	32	AR	None	2021-09-14 00:00:00	2021-12-13 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - TT# 21C01845 (IP=44,US)
157.230.114.221	24	RW	None	2021-05-02 00:00:00	2021-08-02 00:00:00	None	HTTP SQL Injection Attempt - Web attacks (IP=221,DE)
157.230.115.162	24	RW	None	2021-05-02 00:00:00	2021-08-02 00:00:00	None	SQL injection - Web attacks (IP=162,DE)
157.230.116.73	24	BMP	None	2021-04-30 00:00:00	2021-07-29 00:00:00	None	SQL injection - 6hr Web Attacks (IP=73,DE)
157.230.117.101	32	wmp	None	2021-06-24 00:00:00	2021-09-24 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=101,DE)
157.230.118.196	24	RW	None	2021-05-02 00:00:00	2021-08-02 00:00:00	None	SQL injection - Web attacks (IP=196,DE)
157.230.119.244	24	FT	None	2021-01-06 00:00:00	2021-04-06 00:00:00	None	SQL union select - possible sql injection attempt - GET parameter - 6hr Web Attacks (IP=244,DE)
157.230.12.62	32	GM	None	2021-04-23 00:00:00	2021-07-23 00:00:00	None	SQL injection - Web Attacks (IP=62,US)
157.230.120.124	24	BMP	None	2021-05-14 00:00:00	2021-08-12 00:00:00	None	SQL injection - 6hr Web Attacks (IP=124,DE)
157.230.120.165	24	BMP	None	2021-05-14 00:00:00	2021-08-12 00:00:00	None	SQL injection - 6hr Web Attacks (IP=165,DE)
157.230.120.81	24	BMP	None	2021-05-14 00:00:00	2021-08-12 00:00:00	None	SQL injection - 6hr Web Attacks (IP=81,DE)
157.230.121.143	24	RW	None	2021-05-02 00:00:00	2021-08-02 00:00:00	None	SQL injection - Web attacks (IP=143,DE)
157.230.121.169	24	RW	None	2021-05-02 00:00:00	2021-08-02 00:00:00	None	SQL injection - Web attacks (IP=169,DE)
157.230.122.102	24	RW	None	2021-05-02 00:00:00	2021-08-02 00:00:00	None	SQL injection - Web attacks (IP=102,DE)
157.230.123.78	24	RW	None	2021-05-02 00:00:00	2021-08-02 00:00:00	None	SQL injection - Web attacks (IP=78,DE)
157.230.124.191	24	BMP	None	2021-04-30 00:00:00	2021-07-29 00:00:00	None	SQL injection - 6hr Web Attacks (IP=191,DE)
157.230.125.143	24	BMP	None	2021-04-30 00:00:00	2021-07-29 00:00:00	None	SERVER-WEBAPP Atlassian OAuth plugin multiple versions server side request forgery attempt - 6hr Web Attacks (IP=143,DE)
157.230.126.148	24	RW	None	2021-05-02 00:00:00	2021-08-02 00:00:00	None	SQL injection - Web attacks (IP=148,DE)
157.230.134.219	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
157.230.14.200	32	RW	None	2021-07-23 00:00:00	2021-10-21 00:00:00	None	Django SQL Injection Vulnerability - Web Attacks (IP=200,US)
157.230.14.212	32	RR	None	2021-06-14 00:00:00	2021-09-12 00:00:00	None	SQL injection - Web Attacks (IP=212,US)
157.230.17.150	24	BMP	None	2021-05-11 00:00:00	2021-08-09 00:00:00	None	SQL injection - 6hr Web Attacks (IP=150,DE)
157.230.17.207	24	BMP	None	2021-05-11 00:00:00	2021-08-09 00:00:00	None	SQL injection - 6hr Web Attacks (IP=207,DE)
157.230.178.223	32	wmp	None	2021-02-05 00:00:00	2021-05-05 00:00:00	None	Imperva Suspicious Scan Activty (IP=223,US)
157.230.18.187	24	BMP	None	2021-05-11 00:00:00	2021-08-09 00:00:00	None	HTTP: PHP File Upload Vulnerability Detected - 6hr Web Attacks (IP=187,DE)
157.230.182.185	32	BMP	None	2021-08-15 00:00:00	2021-11-13 00:00:00	None	SERVER-WEBAPP SAP NetWeaver xMII directory traversal attempt (1:38988:2) - SoureFire (IP=185,US)
157.230.182.223	32	wmp	None	2021-02-05 00:00:00	2021-05-05 00:00:00	None	FireEye IPS Nuclei Vulnerability Scanner (IP=223,US)
157.230.182.243	32	wmp	None	2021-02-05 00:00:00	2021-05-05 00:00:00	None	FireEye IPS Nuclei Vulnerability Scanner (IP=243,US)
157.230.182.243	32	wmp	None	2021-02-05 00:00:00	2021-05-05 00:00:00	None	FireEye IPS Nuclei Vulnerability Scanner (IP=243,US)
157.230.183.13	32	RB	None	2021-04-05 00:00:00	2021-07-04 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr web attacks (IP=13,US)
157.230.183.147	32	RB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr failed logons (IP=147,US)
157.230.183.98	32	RB	None	2021-04-07 00:00:00	2021-07-06 00:00:00	None	SERVER-WEBAPP Ulterius web server directory traversal attempt - Sourcefire (IP=98,US)
157.230.185.51	32	BMP	None	2021-04-11 00:00:00	2021-09-07 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=51,US) | updated by SW Block expiration extended with reason SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=51,US) SERVER-WEBAPP PHPUnit PHP
157.230.185.51	32	SW	None	2021-06-09 00:00:00	2021-09-07 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=51,US) | updated by SW Block expiration extended with reason SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=51,US) SERVER-WEBAPP PHPUnit PHP
157.230.189.221	32	wmp	None	2021-02-10 00:00:00	2021-05-10 00:00:00	None	FireEye IPS Nuclei Vulnerability Scanner (IP=221,US)
157.230.190.0	24	ZH	None	2021-06-15 00:00:00	2021-09-14 00:00:00	None	DDoS - TT#: 21C01306 (IP=0,US)
157.230.190.122	32	RR	None	2021-06-14 00:00:00	2021-09-12 00:00:00	None	SQL injection - Web Attacks (IP=122,US)
157.230.190.17	32	GM	None	2021-04-22 00:00:00	2021-07-22 00:00:00	None	Command Injection (IP=17,US) | updated by wmp Block expiration extended with reason Palo Alto Suspicious Scan Activity (IP=17,US) Palo Alto Suspicious Scan Activity (IP=17,US)
157.230.190.17	32	EE	None	2021-04-22 00:00:00	2021-07-22 00:00:00	None	Command Injection (IP=17,US) | updated by wmp Block expiration extended with reason Palo Alto Suspicious Scan Activity (IP=17,US) Palo Alto Suspicious Scan Activity (IP=17,US)
157.230.190.17	32	wmp	None	2021-04-22 00:00:00	2021-07-22 00:00:00	None	Command Injection (IP=17,US) | updated by wmp Block expiration extended with reason Palo Alto Suspicious Scan Activity (IP=17,US) Palo Alto Suspicious Scan Activity (IP=17,US)
157.230.191.60	32	BMP	None	2021-08-15 00:00:00	2021-11-13 00:00:00	None	SERVER-OTHER PHP webshell upload attempt (1:49457:2) - SoureFire (IP=60,US)
157.230.208.218	32	RR	None	2021-06-14 00:00:00	2021-09-12 00:00:00	None	SQL injection - Web Attacks (IP=218,US)
157.230.208.22	32	wmp	None	2021-02-05 00:00:00	2021-05-05 00:00:00	None	FireEye IPS Nuclei Vulnerability Scanner (IP=22,US)
157.230.209.111	32	wmp	None	2021-02-05 00:00:00	2021-05-05 00:00:00	None	FireEye IPS Nuclei Vulnerability Scanner (IP=111,US
157.230.209.168	32	wmp	None	2021-02-05 00:00:00	2021-05-05 00:00:00	None	FireEye IPS Nuclei Vulnerability Scanner (IP=168,US)
157.230.209.196	32	wmp	None	2021-02-05 00:00:00	2021-05-05 00:00:00	None	Imperva Suspicious Scan Activty (IP=196,US)
157.230.209.206	32	wmp	None	2021-02-05 00:00:00	2021-05-05 00:00:00	None	FireEye IPS Nuclei Vulnerability Scanner (IP=206,US)
157.230.209.231	32	wmp	None	2021-02-05 00:00:00	2021-05-05 00:00:00	None	Imperva Suspicious Scan Activty (IP=231,US)
157.230.209.66	32	wmp	None	2021-02-05 00:00:00	2021-05-05 00:00:00	None	Imperva Suspicious Scan Activty (IP=66,US)
157.230.209.80	32	wmp	None	2021-02-05 00:00:00	2021-05-05 00:00:00	None	Imperva Suspicious Scan Activty (IP=80,US)
157.230.21.147	24	CR	None	2021-04-30 00:00:00	2021-07-30 00:00:00	None	HTTP SQL injection_Web Attack Report (IP=147,DE)
157.230.210.224	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	US TO-S-2020-0493 Malware Activity
157.230.213.101	32	RR	None	2021-06-14 00:00:00	2021-09-12 00:00:00	None	SQL injection - Web Attacks (IP=101,US)
157.230.213.111	32	RB	None	2021-05-22 00:00:00	2021-08-20 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=111,US) | updated by RB Block expiration extended with reason SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Sourcefire (IP=111,US) SERVER-WEBAPP PHPUnit
157.230.213.111	32	BMP	None	2021-03-25 00:00:00	2021-08-20 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=111,US) | updated by RB Block expiration extended with reason SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Sourcefire (IP=111,US) SERVER-WEBAPP PHPUnit
157.230.215.199	32	BMP	None	2021-03-27 00:00:00	2021-06-25 00:00:00	None	Adobe ColdFusion Administrator Access Restriction - 6hr Web Attacks (IP=199,US)
157.230.216.99	32	BMP	None	2021-08-15 00:00:00	2021-11-13 00:00:00	None	SQL injection - 6hr Web Attacks (IP=99,US)
157.230.218.175	32	RR	None	2020-11-24 00:00:00	2021-02-22 00:00:00	None	OS-OTHER Bash CGI environment variable injection attempt - Web Attacks (IP=175,US)
157.230.219.75	32	BMP	None	2021-03-27 00:00:00	2021-06-25 00:00:00	None	SQL injection - 6hr Web Attacks (IP=75,US)
157.230.219.80	32	BMP	None	2021-08-15 00:00:00	2021-11-13 00:00:00	None	SERVER-ORACLE Oracle iPlanet Web Server unauthenticated information disclosure attempt (1:54214:1) - SoureFire (IP=80,US)
157.230.219.9	32	RB	None	2021-05-14 00:00:00	2021-09-03 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=9,US) | updated by RB Block expiration extended with reason HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=9,US) HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=9,US) | updated b
157.230.219.9	32	wmp	None	2021-04-29 00:00:00	2021-09-03 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=9,US) | updated by RB Block expiration extended with reason HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=9,US) HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=9,US) | updated b
157.230.219.9	32	RB	None	2021-06-05 00:00:00	2021-09-03 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=9,US) | updated by RB Block expiration extended with reason HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=9,US) HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=9,US) | updated b
157.230.219.9	32	RB	None	2021-06-05 00:00:00	2021-09-03 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Sourcefire (IP=9,US)
157.230.220.158	32	GM	None	2021-03-24 00:00:00	2021-06-24 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=158,US)
157.230.222.212	32	PS	None	2021-05-26 00:00:00	2021-08-24 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Sourcefire (1:45749:2) (IP=212,US)
157.230.222.212	32	PS	None	2021-05-26 00:00:00	2021-08-24 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Sourcefire (1:45749:2) (IP=212,US)
157.230.222.65	32	FT	None	2021-04-13 00:00:00	2021-07-12 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire (IP=65,US)
157.230.223.74	32	SW	None	2021-06-11 00:00:00	2021-09-09 00:00:00	None	AR RCC-CONUS HTTP_GET_Psble_F5TMUI_RCE_RC130840 - TT# 21C01288 (IP=74,US)
157.230.226.10	32	RB	None	2021-05-02 00:00:00	2021-07-31 00:00:00	None	HTTP: Apache Struts2 XML Deserialization Remote Code Execution - TT# 21C01108 (IP=10,US)
157.230.226.188	32	RW	None	2021-05-02 00:00:00	2021-08-02 00:00:00	None	SQL injection - Web attacks (IP=188,US)
157.230.226.190	32	RB	None	2021-05-02 00:00:00	2021-08-02 00:00:00	None	HTTP: Apache Struts OGNL Code Execution - TT# 21C01109 (IP=190,US) | updated by RW Block expiration extended with reason SERVER-WEBAPP Wordpress File Manager plugin elFinder remote code execution attempt - Sourcefire (IP=190,US) SERVER-WEBAPP Wordpress
157.230.226.190	32	RW	None	2021-05-02 00:00:00	2021-08-02 00:00:00	None	HTTP: Apache Struts OGNL Code Execution - TT# 21C01109 (IP=190,US) | updated by RW Block expiration extended with reason SERVER-WEBAPP Wordpress File Manager plugin elFinder remote code execution attempt - Sourcefire (IP=190,US) SERVER-WEBAPP Wordpress
157.230.226.95	32	RB	None	2021-05-02 00:00:00	2021-07-31 00:00:00	None	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - TT# 21C01105 (IP=95,US)
157.230.226.97	32	RB	None	2021-05-02 00:00:00	2021-08-02 00:00:00	None	ConversionErrorInterceptor OGNL Script - TT# 21C01112 (IP=97,US) | updated by RW Block expiration extended with reason SERVER-WEBAPP VMware View Planner logupload directory traversal attempt - Sourcefire (IP=97,US) SERVER-WEBAPP VMware View Planner log
157.230.226.97	32	RW	None	2021-05-02 00:00:00	2021-08-02 00:00:00	None	ConversionErrorInterceptor OGNL Script - TT# 21C01112 (IP=97,US) | updated by RW Block expiration extended with reason SERVER-WEBAPP VMware View Planner logupload directory traversal attempt - Sourcefire (IP=97,US) SERVER-WEBAPP VMware View Planner log
157.230.229.222	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	US TO-S-2020-0303 Malicious Web Application Activity
157.230.23.224	24	CR	None	2021-05-04 00:00:00	2021-08-03 00:00:00	None	SQL injection - 6hr Web Attacks (IP=224,DE)
157.230.230.11	32	RB	None	2021-05-02 00:00:00	2021-08-02 00:00:00	None	HTTP: Apache Struts2 XML Deserialization Remote Code Execution - TT# 21C01110 (IP=11,US) | updated by RW Block expiration extended with reason SERVER-WEBAPP WordPress Yuzo Related Posts plugin cross site scripting attempt - Sourcefire (IP=11,US) SERVER
157.230.230.11	32	RW	None	2021-05-02 00:00:00	2021-08-02 00:00:00	None	HTTP: Apache Struts2 XML Deserialization Remote Code Execution - TT# 21C01110 (IP=11,US) | updated by RW Block expiration extended with reason SERVER-WEBAPP WordPress Yuzo Related Posts plugin cross site scripting attempt - Sourcefire (IP=11,US) SERVER
157.230.230.46	32	RB	None	2021-05-02 00:00:00	2021-08-02 00:00:00	None	HTTP: Apache Struts OGNL Code Execution - TT# 21C01111 (IP=46,US) | updated by RW Block expiration extended with reason POLICY-OTHER SAP NetWeaver AS LM Configuration Wizard access detected - Sourcefire (IP=46,US) POLICY-OTHER SAP NetWeaver AS LM Confi
157.230.230.46	32	RW	None	2021-05-02 00:00:00	2021-08-02 00:00:00	None	HTTP: Apache Struts OGNL Code Execution - TT# 21C01111 (IP=46,US) | updated by RW Block expiration extended with reason POLICY-OTHER SAP NetWeaver AS LM Configuration Wizard access detected - Sourcefire (IP=46,US) POLICY-OTHER SAP NetWeaver AS LM Confi
157.230.230.69	32	RB	None	2021-05-02 00:00:00	2021-08-02 00:00:00	None	HTTP: Apache Struts2 XML Deserialization Remote Code Execution - TT# 21C01107 (IP=69,US) | updated by RW Block expiration extended with reason SERVER-APACHE Apache Tomcat mod_jk access control bypass attempt - Sourcefire (IP=69,US) SERVER-APACHE Apache
157.230.230.69	32	RW	None	2021-05-02 00:00:00	2021-08-02 00:00:00	None	HTTP: Apache Struts2 XML Deserialization Remote Code Execution - TT# 21C01107 (IP=69,US) | updated by RW Block expiration extended with reason SERVER-APACHE Apache Tomcat mod_jk access control bypass attempt - Sourcefire (IP=69,US) SERVER-APACHE Apache
157.230.232.122	32	RB	None	2021-04-07 00:00:00	2021-07-06 00:00:00	None	SQL HTTP URI blind injection attempt - Sourcefire (IP=122,US)
157.230.232.156	32	BMP	None	2021-06-15 00:00:00	2021-09-13 00:00:00	None	Command Injection (IP=156,US)
157.230.232.21	32	ZH	None	2021-06-18 00:00:00	2021-09-16 00:00:00	None	File /etc/passwd Access Attempt Detect- IPS Events (IP=21,US)
157.230.232.36	32	ZH	None	2021-06-18 00:00:00	2021-09-16 00:00:00	None	POLICY-OTHER PHP uri tag injection attempt (1:23111:14) - Sourcefire Rpt (IP=36,US)
157.230.234.137	32	RW	None	2021-05-02 00:00:00	2021-08-02 00:00:00	None	SQL injection - Web attacks (IP=137,US)
157.230.239.115	32	RR	None	2021-06-14 00:00:00	2021-09-12 00:00:00	None	SQL injection - Web Attacks (IP=115,US)
157.230.24.16	32	BB	None	2021-09-18 00:00:00	2021-12-17 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - IR# 21C01891 (IP=16, US)
157.230.242.34	24	EE	None	2021-04-04 00:00:00	2021-07-03 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire (IP=34,SG)
157.230.243.146	24	EE	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attack (IP=146,SG)
157.230.249.0	24	FT	None	2021-03-30 00:00:00	2021-06-28 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=0,SG) | updated by FT Block expiration extended with reason HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=17,SG) HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=17,SG
157.230.249.0	24	EE	None	2021-03-12 00:00:00	2021-06-28 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=0,SG) | updated by FT Block expiration extended with reason HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=17,SG) HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=17,SG
157.230.255.16	24	RB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr failed logons (IP=16,SG)
157.230.26.251	24	BMP	None	2021-04-30 00:00:00	2021-07-29 00:00:00	None	SQL injection - 6hr Web Attacks (IP=251,DE)
157.230.27.205	24	BMP	None	2021-05-11 00:00:00	2021-08-09 00:00:00	None	SQL injection - 6hr Web Attacks (IP=205,DE)
157.230.28.239	24	CR	None	2021-04-30 00:00:00	2021-07-30 00:00:00	None	HTTP SQL injection_Web Attack Report (IP=239,DE)
157.230.3.115	32	RR	None	2021-03-02 00:00:00	2021-05-31 00:00:00	None	SERVER-WEBAPP vBulletin template rendering arbitrary PHP code execution attempt - SourceFire (IP=115,US)
157.230.4.37	32	RR	None	2021-07-23 00:00:00	2021-10-21 00:00:00	None	SQL injection - Web Attacks (IP=37,US)
157.230.4.37	24	BB	None	2021-07-24 00:00:00	2021-10-22 00:00:00	None	SERVER-WEBAPP WordPress Yuzo Related Posts plugin cross site scripting attempt (1:49796:1) - SourceFire (IP=37,US )
157.230.4.37	32	BB	None	2021-07-24 00:00:00	2021-10-22 00:00:00	None	SERVER-WEBAPP WordPress Yuzo Related Posts plugin cross site scripting attempt - Web Attacks (IP=37,US)
157.230.40.191	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	SG Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
157.230.44.123	32	DT	None	2021-09-11 00:00:00	2021-12-10 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Paper TT 002
157.230.44.41	24	EE	None	2021-03-22 00:00:00	2021-06-20 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attack(IP=41,SG)
157.230.5.13	32	RW	None	2021-08-10 00:00:00	2021-11-08 00:00:00	None	File /etc/passwd Access Attempt Detect - FE IPS (IP=13,US)
157.230.5.23	32	RW	None	2021-08-10 00:00:00	2021-11-08 00:00:00	None	File /etc/passwd Access Attempt Detect - FE IPS (IP=23,US)
157.230.5.41	32	RW	None	2021-08-10 00:00:00	2021-11-08 00:00:00	None	File /etc/passwd Access Attempt Detect - FE IPS (IP=41,US)
157.230.5.9	32	RW	None	2021-08-10 00:00:00	2021-11-08 00:00:00	None	Possible Cross-site Scripting Attack - FE IPS (IP=9,US)
157.230.51.227	32	BMP	None	2021-05-27 00:00:00	2021-08-25 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=227,US)
157.230.52.25	32	RB	None	2021-03-29 00:00:00	2021-06-27 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=25,US)
157.230.55.128	32	RB	None	2021-02-17 00:00:00	2021-05-17 00:00:00	None	Nuclei Vulnerability Scanner - IPS Events (IP=128,US) | updated by wmp Block expiration extended with reason FireEye IPS Nuclei Vulnerability Scanner (IP=128,US) FireEye IPS Nuclei Vulnerability Scanner (IP=128,US)
157.230.55.128	32	wmp	None	2021-02-17 00:00:00	2021-05-17 00:00:00	None	Nuclei Vulnerability Scanner - IPS Events (IP=128,US) | updated by wmp Block expiration extended with reason FireEye IPS Nuclei Vulnerability Scanner (IP=128,US) FireEye IPS Nuclei Vulnerability Scanner (IP=128,US)
157.230.55.187	32	wmp	None	2021-02-17 00:00:00	2021-05-17 00:00:00	None	Imperva Distributed Nuclei Scanner (IP=187,US)
157.230.57.78	32	RR	None	2021-06-14 00:00:00	2021-09-12 00:00:00	None	SQL injection - Web Attacks (IP=78,US)
157.230.58.165	32	RB	None	2021-03-24 00:00:00	2021-06-25 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - 6hr web attack (IP=165,US) | updated by RW Block expiration extended with reason SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Sourcefire (IP=165,US) SERVER-WEBAPP PHPUnit PHP remote
157.230.58.165	32	RW	None	2021-03-25 00:00:00	2021-06-25 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - 6hr web attack (IP=165,US) | updated by RW Block expiration extended with reason SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Sourcefire (IP=165,US) SERVER-WEBAPP PHPUnit PHP remote
157.230.60.117	32	RB	None	2021-02-22 00:00:00	2021-05-23 00:00:00	None	rConfig SQL Injection Vulnerability - 6hr web attacks (IP=117,US)
157.230.60.171	32	wmp	None	2021-03-04 00:00:00	2021-06-04 00:00:00	None	FireEye IPS Nuclei Vulnerability Scanner (IP=171,US)
157.230.60.208	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	US TO-S-2020-0298 Malicious Email Activity
157.230.61.18	32	SW	None	2021-07-24 00:00:00	2021-10-22 00:00:00	None	SQL injection - WebAttacks (IP=18, US)
157.230.63.85	32	BMP	None	2021-08-15 00:00:00	2021-11-13 00:00:00	None	SERVER-WEBAPP Java XML deserialization remote code execution attempt (1:44315:3) - SoureFire (IP=85,US)
157.230.7.217	32	RB	None	2021-03-30 00:00:00	2021-06-28 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Sourcefire (IP=217,US)
157.230.80.169	32	RR	None	2021-02-26 00:00:00	2021-05-27 00:00:00	None	File /etc/passwd Access Attempt Detect - IPS Events (IP=169,US)
157.230.82.133	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=133,US)
157.230.83.114	32	RR	None	2021-09-15 00:00:00	2021-12-14 00:00:00	None	Self-Report / ColdFusion Errors - TT# 21C01864 (IP=114,US)
157.230.83.120	32	wmp	None	2021-05-03 00:00:00	2021-08-03 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=120,US)
157.230.83.58	32	RR	None	2021-06-14 00:00:00	2021-09-12 00:00:00	None	SQL injection - Web Attacks (IP=58,US)
157.230.86.45	32	BMP	None	2020-10-06 00:00:00	2021-01-06 00:00:00	None	OS-OTHER Bash CGI environment variable injection attempt - SourceFire (IP=45,US)
157.230.87.10	32	ZH	None	2021-06-12 00:00:00	2021-09-10 00:00:00	None	SQL injection - 6hr Web Attacks (IP=10,US)
157.230.87.10	32	ZH	None	2021-06-12 00:00:00	2021-09-10 00:00:00	None	SQL injection - 6hr Web Attacks (IP=10,US)
157.230.88.37	32	BMP	None	2020-10-30 00:00:00	2021-01-30 00:00:00	None	HTTP Django SQL Injection Vulnerability - 6hr Web Atacks (IP=228,US)
157.230.89.203	32	BMP	None	2021-03-25 00:00:00	2021-06-23 00:00:00	None	POLICY-OTHER SAP NetWeaver AS LM Configuration Wizard access detected - SourceFire (IP=203,US)
157.230.90.152	32	RW	None	2021-03-13 00:00:00	2021-06-13 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=152,US)
157.230.90.61	32	BMP	None	2020-10-06 00:00:00	2021-01-06 00:00:00	None	SERVER-WEBAPP F5 BIG-IP Traffic Management User Interface remote code execution attempt - SourceFire (IP=61,US)
157.230.91.23	32	RB	None	2021-03-29 00:00:00	2021-06-27 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=23,US)
157.230.92.146	32	GM	None	2021-02-19 00:00:00	2021-05-19 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt - Sourcefire (IP=92,US)
157.230.95.244	32	BMP	None	2021-03-13 00:00:00	2021-06-11 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=244,US)
157.230.95.84	32	RW	None	2021-04-02 00:00:00	2021-07-02 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr web attacks (IP=84,US)
157.230.96.84	24	BMP	None	2021-05-11 00:00:00	2021-08-09 00:00:00	None	SQL injection - 6hr Web Attacks (IP=84,DE)
157.230.97.142	24	BMP	None	2021-05-14 00:00:00	2021-08-12 00:00:00	None	SQL injection - 6hr Web Attacks (IP=142,DE)
157.230.98.85	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	DE TO-S-2020-0535 Malware Activity
157.230.99.181	24	RR	None	2021-04-01 00:00:00	2021-06-30 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=181,DE)
157.230.99.181	24	RR	None	2021-04-01 00:00:00	2021-06-30 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=181,DE)
157.245.101.169	24	FT	None	2021-03-27 00:00:00	2021-06-26 00:00:00	None	HTTP SQL Injection Attempt - Web Attacks (IP=169,IN) | updated by RW Block expiration extended with reason Webshell.Binary.php.FEC2 - Hive Case 5142 (IP=169,IN) Webshell.Binary.php.FEC2 - Hive Case 5142 (IP=169,IN)
157.245.101.169	24	RW	None	2021-03-26 00:00:00	2021-06-26 00:00:00	None	HTTP SQL Injection Attempt - Web Attacks (IP=169,IN) | updated by RW Block expiration extended with reason Webshell.Binary.php.FEC2 - Hive Case 5142 (IP=169,IN) Webshell.Binary.php.FEC2 - Hive Case 5142 (IP=169,IN)
157.245.103.248	32	CR	None	2021-05-11 00:00:00	2021-08-11 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt _Sourcefire (IP=248,US)
157.245.105.189	24	RW	None	2021-03-26 00:00:00	2021-06-26 00:00:00	None	Webshell.Binary.php.FEC2 - Hive Case 5141 (IP=189,IN)
157.245.105.189	24	RW	None	2021-03-26 00:00:00	2021-06-26 00:00:00	None	Webshell.Binary.php.FEC2 - Hive Case 5141 (IP=189,IN) Webshell.Binary.php.FEC2 - Hive Case 5141 (IP=189,IN)
157.245.105.83	24	FT	None	2021-03-27 00:00:00	2021-06-25 00:00:00	None	SQL union select - possible sql injection attempt - GET parameter - Web Attacks (IP=83,IN)
157.245.105.83	24	RW	None	2021-03-26 00:00:00	2021-06-26 00:00:00	None	Webshell.Binary.php.FEC2 - Hive Case 5143 (IP=169,IN)
157.245.107.168	32	wmp	None	2021-06-24 00:00:00	2021-09-24 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=168,IN)
157.245.107.239	24	RB	None	2020-10-07 00:00:00	2021-01-05 00:00:00	None	Nuclei Vulnerability Scanner - Sourcefire(IP=239,IN)
157.245.108.141	32	CR	None	2021-05-04 00:00:00	2021-08-04 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt_Sourcefire (IP=141,US)
157.245.110.209	24	RW	None	2021-03-26 00:00:00	2021-06-26 00:00:00	None	Webshell.Binary.php.FEC2 - Hive Case 5145 (IP=209,IN)
157.245.111.219	32	wmp	None	2021-01-29 00:00:00	2021-04-29 00:00:00	None	FireEye IPS Nuclei Vulnerability Scanner (IP=219,IN)
157.245.111.229	24	WR	None	2021-06-26 00:00:00	2021-09-24 00:00:00	None	SERVER-WEBAPP Multiple routers getcfg.php credential disclosure attempt (1:44388:6) - SourceFire (IP=229,IN)
157.245.112.110	32	DT	None	2021-06-18 00:00:00	2021-09-16 00:00:00	None	SERVER-APACHE Apache Tomcat mod_jk access control bypass attempt (1:48381:1) - Source Fire (IP=110,US)
157.245.112.127	32	BMP	None	2021-06-23 00:00:00	2021-09-21 00:00:00	None	SQL injection - 6hr Web Attacks (IP=127,US)
157.245.112.165	32	BMP	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=165,US)
157.245.114.107	32	BMP	None	2021-06-18 00:00:00	2021-09-16 00:00:00	None	Adobe ColdFusion Administrator Access Restriction - 6hr Web Attacks (IP=107,US)
157.245.114.193	32	BMP	None	2021-06-23 00:00:00	2021-09-21 00:00:00	None	SQL injection - 6hr Web Attacks (IP=193,US)
157.245.114.222	32	BMP	None	2021-08-13 00:00:00	2021-11-11 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - 6hr Web Attacks (IP=222,US)
157.245.116.102	32	BMP	None	2021-06-18 00:00:00	2021-09-16 00:00:00	None	SERVER-WEBAPP Symantec Messaging Gateway KavaChart Component directory traversal attempt (1:40451:2) - SourceFire (IP=102,US)
157.245.116.38	32	BMP	None	2021-06-23 00:00:00	2021-09-21 00:00:00	None	SQL injection - 6hr Web Attacks (IP=38,US)
157.245.118.134	32	BMP	None	2021-06-23 00:00:00	2021-09-21 00:00:00	None	SQL injection - 6hr Web Attacks (IP=134,US)
157.245.119.28	32	BMP	None	2021-06-18 00:00:00	2021-09-16 00:00:00	None	SQL injection - 6hr Web Attacks (IP=28,US)
157.245.12.161	32	RB	None	2021-05-07 00:00:00	2021-08-05 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Sourcefire (IP=161,US)
157.245.12.161	32	RB	None	2021-05-07 00:00:00	2021-08-05 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Sourcefire (IP=161,US)
157.245.120.130	32	EE	None	2021-03-19 00:00:00	2021-06-17 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=130,US)
157.245.122.166	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	US TO-S-2020-0493 Malware Activity
157.245.125.170	32	BMP	None	2021-06-15 00:00:00	2021-09-13 00:00:00	None	SQL injection - 6hr Web Attacks (IP=170,US)
157.245.130.6	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	US TO-S-2020-0331 Malicious Email Activity
157.245.139.199	32	RB	None	2021-04-01 00:00:00	2021-06-30 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=199,US)
157.245.143.154	32	RW	None	2021-03-10 00:00:00	2021-06-10 00:00:00	None	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00663 (IP=154,US)
157.245.196.160	32	BMP	None	2021-04-01 00:00:00	2021-06-30 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=160,US) | updated by BMP Block expiration extended with reason HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=160,US) HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web A
157.245.196.160	32	RW	None	2021-03-13 00:00:00	2021-06-30 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=160,US) | updated by BMP Block expiration extended with reason HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=160,US) HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web A
157.245.200.221	24	GM	None	2021-03-09 00:00:00	2021-06-07 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=221,SG)
157.245.211.219	32	BMP	None	2021-04-10 00:00:00	2021-07-09 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=219,US)
157.245.215.109	32	BMP	None	2021-06-18 00:00:00	2021-09-16 00:00:00	None	SERVER-APACHE Apache Tomcat mod_jk access control bypass attempt (1:48381:1) - SourceFire (IP=109,US)
157.245.215.146	32	UA	None	2021-08-05 00:00:00	2021-11-03 00:00:00	None	SERVER-APACHE Apache Tomcat mod_jk access control bypass attempt (1:48381:1) - Sourcefire (IP=146,US)
157.245.215.146	32	UA	None	2021-08-05 00:00:00	2021-11-03 00:00:00	None	SERVER-APACHE Apache Tomcat mod_jk access control bypass attempt (1:48381:1) - Sourcefire (IP=146,US)
157.245.220.37	32	BMP	None	2021-06-18 00:00:00	2021-09-16 00:00:00	None	SQL injection - 6hr Web Attacks (IP=37,US)
157.245.220.43	32	GM	None	2021-03-29 00:00:00	2021-06-29 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=43,US)
157.245.223.229	32	DT	None	2021-06-18 00:00:00	2021-09-16 00:00:00	None	SQL injection - Web Attacks (IP=229,US)
157.245.223.65	32	BMP	None	2021-06-23 00:00:00	2021-09-21 00:00:00	None	SQL injection - 6hr Web Attacks (IP=65,US)
157.245.226.196	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	US TO-S-2020-0298 Malware Activity
157.245.242.62	32	RW	None	2021-04-19 00:00:00	2021-07-19 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=62,US)
157.245.242.94	32	GM	None	2020-12-08 00:00:00	2021-03-08 00:00:00	None	SERVER-WEBAPP Symantec Messaging Gateway KavaChart Component directory traversal attempt - Sourcefire (IP=94,US)
157.245.244.108	32	GM	None	2021-02-19 00:00:00	2021-05-19 00:00:00	None	SERVER-WEBAPP Citrix ADC and Gateway information disclosure attempt - Sourcefire (IP=108,US)
157.245.245.183	32	GM	None	2021-03-09 00:00:00	2021-06-07 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=183,US)
157.245.245.57	32	DT	None	2021-04-23 00:00:00	2021-07-23 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=57,US)
157.245.246.11	32	RW	None	2021-04-02 00:00:00	2021-07-02 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr web attacks (IP=11,US)
157.245.248.233	32	ZH	None	2021-06-18 00:00:00	2021-09-16 00:00:00	None	File /etc/passwd Access Attempt Detect- IPS Events (IP=233,US)
157.245.254.41	32	BMP	None	2021-03-27 00:00:00	2021-06-25 00:00:00	None	SQL injection - 6hr Web Attacks (IP=41,US)
157.245.255.58	32	BMP	None	2021-03-13 00:00:00	2021-06-11 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=58,US)
157.245.3.26	32	BMP	None	2021-06-18 00:00:00	2021-09-16 00:00:00	None	SERVER-WEBAPP WordPress Yuzo Related Posts plugin cross site scripting attempt (1:49796:1) - SourceFire (IP=26,US)
157.245.45.155	24	GM	None	2021-03-29 00:00:00	2021-06-29 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=155,GB)
157.245.5.43	32	DT	None	2021-06-18 00:00:00	2021-09-16 00:00:00	None	SQL injection - Web Attacks (IP=43,US)
157.245.59.139	32	GL	None	2020-10-30 00:00:00	2021-01-28 00:00:00	None	HIVE Case #4236 COLSNATIP200339 (IP=139,SG)
157.245.65.24	24	SW	None	2021-08-23 00:00:00	2021-11-21 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - WebAttacks (IP=24, NL)
157.245.71.94	32	RR	None	2021-01-07 00:00:00	2021-04-07 00:00:00	None	Nuclei Vulnerability Scanner - IPS Events (IP=94,US)
157.245.78.47	32	dbc	None	2020-06-08 00:00:00	2021-06-08 00:00:00	None	US TO-S-2020-0592 Malicious Email Activity
157.245.82.242	32	RR	None	2021-07-16 00:00:00	2021-10-14 00:00:00	None	MULTIPLE UNRECOGNIZED TECHNIQUES; FORWARD TO DEV TEAM (IP=242,US)
157.245.82.40	32	RR	None	2021-05-23 00:00:00	2021-08-21 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=40,US) | updated by RR Block expiration extended with reason HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=40,US) HTTP: PHPUnit R
157.245.82.40	32	BMP	None	2021-03-26 00:00:00	2021-08-21 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=40,US) | updated by RR Block expiration extended with reason HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=40,US) HTTP: PHPUnit R
157.245.82.40	32	RB	None	2021-03-26 00:00:00	2021-08-21 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=40,US) | updated by RR Block expiration extended with reason HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=40,US) HTTP: PHPUnit R
157.245.84.8	32	BMP	None	2021-02-16 00:00:00	2021-05-15 00:00:00	None	POLICY-OTHER Adobe ColdFusion admin interface access attempt - 6hr Web Attacks (IP=8,US)
157.245.85.1	32	KD	None	2021-08-24 00:00:00	2021-11-22 00:00:00	None	SQL injection - Web Attacks (IP=1,US)
157.245.87.190	32	DT	None	2021-03-30 00:00:00	2021-06-28 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=190,US)
157.245.87.41	32	GM	None	2021-04-16 00:00:00	2021-07-17 00:00:00	None	SERVER-WEBAPP JBoss JMX console access attempt - Web Attacks (IP=41,US) | updated by BMP Block expiration extended with reason OS-OTHER Bash CGI environment variable injection attempt - 6hr Web Attacks (IP=41,US) OS-OTHER Bash CGI environment variable
157.245.87.41	32	BMP	None	2021-04-17 00:00:00	2021-07-17 00:00:00	None	SERVER-WEBAPP JBoss JMX console access attempt - Web Attacks (IP=41,US) | updated by BMP Block expiration extended with reason OS-OTHER Bash CGI environment variable injection attempt - 6hr Web Attacks (IP=41,US) OS-OTHER Bash CGI environment variable
157.245.90.119	32	DT	None	2021-08-31 00:00:00	2021-11-29 00:00:00	None	SQL injection - Web Attacks (IP=119,US)
157.245.97.231	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	IN Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
157.245.99.39	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	IN TO-S-2021-0876 Hive Case 4166 Malware Activity
157.245.99.57	24	FT	None	2021-03-27 00:00:00	2021-06-26 00:00:00	None	SERVER-WEBAPP Java XML deserialization remote code execution attempt - Web Attacks (IP=57,IN) | updated by RW Block expiration extended with reason Webshell.Binary.php.FEC2 - Hive Case 5144 (IP=57,IN) Webshell.Binary.php.FEC2 - Hive Case 5144 (IP=57,IN
157.245.99.57	24	RW	None	2021-03-26 00:00:00	2021-06-26 00:00:00	None	SERVER-WEBAPP Java XML deserialization remote code execution attempt - Web Attacks (IP=57,IN) | updated by RW Block expiration extended with reason Webshell.Binary.php.FEC2 - Hive Case 5144 (IP=57,IN) Webshell.Binary.php.FEC2 - Hive Case 5144 (IP=57,IN
157.25.155.29	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	PL TO-S-2020-0303 Malicious Email Activity
157.250.79.97	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=97,JP)
157.32.241.172	24	KD	None	2021-09-05 00:00:00	2021-12-04 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6hr Failed Logons (IP=172,IN)
157.38.68.92	24	CR	None	2021-05-13 00:00:00	2021-08-11 00:00:00	None	FTP Login Failed - Failed Logons (IP=92,IN)
157.40.214.68	24	RR	None	2021-05-24 00:00:00	2021-08-22 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - SourceFire (IP=68,IN)
157.41.31.192	32	RB	None	2021-04-06 00:00:00	2021-07-06 00:00:00	None	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - TT# 21C00982 (IP=192,IN)
157.49.87.7	24	KH	None	2021-09-04 00:00:00	2021-12-03 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - Failed Logons (IP=7,IN)
157.52.235.130	32	EE	None	2021-02-07 00:00:00	2021-05-07 00:00:00	None	INDICATOR-SCAN DNS version.bind string (1:42785:4) - SourceFire (IP=130,US)
157.52.252.150	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	US TO-S-2020-0493 Malware Activity
157.55.177.80	32	BMP	None	2021-06-16 00:00:00	2021-09-14 00:00:00	None	Adobe ColdFusion Administrator Access Restriction - 6hr Web Attacks (IP=80,US)
157.55.39.29	32	sym	None	2014-05-29 05:00:00	2021-05-16 00:00:00	None	SERVER-WEBAPP ksh access (ip=29,US) | updated by RB Block was inactive. Reactivated on 20210216 with reason Self Report: SRF Production Error - IR# 21C00509 (IP=29,US) Self Report: SRF Production Error - IR# 21C00509 (IP=29,US)
157.55.39.29	32	RB	None	2021-02-16 00:00:00	2021-05-16 00:00:00	None	SERVER-WEBAPP ksh access (ip=29,US) | updated by RB Block was inactive. Reactivated on 20210216 with reason Self Report: SRF Production Error - IR# 21C00509 (IP=29,US) Self Report: SRF Production Error - IR# 21C00509 (IP=29,US)
157.55.85.220	32	RW	None	2021-08-18 00:00:00	2021-11-16 00:00:00	None	Command Injection (IP=220,US)
157.7.106.9	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	JP TO-S-2020-0459 Malware Activity
157.7.107.106	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=106,JP)
157.7.107.48	32	dbc	None	2020-06-10 00:00:00	2021-06-10 00:00:00	None	Unaffiliated TO-S-2020-0601 Malicious Email Activity
157.7.107.97	32	NAB	None	2021-01-13 00:00:00	2021-04-13 00:00:00	None	HIVE Case #NA FP Security (IP=97,JP)
157.7.164.178	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	JP TO-S-2021-0876 Hive Case 4166 Malware Activity
157.7.174.55	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	JP TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
157.7.175.239	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	JP TO-S-2020-0298 Malware Activity
157.7.184.29	32	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	JP TO-S-2020-0315 Malicious Web Application Activity
157.7.188.123	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	HIVE Case #3723 COLS-NA-TIP-20-0275 (IP=123,JP)
157.7.188.133	32	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	JP TO-S-2020-0838 Malicious Email Activity
157.7.188.170	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	JP TO-S-2020-0459 Malware Activity
157.7.188.217	32	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	JP TO-S-2020-0838 Malicious Email Activity
157.7.209.127	24	RB	None	2021-03-29 00:00:00	2021-06-27 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr web attacks (IP=127,JP)
157.7.220.131	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	JP TO-S-2020-0493 Malware Activity
157.7.231.192	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=192,JP)
157.90.91.55	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=55,DE)
157.90.92.101	32	RW	None	2021-02-28 00:00:00	2021-05-28 00:00:00	None	Unauthorized Access-Probe/UDP: Host Sweep - TT# 21C00535 (IP=101,DE)
157.97.120.33	24	WR	None	2021-05-24 00:00:00	2021-08-22 00:00:00	None	Self Report / ColdFusion (2) - TT# 21C01203 (IP=33,DK)
157.97.89.53	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	ES TO-S-2020-0298 Malicious Email Activity
157.97.90.24	32	dbc	None	2020-05-22 00:00:00	2021-05-27 00:00:00	None	Unafilliated TO-S-2020-0559 Malicious Email Activity | updated by dbc Block expiration extended with reason Unafilliated TO-S-2020-0559.01 Malicious Email Activity
158.101.105.244	32	GM	None	2021-03-29 00:00:00	2021-06-29 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=244,US)
158.101.24.28	32	GM	None	2021-03-24 00:00:00	2021-06-24 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=28,US)
158.101.42.3	32	RW	None	2021-04-11 00:00:00	2021-07-11 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Sourcefire (IP=3,US)
158.101.67.75	32	BMP	None	2021-03-30 00:00:00	2021-06-28 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=75,US)
158.174.213.128	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=128,SE)
158.174.61.67	24	RR	None	2020-10-22 00:00:00	2021-01-20 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - SourceFire (IP=67,SE)
158.232.15.93	32	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	Unaffiliated TO-S-2020-0322 Malware Activity
158.232.15.98	32	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	Unaffiliated TO-S-2020-0322 Malware Activity
158.247.201.9	32	srm	None	2021-03-30 00:00:00	2021-06-30 00:00:00	None	Firepower Suspicious Scan Activity (IP=9,KR)
158.247.73.244	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=244,US)
158.51.121.57	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	CA TO-S-2021-0989 Hive Case # 4493 Unknown Malicious Activity
158.51.126.242	32	wmp	None	2021-06-29 00:00:00	2021-09-29 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=242,US)
158.51.96.170	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	US TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
158.51.96.181	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	US TO-S-2021-1007 Malicious Email Activity
158.58.173.40	24	EE	None	2021-07-01 00:00:00	2021-09-29 00:00:00	None	HIVE Case #5743 IOC_ Russian GRU Conducting Global Brute Force (IP=40,IT)
158.58.201.230	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	BG TO-S-2020-0298 Malicious Email Activity
158.69.106.42	32	dbc	None	2020-01-08 00:00:00	2021-01-08 00:00:00	None	CA TO-S-2020-0236 Malicious Email Activity
158.69.113.13	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	CA TO-S-2021-0876 Hive Case 4166 Malicious Web Application Activity
158.69.113.76	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	CA TO-S-2020-0298 Malicious Email Activity
158.69.141.29	32	TLM	None	2021-07-29 00:00:00	2021-10-27 00:00:00	None	HIVE Case #5884 TO-S-2021-1435 (IP=29,US)
158.69.158.101	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	CA TO-S-2020-0493 Malware Activity
158.69.158.103	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	CA TO-S-2020-0493 Malware Activity
158.69.16.70	24	EE	None	2021-04-02 00:00:00	2021-07-01 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=70,CA)
158.69.161.77	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	CA Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
158.69.183.97	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	CA Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
158.69.209.71	24	RR	None	2021-03-29 00:00:00	2021-06-27 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt -SourceFire (IP=71,CA)
158.69.210.226	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	CA Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
158.69.218.92	32	RR	None	2019-07-16 00:00:00	2021-04-23 00:00:00	None	SQL HTTP URI blind injection attempt - 6hr Web Attacks (IP=92,US) | updated by dbc Block was inactive. Reactivated on 20200423 with reason CA TO-S-2020-0459 Malware Activity
158.69.235.74	24	DT	None	2021-02-25 00:00:00	2021-05-25 00:00:00	None	SERVER-WEBAPP JBoss JMXInvokerServlet access attempt - Web Attacks (IP=74,CA)
158.69.27.201	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	CA TO-S-2020-0493 Malware Activity
158.69.28.192	24	BMP	None	2021-03-30 00:00:00	2021-06-28 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=192,CA)
158.69.30.85	32	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	CA TO-S-2020-0315 Malicious Web Application Activity
158.69.33.160	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	CA Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
158.69.33.163	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	CA Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
158.69.38.243	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	CA TO-S-2020-0493 Malware Activity
158.69.55.40	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	CA TO-S-2020-0298 Malware Activity
158.69.63.147	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	CA TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
158.69.63.147	32	NAB	None	2020-11-12 00:00:00	2021-02-10 00:00:00	None	HIVE Case #4296 COLS-NA-TIP-20-0347 (IP=147,CA)
158.69.98.141	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	CA Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
158.7.32.105	32	RR	None	2021-05-04 00:00:00	2021-08-02 00:00:00	None	AR 2RCC HTTP_GET directory traversal ../../../ RC5085838 - TT# 21C01121 (IP=105,CA)
159.0.65.200	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	SA TO-S-2020-0493 Malware Activity
159.100.240.0	20	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	CH TO-S-2020-0322 Malware Activity
159.138.24.0	21	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,HK)
159.138.240.52	24	RW	None	2021-03-13 00:00:00	2021-06-13 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=52,SG)
159.138.247.165	24	BMP	None	2021-04-02 00:00:00	2021-07-01 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=165,TH)
159.138.46.106	24	FT	None	2020-10-18 00:00:00	2021-01-18 00:00:00	None	SERVER-WEBAPP vBulletin template rendering arbitrary PHP code execution attempt - Web Attacks (IP=106,CN)
159.138.48.0	20	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	HK TO-S-2020-0838 Malicious Email Activity
159.138.82.45	24	EE	None	2021-03-27 00:00:00	2021-06-25 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=45,SG)
159.138.87.182	24	BMP	None	2021-06-23 00:00:00	2021-09-21 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=182,SG)
159.146.102.2	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	TR TO-S-2021-1007 Malware Activity
159.146.18.159	24	RB	None	2021-01-09 00:00:00	2021-04-09 00:00:00	None	OS-OTHER Bash CGI environment variable injection attempt - 6hr web attack (IP=159,TR)
159.146.4.165	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	TR TO-S-2020-0331 Malicious Web Application Activity
159.146.45.50	24	EE	None	2021-01-09 00:00:00	2021-04-09 00:00:00	None	SERVER-WEBAPP Citrix ADC and Gateway information disclosure attempt (1:56162:1) - SourceFire (IP=50,TR)
159.146.49.248	24	RR	None	2020-10-15 00:00:00	2021-01-13 00:00:00	None	SERVER-WEBAPP F5 BIG-IP Traffic Management User Interface remote code execution attempt (1:54484:2) - SourceFire (IP=248,IN)
159.146.60.213	32	srm	None	2021-04-20 00:00:00	2021-07-19 00:00:00	None	Firepower Suspicious Scan Activity (IP=213,TR)
159.146.86.243	24	KH	None	2021-10-01 00:00:00	2021-12-31 00:00:00	None	SERVER-WEBAPP Drupal unsafe internal attribute remote code execution attempt - 6hr Web Attack (IP=243,TR) | updated by RT Block expiration extended with reason SERVER-WEBAPP Drupal unsafe internal attribute remote code execution attempt (1:46451:1) - SOURCEFIRE REPORT (IP=243,TR) SERVER-WEBAPP Drupal unsafe internal attribute remote code execution attempt (1:46451:1) - SOURCEFIRE REPORT (IP=243,TR)
159.146.86.243	24	RT	None	2021-10-02 00:00:00	2021-12-31 00:00:00	None	SERVER-WEBAPP Drupal unsafe internal attribute remote code execution attempt - 6hr Web Attack (IP=243,TR) | updated by RT Block expiration extended with reason SERVER-WEBAPP Drupal unsafe internal attribute remote code execution attempt (1:46451:1) - SOURCEFIRE REPORT (IP=243,TR) SERVER-WEBAPP Drupal unsafe internal attribute remote code execution attempt (1:46451:1) - SOURCEFIRE REPORT (IP=243,TR)
159.146.88.0	24	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	TR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
159.148.186.250	24	EE	None	2021-02-15 00:00:00	2021-05-15 00:00:00	None	SERVER-WEBAPP Oracle Glassfish unauthenticated directory traversal attempt - 6 HR Web Attacks (IP=250,LV)
159.192.137.154	24	EE	None	2021-04-20 00:00:00	2021-07-19 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt (1:19559:13) - SourceFire (IP=154,TH)
159.192.250.75	24	DT	None	2021-08-31 00:00:00	2021-11-29 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - Failed Logons (IP=75,TH)
159.192.70.242	24	BMP	None	2021-02-17 00:00:00	2021-05-16 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6hr Failed Logons (IP=242,TH)
159.192.70.242	24	RB	None	2021-02-17 00:00:00	2021-05-16 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - Sourcefire (IP=242,TH)
159.192.72.247	24	BMP	None	2021-02-28 00:00:00	2021-05-30 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6hr Failed Logons (IP=247,TH) | updated by RB Block expiration extended with reason INDICATOR-SCAN SSH brute force login attempt - 6hr failed logons (IP=247,TH) INDICATOR-SCAN SSH brute force login attempt
159.192.72.247	24	RB	None	2021-03-01 00:00:00	2021-05-30 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6hr Failed Logons (IP=247,TH) | updated by RB Block expiration extended with reason INDICATOR-SCAN SSH brute force login attempt - 6hr failed logons (IP=247,TH) INDICATOR-SCAN SSH brute force login attempt
159.203.104.200	32	RW	None	2021-03-25 00:00:00	2021-06-25 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr web attacks (IP=200,US)
159.203.110.248	32	nab	None	2021-01-06 00:00:00	2021-04-06 00:00:00	None	HIVE Case #4689 Hack the Army (IP=248,US)
159.203.110.73	32	RW	None	2020-10-04 00:00:00	2021-01-04 00:00:00	None	Attempted Access - Inbound Brute Force - TT# 21C00023 (IP=73,US)
159.203.111.102	24	FT	None	2021-03-14 00:00:00	2021-06-14 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=102,US)
159.203.116.69	32	NAB	None	2021-05-11 00:00:00	2021-11-11 00:00:00	None	HIVE Case #NA FP Security (IP=69,US)
159.203.117.254	32	KH	None	2021-06-28 00:00:00	2021-09-26 00:00:00	None	SQL injection - 6hr Web Attacks (IP=254,US)
159.203.119.106	32	RR	None	2021-03-08 00:00:00	2021-06-06 00:00:00	None	SERVER-WEBAPP Java XML deserialization remote code execution attempt ) - SourceFire (IP=106,US)
159.203.119.182	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=182,US)
159.203.122.107	32	BMP	None	2021-07-04 00:00:00	2021-10-02 00:00:00	None	Adobe ColdFusion Administrator Access Restriction - 6hr Web Attacks (IP=107,US)
159.203.128.47	32	GM	None	2020-12-20 00:00:00	2021-03-20 00:00:00	None	Masscan TCP Port Scanner - FireEye CMS (IP=47,US)
159.203.144.58	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=58,US)
159.203.16.68	24	RR	None	2021-05-03 00:00:00	2021-08-01 00:00:00	None	SSH2 Failed Login Attempt - Failed Logons (IP=68,CA)
159.203.169.106	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	US TO-S-2020-0493 Malware Activity
159.203.171.170	32	KH	None	2021-09-22 00:00:00	2021-12-21 00:00:00	None	SQL injection - 6 hr Web Attacks (IP=170,US)
159.203.180.25	32	UA	None	2021-07-11 00:00:00	2021-10-09 00:00:00	None	HTTP Request Brute Force Attack - 6hr Failed Logons (25,US)
159.203.180.38	32	RW	None	2021-04-19 00:00:00	2021-07-19 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=38,US)
159.203.184.160	32	AR	None	2021-07-10 00:00:00	2021-10-08 00:00:00	None	INDICATOR-OBFUSCATION select concat statement - possible sql injection (1:19437:6) - SourceFire (IP=160,US)
159.203.193.252	32	RW	None	2019-10-23 00:00:00	2021-02-14 00:00:00	None	Generic ArcSight scan attempt (IP=252,US) | updated by dbc Block was inactive. Reactivated on 20200214 with reason US TO-S-2020-0298 Malicious Email Activity
159.203.195.3	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	US TO-S-2020-0331 Malware Activity
159.203.201.195	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	US TO-S-2020-0298 Malicious Email Activity
159.203.201.56	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	US TO-S-2020-0298 Malicious Email Activity
159.203.201.85	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	US TO-S-2020-0298 Malicious Email Activity
159.203.201.96	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	US TO-S-2020-0298 Malicious Email Activity
159.203.203.82	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	US TO-S-2020-0298 Malicious Email Activity
159.203.205.161	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	US TO-S-2020-0331 Malware Activity
159.203.21.178	24	DT	None	2021-03-20 00:00:00	2021-06-18 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=178,CA)
159.203.25.139	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	CA TO-S-2020-0303 Malicious Email Activity
159.203.3.112	24	RR	None	2021-05-06 00:00:00	2021-08-04 00:00:00	None	SQL injection - Web Attacks (IP=112,CA)
159.203.37.67	32	srm	None	2021-03-30 00:00:00	2021-06-30 00:00:00	None	Firepower Suspicious Scan Activity (IP=67,CA)
159.203.43.231	32	srm	None	2021-04-28 00:00:00	2021-07-27 00:00:00	None	Firepower Suspicious Scan Activity (IP=231,CA)
159.203.57.47	24	BMP	None	2021-01-11 00:00:00	2021-04-11 00:00:00	None	Backdoor.TROCHILUS - Hive Case 4744 (IP=47,CA)
159.203.59.81	24	RB	None	2021-03-29 00:00:00	2021-06-27 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=81,CA)
159.203.62.249	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	CA TO-S-2020-0493 Malware Activity
159.203.70.30	32	KH	None	2021-06-28 00:00:00	2021-09-26 00:00:00	None	SQL injection - 6hr Web Attacks (IP=30,US)
159.203.76.70	32	KH	None	2021-09-22 00:00:00	2021-12-21 00:00:00	None	SQL injection - 6 hr Web Attacks (IP=70,US)
159.203.81.135	32	KH	None	2021-09-22 00:00:00	2021-12-21 00:00:00	None	SQL injection - 6 hr Web Attacks (IP=135,US)
159.203.83.203	32	BMP	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=203,US)
159.203.84.31	32	KH	None	2021-09-22 00:00:00	2021-12-21 00:00:00	None	SQL injection - 6 hr Web Attacks (IP=31,US)
159.203.9.168	24	RB	None	2021-03-24 00:00:00	2021-06-22 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - 6hr web attacks (IP=168 CA)
159.220.75.3	32	wmp	None	2021-02-12 00:00:00	2021-05-12 00:00:00	None	ArcSight High Attacker (IP=3,GB)
159.226.153.55	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=55,CN)
159.250.37.90	32	GM	None	2021-02-04 00:00:00	2021-05-04 00:00:00	None	SSH User Authentication Brute Force Attempt - Failed Logons (IP=90,US)
159.253.19.143	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	Unaffiliated TO-S-2020-0535 Malicious Email Activity
159.253.39.149	32	dbc	None	2020-09-01 00:00:00	2021-09-01 00:00:00	None	TR HIVE Case #3744 TO-S-2020-0772 Malicious Email Activity
159.253.43.125	32	dbc	None	2020-09-23 00:00:00	2021-09-23 00:00:00	None	TR TO-S-2020-0826 Hive Case 3950 Malicious Email Activity
159.253.73.64	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	GB TO-S-2020-0331 Malicious Web Application Activity
159.255.136.30	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	IT TO-S-2020-0298 Malicious Email Activity
159.255.160.0	21	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	IQ TO-S-2020-0298 Malicious Email Activity
159.65.100.120	32	BMP	None	2021-01-20 00:00:00	2021-04-21 00:00:00	None	HTTP: Firefuzzer SQL Injection Scanning II - 6hr Web Attacks (IP=120,US) | updated by wmp Block expiration extended with reason Suspicious Scan Activity (IP=120,US)
159.65.102.253	32	BMP	None	2021-03-23 00:00:00	2021-06-21 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=253,US)
159.65.102.82	32	DT	None	2021-03-30 00:00:00	2021-06-28 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=82,US)
159.65.102.87	32	BMP	None	2021-01-20 00:00:00	2021-04-21 00:00:00	None	HTTP: Firefuzzer SQL Injection Scanning II - 6hr Web Attacks (IP=87,US) | updated by wmp Block expiration extended with reason Suspicious Scan Activity (IP=87,US)
159.65.106.131	32	RW	None	2020-11-21 00:00:00	2021-02-21 00:00:00	None	SQL union select - possible sql injection attempt - GET parameter - Sourcefire (IP=131,US)
159.65.108.98	32	DT	None	2021-03-30 00:00:00	2021-06-28 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=98,US)
159.65.113.8	24	RR	None	2021-05-14 00:00:00	2021-08-12 00:00:00	None	OS-OTHER Bash CGI environment variable injection attempt - Web Attacks (IP=8,DE)
159.65.114.23	24	RR	None	2020-12-04 00:00:00	2021-03-04 00:00:00	None	SERVER-WEBAPP Ruby on Rails render file directory traversal attempt - Web Attacks (IP=23,DE)
159.65.115.22	32	srm	None	2021-05-11 00:00:00	2021-08-09 00:00:00	None	Firepower Suspicious Scan Activity (IP=22,DE)
159.65.115.80	24	RW	None	2021-05-15 00:00:00	2021-08-13 00:00:00	None	SQL injection - Web Attacks (IP=80,DE)
159.65.116.148	24	RB	None	2021-05-02 00:00:00	2021-07-31 00:00:00	None	SQL injection - 6hr web attacks (IP=148,DE)
159.65.117.219	32	wmp	None	2021-02-11 00:00:00	2021-05-11 00:00:00	None	Firepower Suspicious Scan Activity (IP=219,DE)
159.65.119.168	32	RW	None	2021-09-01 00:00:00	2021-12-01 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT#21C01713 (IP=168,US)
159.65.119.185	24	RB	None	2021-05-07 00:00:00	2021-08-05 00:00:00	None	SQL injection - Sourcefire (IP=185,DE)
159.65.119.185	32	wmp	None	2021-05-07 00:00:00	2021-08-07 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=185,DE)
159.65.119.240	32	wmp	None	2021-02-11 00:00:00	2021-05-11 00:00:00	None	Firepower Suspicious Scan Activity (IP=240,DE)
159.65.12.114	24	KD	None	2021-06-02 00:00:00	2021-09-03 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=114,SG) | updated by KD Block expiration extended with reason HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=114,SG) HTTP: ThinkPHP CMS Getshell Vulnerabili
159.65.12.114	24	FT	None	2021-03-20 00:00:00	2021-09-03 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=114,SG) | updated by KD Block expiration extended with reason HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=114,SG) HTTP: ThinkPHP CMS Getshell Vulnerabili
159.65.121.120	24	CR	None	2021-04-30 00:00:00	2021-07-30 00:00:00	None	HTTP SQL injection_Web Attack Report (IP=120,DE)
159.65.122.169	24	RW	None	2021-05-01 00:00:00	2021-08-01 00:00:00	None	SQL injection - Web attacks (IP=169,DE)
159.65.122.210	32	DT	None	2021-09-23 00:00:00	2021-12-22 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - TT# 21C01946 (IP=210,DE)
159.65.123.155	24	RW	None	2021-05-15 00:00:00	2021-08-13 00:00:00	None	SQL injection - Web Attacks (IP=155,DE)
159.65.124.209	24	RB	None	2021-03-11 00:00:00	2021-06-09 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=209,DE)
159.65.126.234	24	RB	None	2021-05-02 00:00:00	2021-07-31 00:00:00	None	SQL injection - 6hr web attacks (IP=234,DE)
159.65.127.229	24	RW	None	2021-05-15 00:00:00	2021-08-13 00:00:00	None	SQL injection - Web Attacks (IP=229,DE)
159.65.128.217	32	srm	None	2021-05-05 00:00:00	2021-08-03 00:00:00	None	Firepower Suspicious Scan Activity (IP=217,SG)
159.65.13.40	24	DT	None	2021-04-24 00:00:00	2021-07-24 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=40,SG)
159.65.132.139	24	GM	None	2021-03-27 00:00:00	2021-06-25 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=139,SG)
159.65.134.221	32	srm	None	2021-04-28 00:00:00	2021-07-27 00:00:00	None	Firepower Suspicious Scan Activity (IP=221,SG)
159.65.134.224	32	wmp	None	2021-05-13 00:00:00	2021-08-13 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=224,SG)
159.65.139.156	24	RW	None	2021-03-31 00:00:00	2021-06-30 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Sourcefire (IP=156,SG)
159.65.14.177	24	GM	None	2021-03-11 00:00:00	2021-06-11 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=177,SG)
159.65.141.235	24	EE	None	2021-03-27 00:00:00	2021-06-25 00:00:00	None	SERVER WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=235,SG)
159.65.142.168	24	RT	None	2021-05-27 00:00:00	2021-08-25 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire Report (IP=168,SG)
159.65.143.14	24	EE	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=14,SP)
159.65.144.133	32	RW	None	2020-10-04 00:00:00	2021-01-04 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - TT# 21C00022 (IP=133,IN)
159.65.150.138	24	RW	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=138,IN)
159.65.151.204	24	DT	None	2021-03-20 00:00:00	2021-06-18 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=204,IN)
159.65.155.170	32	FT	None	2021-03-03 00:00:00	2021-06-02 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=170,IN)
159.65.158.239	24	RR	None	2021-05-30 00:00:00	2021-08-28 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=239,IN)
159.65.163.214	32	BMP	None	2021-05-05 00:00:00	2021-08-03 00:00:00	None	HTTP: SQL Injection - Exploit - 6hr Web Attacks (IP=214,US)
159.65.163.90	32	ZH	None	2021-08-26 00:00:00	2021-11-24 00:00:00	None	SQL injection - 6 hr Web Attacks (IP=90,US)
159.65.165.206	32	BMP	None	2021-03-13 00:00:00	2021-06-11 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=206,US)
159.65.167.38	32	RR	None	2021-05-04 00:00:00	2021-08-02 00:00:00	None	HTTP SQL Injection Attempt - Web Attacks (IP=38,US)
159.65.169.143	32	CR	None	2021-05-04 00:00:00	2021-08-04 00:00:00	None	Webshell.Binary.php.FEC2 (IP=143,US)
159.65.170.71	32	BMP	None	2021-05-10 00:00:00	2021-08-08 00:00:00	None	HTTP SQL Injection Attempt - 6hr Web Attacks (IP=71,US)
159.65.18.59	32	srm	None	2021-04-28 00:00:00	2021-07-27 00:00:00	None	Firepower Suspicious Scan Activity (IP=59,GB)
159.65.181.245	32	UA	None	2021-08-05 00:00:00	2021-11-03 00:00:00	None	HTTP: SQL Injection - Exploit - 6hr Web Attacks (IP=245,US)
159.65.181.32	32	CR	None	2021-05-05 00:00:00	2021-08-05 00:00:00	None	SQL injection - Web Attacks Report (IP=32,US)
159.65.185.124	32	BMP	None	2021-05-14 00:00:00	2021-08-12 00:00:00	None	SQL injection - 6hr Web Attacks (IP=124,US)
159.65.185.27	32	CR	None	2021-05-05 00:00:00	2021-08-05 00:00:00	None	SQL injection - Web Attacks Report (IP=27,US)
159.65.185.85	32	ZH	None	2021-08-26 00:00:00	2021-11-24 00:00:00	None	SQL injection - 6 hr Web Attacks (IP=85,US)
159.65.190.118	32	RR	None	2021-06-13 00:00:00	2021-09-11 00:00:00	None	SQL injection - Web Attacks (IP=118,US)
159.65.20.78	32	wmp	None	2021-05-13 00:00:00	2021-08-13 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=78,GB)
159.65.200.23	24	RB	None	2021-03-24 00:00:00	2021-06-22 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr web attacks (IP=23 NL)
159.65.205.62	32	wmp	None	2021-03-09 00:00:00	2021-06-09 00:00:00	None	ArcSight ESM High Attacker (IP=62,NL)
159.65.206.162	24	RB	None	2021-01-09 00:00:00	2021-04-11 00:00:00	None	Suspicious Scan Activity - Hive Case #4744 (IP=162,NL) | updated by BMP Block expiration extended with reason Backdoor.TROCHILUS - Hive Case 4744 (IP=162,NL)
159.65.217.71	32	BMP	None	2021-03-13 00:00:00	2021-06-13 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=71,US)
159.65.219.193	32	RR	None	2021-05-14 00:00:00	2021-08-12 00:00:00	None	SQL injection - Web Attacks (IP=193,US)
159.65.219.48	32	FT	None	2021-03-14 00:00:00	2021-06-30 00:00:00	None	Artica Web Proxy SQL Injection Vulnerability - Web Attacks (IP=48,US) | updated by BMP Block expiration extended with reason OS-OTHER Bash CGI environment variable injection attempt - 6hr Web Attacks (IP=48,US) | updated by RB Block expiration extende
159.65.22.1	32	srm	None	2021-04-28 00:00:00	2021-07-27 00:00:00	None	Firepower Suspicious Scan Activity (IP=1,GB)
159.65.220.249	32	ZH	None	2021-08-28 00:00:00	2021-11-26 00:00:00	None	SERVER-WEBAPP F5 BIG-IP Traffic Management User Interface remote code execution attempt (1:54484:2) - Sourcefire (IP=249,US)
159.65.222.171	32	ZH	None	2021-08-28 00:00:00	2021-11-26 00:00:00	None	SERVER-OTHER Hashicorp Consul services API remote code execution attempt (1:49670:2) - Sourcefire (IP=171,US)
159.65.224.183	32	RB	None	2021-03-29 00:00:00	2021-06-27 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Sourcefire (IP=183,US)
159.65.225.72	32	NAB	None	2021-05-11 00:00:00	2021-11-11 00:00:00	None	HIVE Case #5422 DARKSIDE Ransomware (IP=72,US)
159.65.228.100	32	RT	None	2021-06-23 00:00:00	2021-09-21 00:00:00	None	POLICY-OTHER Adobe ColdFusion component browser access attempt (1:25977:3) - Sourcefire Report (IP=100,US)
159.65.228.101	32	GM	None	2020-10-08 00:00:00	2021-01-08 00:00:00	None	SERVER-WEBAPP Ruby on Rails render file directory traversal attempt - Web Attacks (IP=101,US)
159.65.229.149	32	RR	None	2021-03-23 00:00:00	2021-08-21 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=149,US) | updated by RR Block expiration extended with reason HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=149,US)
159.65.229.162	32	BMP	None	2020-04-13 00:00:00	2021-12-01 00:00:00	None	SQL HTTP URI blind injection attempt - 6hr Web Attacks (IP=162,US) | updated by VV Block was inactive. Reactivated on 20210902 with reason MULTIPLE UNRECOGNIZED TECHNIQUES; FORWARD TO DEV TEAM - ABC Report(IP=162,US)
159.65.230.129	32	RB	None	2020-12-02 00:00:00	2021-03-02 00:00:00	None	SERVER-WEBAPP F5 BIG-IP Traffic Management User Interface remote code execution attempt - Sourcefire (IP=129,US)
159.65.234.247	32	KD	None	2021-08-10 00:00:00	2021-11-08 00:00:00	None	SERVER-WEBAPP JBoss JMX console access attempt - SourceFire (IP=247,US)
159.65.241.242	32	BMP	None	2021-06-18 00:00:00	2021-09-16 00:00:00	None	SQL injection - 6hr Web Attacks (IP=242,US)
159.65.244.249	32	RW	None	2021-05-07 00:00:00	2021-08-07 00:00:00	None	HTTP: SQL Injection - Exploit II - Web attacks (IP=249,US)
159.65.246.129	32	RB	None	2021-05-09 00:00:00	2021-08-10 00:00:00	None	SQL injection - 6hr web attacks (IP=129,US) | updated by RW Block expiration extended with reason SQL 1 = 1 - possible sql injection attempt - Sourcefire (IP=129,US)
159.65.246.150	32	RW	None	2021-05-10 00:00:00	2021-08-10 00:00:00	None	SQL 1 = 1 - possible sql injection attempt - Sourcefire (IP=150,US)
159.65.248.133	32	RR	None	2021-05-04 00:00:00	2021-08-02 00:00:00	None	HTTP SQL Injection Attempt - Web Attacks (IP=133,US)
159.65.249.65	32	RR	None	2021-05-11 00:00:00	2021-08-09 00:00:00	None	SQL injection - Web Attacks (IP=65,US)
159.65.250.194	32	RB	None	2021-05-09 00:00:00	2021-08-10 00:00:00	None	SQL injection - 6hr web attacks (IP=194,US) | updated by RW Block expiration extended with reason SQL 1 = 1 - possible sql injection attempt - Sourcefire (IP=194,US)
159.65.254.110	32	RW	None	2021-05-10 00:00:00	2021-08-10 00:00:00	None	SQL 1 = 1 - possible sql injection attempt - Sourcefire (IP=110,US)
159.65.254.127	32	RB	None	2021-05-09 00:00:00	2021-08-10 00:00:00	None	SQL injection - 6hr web attacks (IP=127,US) | updated by RW Block expiration extended with reason SQL 1 = 1 - possible sql injection attempt - Sourcefire (IP=127,US)
159.65.254.155	32	RB	None	2021-05-09 00:00:00	2021-08-10 00:00:00	None	SQL injection - 6hr web attacks (IP=155,US) | updated by RW Block expiration extended with reason SQL 1 = 1 - possible sql injection attempt - Sourcefire (IP=155,US)
159.65.254.172	32	RW	None	2021-05-10 00:00:00	2021-08-10 00:00:00	None	SQL 1 = 1 - possible sql injection attempt - Sourcefire (IP=172,US)
159.65.254.61	32	RW	None	2021-05-10 00:00:00	2021-08-10 00:00:00	None	SQL 1 = 1 - possible sql injection attempt - Sourcefire (IP=61,US)
159.65.254.84	32	RW	None	2021-05-10 00:00:00	2021-08-10 00:00:00	None	SQL 1 = 1 - possible sql injection attempt - Sourcefire (IP=84,US)
159.65.26.121	24	RT	None	2021-05-27 00:00:00	2021-08-25 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire Report (IP=121,UK)
159.65.28.170	32	wmp	None	2021-06-29 00:00:00	2021-09-29 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=170,GB)
159.65.31.243	32	wmp	None	2021-06-15 00:00:00	2021-09-15 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=243,GB)
159.65.33.132	32	ZH	None	2021-08-26 00:00:00	2021-11-24 00:00:00	None	Adobe ColdFusion Administrator Access Restriction - 6 hr Web Attacks (IP=132,US)
159.65.46.166	32	KH	None	2021-06-28 00:00:00	2021-09-26 00:00:00	None	SQL injection - 6hr Web Attacks (IP=166,US)
159.65.49.107	24	KH	None	2021-09-22 00:00:00	2021-12-21 00:00:00	None	HTTP SQL Injection Attempt - 6 hr Web Attacks (IP=107,GB)
159.65.51.22	24	RB	None	2021-05-23 00:00:00	2021-08-21 00:00:00	None	SERVER-WEBAPP F5 iControl REST interface ssrf attempt - Sourcefire (IP=22,GB)
159.65.51.24	24	RR	None	2021-05-22 00:00:00	2021-08-20 00:00:00	None	HTTP Request Brute Force Attack - Failed Logons (IP=24,GB)
159.65.54.210	32	wmp	None	2021-05-27 00:00:00	2021-08-27 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=210,GB)
159.65.54.227	32	wmp	None	2021-05-27 00:00:00	2021-08-27 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=227,GB)
159.65.58.81	24	EE	None	2021-03-27 00:00:00	2021-06-25 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=81,GB)
159.65.64.101	32	UA	None	2021-08-15 00:00:00	2021-11-13 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire (IP=101,US)
159.65.65.141	32	GM	None	2021-03-24 00:00:00	2021-06-24 00:00:00	None	HTTP: Apache Struts2 XML Deserialization Remote Code Execution (CVE-2017-9805) - TT # 21C00743 (IP=141,US)
159.65.66.124	32	BMP	None	2021-01-20 00:00:00	2021-04-21 00:00:00	None	HTTP: Apache mod_cgi Bash Environment Variable Code Injection - 6hr Web Attacks (IP=124,US) | updated by wmp Block expiration extended with reason Suspicious Scan Activity (IP=124,US)
159.65.66.231	32	GM	None	2021-03-24 00:00:00	2021-06-24 00:00:00	None	HTTP: Apache Struts2 Remote Command Execution Vulnerability - TT # 21C00734 (IP=231,US)
159.65.66.49	32	GM	None	2021-03-24 00:00:00	2021-06-24 00:00:00	None	HTTP: Apache Struts2 Remote Command Execution Vulnerability - TT # 21C00738 (IP=49,US)
159.65.68.220	32	UA	None	2021-09-07 00:00:00	2021-12-06 00:00:00	None	SQL injection attempt - Web Attacks (IP=220,US)
159.65.69.141	32	GM	None	2021-03-24 00:00:00	2021-06-24 00:00:00	None	HTTP: Apache Struts2 Remote Command Execution Vulnerability - TT # 21C00744 (IP=141,US)
159.65.70.1	32	GM	None	2021-03-24 00:00:00	2021-06-24 00:00:00	None	HTTP: Apache Struts2 Remote Command Execution Vulnerability - TT # 21C00735 (IP=1,US)
159.65.70.173	32	GM	None	2021-03-24 00:00:00	2021-06-24 00:00:00	None	HTTP: Apache Struts2 XML Deserialization Remote Code Execution (CVE-2017-9805) - TT # 21C00736 (IP=173,US)
159.65.73.47	32	RR	None	2020-11-14 00:00:00	2021-02-12 00:00:00	None	SERVER-WEBAPP F5 BIG-IP Traffic Management User Interface remote code execution attempt - SourceFire (IP=47,US)
159.65.74.111	32	GM	None	2021-03-24 00:00:00	2021-06-24 00:00:00	None	HTTP: Apache Struts2 Remote Command Execution Vulnerability - TT # 21C00742 (IP=111,US)
159.65.74.66	32	RB	None	2021-06-05 00:00:00	2021-09-03 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability - 6hr web attacks (IP=66,US)
159.65.75.11	32	GM	None	2021-03-24 00:00:00	2021-06-24 00:00:00	None	HTTP: Apache Struts2 Remote Command Execution Vulnerability - TT # 21C00746 (IP=11,US)
159.65.75.206	32	RW	None	2020-12-05 00:00:00	2021-03-05 00:00:00	None	File /etc/passwd Access Attempt Detect - Fireeye IPS (IP=206,US)
159.65.76.10	32	BMP	None	2021-01-20 00:00:00	2021-04-21 00:00:00	None	HTTP: SERVER-WEBAPP Citrix ADC and Gateway information disclosure attempt - 6hr Web Attacks (IP=10,US) | updated by wmp Block expiration extended with reason Suspicious Scan Activity (IP=10,US)
159.65.76.124	32	GM	None	2021-03-24 00:00:00	2021-06-24 00:00:00	None	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - TT # 21C00745 (IP=124,US)
159.65.76.50	32	GM	None	2021-03-24 00:00:00	2021-06-24 00:00:00	None	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - TT # 21C00737 (IP=50,US)
159.65.77.210	32	BMP	None	2021-01-20 00:00:00	2021-04-21 00:00:00	None	HTTP: Firefuzzer SQL Injection Scanning II - 6hr Web Attacks (IP=210,US) | updated by wmp Block expiration extended with reason Suspicious Scan Activity (IP=210,US)
159.65.78.126	32	GM	None	2021-03-24 00:00:00	2021-06-24 00:00:00	None	HTTP: Apache Struts2 XML Deserialization Remote Code Execution (CVE-2017-9805) - TT # 21C00739 (IP=126,US)
159.65.78.68	32	GM	None	2021-03-24 00:00:00	2021-06-24 00:00:00	None	HTTP: Apache Struts2 XML Deserialization Remote Code Execution (CVE-2017-9805) - TT # 21C00741 (IP=68,US)
159.65.79.153	32	GM	None	2021-03-24 00:00:00	2021-06-24 00:00:00	None	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - TT # 21C00728 (IP=153,US)
159.65.85.169	24	RB	None	2021-03-30 00:00:00	2021-06-28 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr web attacks (IP=169,GB)
159.65.89.6	24	UA	None	2021-08-15 00:00:00	2021-11-13 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire (IP=6,GB)
159.65.94.82	24	FT	None	2020-11-04 00:00:00	2021-02-04 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=82,GB)
159.69.10.250	32	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5637 TO-S-2021-1321 (IP=250,DE)
159.69.137.225	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	DE TO-S-2020-0698 Malware Activity
159.69.146.154	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	DE TO-S-2020-0303 Malicious Web Application Activity
159.69.181.242	32	FT	None	2021-03-01 00:00:00	2021-06-01 00:00:00	None	Unauthorized Access-Probe / UDP: Host Sweep TT# 21C00542 (IP=242,DE)
159.69.205.59	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=59,DE)
159.75.1.39	24	EE	None	2021-01-20 00:00:00	2021-04-21 00:00:00	None	SSH User Authentication Brute Force Attempt - 6 HR Failed Logons (IP=39,CN) | updated by RB Block expiration extended with reason INDICATOR-SCAN SSH brute force login attempt - Sourcefire (IP=39,CN)
159.75.102.184	24	EE	None	2021-04-02 00:00:00	2021-07-01 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=184,CN)
159.75.125.202	32	srm	None	2021-04-23 00:00:00	2021-07-22 00:00:00	None	Firepower Suspicious Scan Activity (IP=202,CN)
159.75.202.28	32	srm	None	2021-03-30 00:00:00	2021-06-30 00:00:00	None	Firepower Suspicious Scan Activity (IP=28,CN)
159.75.22.18	24	RT	None	2021-07-14 00:00:00	2021-10-12 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - 6hr Web Attack (IP=18,CN)
159.75.23.163	24	RR	None	2021-03-04 00:00:00	2021-06-02 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - SourceFire (IP=163,CN)
159.75.238.8	24	RW	None	2021-07-05 00:00:00	2021-10-03 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr failed logons (IP=8,CN)
159.75.55.207	24	BMP	None	2021-03-13 00:00:00	2021-06-11 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=207,CN)
159.75.70.91	24	BMP	None	2021-05-27 00:00:00	2021-08-25 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=91,CN)
159.75.73.67	24	FT	None	2021-03-20 00:00:00	2021-06-18 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=67,CN)
159.89.0.115	24	EE	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attack (IP=115,DE)
159.89.1.47	24	DT	None	2021-03-25 00:00:00	2021-06-23 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - 6hr Web Attacks (IP=47,DE)
159.89.100.58	32	wmp	None	2021-05-14 00:00:00	2021-08-14 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=58,DE)
159.89.102.6	24	RR	None	2021-03-22 00:00:00	2021-06-20 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=6,DE)
159.89.103.193	24	RW	None	2021-05-15 00:00:00	2021-08-13 00:00:00	None	SQL injection - Web Attacks (IP=193,DE)
159.89.108.111	24	CR	None	2021-04-30 00:00:00	2021-07-30 00:00:00	None	HTTP SQL injection_Web Attack Report (IP=111,DE)
159.89.109.162	24	EE	None	2021-04-22 00:00:00	2021-07-21 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attack (IP=162,DE)
159.89.110.165	24	RW	None	2021-05-15 00:00:00	2021-08-13 00:00:00	None	SQL injection - Web Attacks (IP=165,DE)
159.89.114.29	24	EE	None	2021-03-28 00:00:00	2021-06-26 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=29,CA)
159.89.127.146	24	RR	None	2021-05-06 00:00:00	2021-08-04 00:00:00	None	SQL injection - Web Attacks (IP=146,CA)
159.89.13.125	24	RB	None	2021-05-02 00:00:00	2021-07-31 00:00:00	None	SQL injection - 6hr web attacks (IP=125,DE)
159.89.131.100	32	BMP	None	2021-01-20 00:00:00	2021-04-20 00:00:00	None	Artica Web Proxy SQL Injection Vulnerability - 6hr Web Attacks (IP=100,US)
159.89.131.100	32	wmp	None	2021-01-20 00:00:00	2021-04-21 00:00:00	None	Suspicious Scan Activity (IP=100,US)
159.89.134.8	32	RB	None	2021-03-24 00:00:00	2021-06-25 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - 6hr web attack (IP=8,US) | updated by RW Block expiration extended with reason SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Sourcefire (IP=8,US) SERVER-WEBAPP PHPUnit PHP remote cod
159.89.134.8	32	RW	None	2021-03-25 00:00:00	2021-06-25 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - 6hr web attack (IP=8,US) | updated by RW Block expiration extended with reason SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Sourcefire (IP=8,US) SERVER-WEBAPP PHPUnit PHP remote cod
159.89.138.86	32	EE	None	2021-03-27 00:00:00	2021-06-25 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=86,US)
159.89.147.58	32	GM	None	2021-03-24 00:00:00	2021-06-24 00:00:00	None	HTTP: Apache Struts2 Remote Command Execution Vulnerability - TT # 21C00733 (IP=58,US)
159.89.148.54	32	EE	None	2021-04-02 00:00:00	2021-07-01 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire(IP=54,US)
159.89.148.60	32	GM	None	2021-01-07 00:00:00	2021-04-07 00:00:00	None	SSLv2 Client Hello Request Detected - FireEye CMS (IP=60,US)
159.89.149.191	32	GM	None	2021-03-24 00:00:00	2021-06-24 00:00:00	None	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - TT # 21C00731 (IP=191,US)
159.89.149.196	32	GM	None	2021-03-24 00:00:00	2021-06-24 00:00:00	None	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - TT # 21C00732 (IP=196,US)
159.89.149.39	32	GM	None	2021-03-24 00:00:00	2021-06-24 00:00:00	None	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - TT # 21C00740 (IP=39,US)
159.89.151.243	32	GM	None	2021-03-24 00:00:00	2021-06-24 00:00:00	None	HTTP: Apache Struts2 Remote Command Execution Vulnerability - TT # 21C00730 (IP=243,US)
159.89.155.190	32	GM	None	2021-03-24 00:00:00	2021-06-24 00:00:00	None	HTTP: Apache Struts2 XML Deserialization Remote Code Execution (CVE-2017-9805) - TT # 21C00747 (IP=190,US)
159.89.155.244	32	DT	None	2021-04-06 00:00:00	2021-07-05 00:00:00	None	HTTP: SQL Injection - Exploit - 6hr web attacks (IP=244,US)
159.89.157.50	32	GM	None	2021-03-24 00:00:00	2021-06-24 00:00:00	None	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - TT # 21C00729 (IP=50,US)
159.89.161.157	24	RB	None	2021-06-06 00:00:00	2021-09-04 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - 6hr web attacks (IP=157,IN)
159.89.164.129	32	srm	None	2021-04-28 00:00:00	2021-07-27 00:00:00	None	Firepower Suspicious Scan Activity (IP=129,IN)
159.89.168.107	24	GM	None	2021-03-29 00:00:00	2021-06-29 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=107,IN)
159.89.170.210	24	GM	None	2021-02-15 00:00:00	2021-05-15 00:00:00	None	Artica Web Proxy SQL Injection Vulnerability - Web Attacks (IP=210,IN)
159.89.174.9	32	RW	None	2021-03-10 00:00:00	2021-06-10 00:00:00	None	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00663 (IP=9,IN)
159.89.177.89	32	BMP	None	2021-06-10 00:00:00	2021-09-08 00:00:00	None	SQL injection - 6hr Web Attacks (IP=89,US)
159.89.178.189	32	BMP	None	2021-06-03 00:00:00	2021-09-04 00:00:00	None	SERVER-WEBAPP Klog Server authenticate.php user command injection attempt (1:57492:1) - SourceFire (IP=189,US) | updated by KD Block expiration extended with reason HTTP: SQL Injection - Exploit II - Web Attacks (IP=189,US)
159.89.18.47	24	RW	None	2021-03-25 00:00:00	2021-06-25 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=47,DE)
159.89.18.74	24	RT	None	2021-07-09 00:00:00	2021-10-07 00:00:00	None	SQL injection - 6 HR WebAttack (IP=74,DE)
159.89.18.74	24	RT	None	2021-07-09 00:00:00	2021-10-07 00:00:00	None	SQL union select - possible sql injection attempt - GET parameter (1:13990:26) - Sourcefire Report (IP=74,DE)
159.89.180.239	32	BMP	None	2021-06-10 00:00:00	2021-09-08 00:00:00	None	HTTP: SQL Injection - Exploit - 6hr Web Attacks (IP=239,US)
159.89.182.123	32	BMP	None	2021-06-10 00:00:00	2021-09-08 00:00:00	None	SQL injection - 6hr Web Attacks (IP=123,US)
159.89.184.169	32	DT	None	2021-03-13 00:00:00	2021-06-13 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=169,US)
159.89.188.176	24	FT	None	2021-03-30 00:00:00	2021-06-28 00:00:00	None	SERVER-WEBAPP Apache Struts remote code execution attempt - Web Attacks (IP=176,AO)
159.89.188.176	32	RR	None	2021-03-08 00:00:00	2021-06-06 00:00:00	None	SERVER-WEBAPP Java XML deserialization remote code execution attempt - SourceFire (IP=176,US)
159.89.188.198	32	RR	None	2021-03-08 00:00:00	2021-06-06 00:00:00	None	SERVER-WEBAPP Java XML deserialization remote code execution attempt - SourceFire (IP=198,US)
159.89.188.209	32	RR	None	2021-03-08 00:00:00	2021-06-06 00:00:00	None	SERVER-WEBAPP Java XML deserialization remote code execution attempt - SourceFire (IP=209,US)
159.89.189.80	32	ZH	None	2021-06-18 00:00:00	2021-09-16 00:00:00	None	OS-OTHER Bash CGI environment variable injection attempt (1:31978:5) - Sourcefire Rpt (IP=80,US)
159.89.190.53	32	BMP	None	2021-06-10 00:00:00	2021-09-08 00:00:00	None	SQL injection - 6hr Web Attacks (IP=53,US)
159.89.199.166	24	BMP	None	2021-03-30 00:00:00	2021-06-28 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=166,SG)
159.89.206.23	24	EE	None	2021-04-02 00:00:00	2021-07-01 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attack (IP=23,SG)
159.89.225.226	32	GM	None	2021-03-29 00:00:00	2021-06-29 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=226,US)
159.89.226.131	32	RR	None	2021-07-23 00:00:00	2021-10-21 00:00:00	None	MULTIPLE UNRECOGNIZED TECHNIQUES; FORWARD TO DEV TEAM - Automated Block (IP=131,US)
159.89.227.202	32	RR	None	2021-08-24 00:00:00	2021-11-22 00:00:00	None	SQL injection - Web Attacks (IP=202, US)
159.89.230.220	32	BMP	None	2020-10-28 00:00:00	2021-01-26 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=220,US)
159.89.235.223	32	RR	None	2021-06-11 00:00:00	2021-09-09 00:00:00	None	HTTP: SQL Injection - Exploit - Web Attacks (IP=223,US)
159.89.235.95	32	BMP	None	2021-04-02 00:00:00	2021-07-01 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=95,US)
159.89.238.176	32	BMP	None	2021-08-07 00:00:00	2021-11-05 00:00:00	None	ReputationDV Malware Event - TT# 21C01527 (IP=176,US)
159.89.29.146	24	GM	None	2021-03-09 00:00:00	2021-06-07 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=146,DE)
159.89.30.185	24	RR	None	2021-03-29 00:00:00	2021-06-27 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=185,DE)
159.89.32.51	32	CR	None	2021-05-05 00:00:00	2021-08-05 00:00:00	None	SQL injection - Web Attacks Report (IP=51,US)
159.89.35.156	32	BMP	None	2021-06-10 00:00:00	2021-09-08 00:00:00	None	SQL injection - 6hr Web Attacks (IP=156,US)
159.89.35.31	32	RB	None	2021-04-16 00:00:00	2021-07-15 00:00:00	None	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - TT# 21C01017 (IP=31,US)
159.89.37.255	32	BMP	None	2021-06-03 00:00:00	2021-09-04 00:00:00	None	SERVER-WEBAPP Microsoft Exchange Server server side request forgery attempt (1:57242:4) - SourceFire (IP=255,US) | updated by KD Block expiration extended with reason HTTP: SQL Injection - Exploit - Web Attacks (IP=255,US) HTTP: SQL Injection - Exploit
159.89.37.255	32	KD	None	2021-06-03 00:00:00	2021-09-04 00:00:00	None	SERVER-WEBAPP Microsoft Exchange Server server side request forgery attempt (1:57242:4) - SourceFire (IP=255,US) | updated by KD Block expiration extended with reason HTTP: SQL Injection - Exploit - Web Attacks (IP=255,US) HTTP: SQL Injection - Exploit
159.89.37.255	32	BMP	None	2021-06-03 00:00:00	2021-09-01 00:00:00	None	SERVER-WEBAPP Microsoft Exchange Server server side request forgery attempt (1:57242:4) - SourceFire (IP=255,US)
159.89.37.255	32	KD	None	2021-06-03 00:00:00	2021-09-04 00:00:00	None	HTTP: SQL Injection - Exploit - Web Attacks (IP=255,US)
159.89.39.111	32	BMP	None	2021-07-04 00:00:00	2021-10-02 00:00:00	None	SQL injection - 6hr Web Attacks (IP=111,US)
159.89.42.219	32	BMP	None	2021-06-10 00:00:00	2021-09-08 00:00:00	None	SQL injection - 6hr Web Attacks (IP=219,US)
159.89.42.5	32	RB	None	2021-04-16 00:00:00	2021-07-15 00:00:00	None	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - TT# 21C01018 (IP=5,US)
159.89.49.56	32	RW	None	2020-11-09 00:00:00	2021-02-09 00:00:00	None	Nmap Scanner traffic - Fireeye IPS (IP=56,US)
159.89.6.63	32	wmp	None	2021-05-06 00:00:00	2021-08-06 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=63,DE)
159.89.8.225	32	wmp	None	2021-05-03 00:00:00	2021-08-03 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=225,DE)
159.89.8.225	24	RB	None	2021-05-03 00:00:00	2021-08-01 00:00:00	None	SQL injection - 6hr failed logons (IP=225 DE)
159.89.83.213	32	RB	None	2021-03-30 00:00:00	2021-06-28 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=213,US)
159.89.92.219	32	RR	None	2020-10-09 00:00:00	2021-01-07 00:00:00	None	Known Attack Tool User Agent V2 // UDS-WhatWeb_RC8766 - TT# 21C00079 (IP=219,US)
159.89.92.43	32	RR	None	2021-01-07 00:00:00	2021-04-07 00:00:00	None	Nuclei Vulnerability Scanner - IPS Events (IP=43,US)
159.89.95.214	24	FT	None	2021-03-14 00:00:00	2021-06-14 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=214,US)
159.89.98.220	24	RW	None	2021-05-15 00:00:00	2021-08-13 00:00:00	None	SQL injection - Web Attacks (IP=220,DE)
160.113.0.0	24	jkc	None	2021-04-21 00:00:00	2021-10-21 00:00:00	None	Case # 5273 IOC_TO-S-2021-1233 Malicious callback IP
160.119.152.0	22	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	ZA TO-S-2021-0941 Hive Case 4361 Malware Activity
160.119.196.24	32	JKC	None	2020-06-11 00:00:00	2021-06-11 00:00:00	None	Malicious IP Hive Case 2987 COLS-NA TIP 20-0165 CTO 20-156 (ip=24, US)
160.119.208.0	22	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	SZ TO-S-2020-0303 Malicious Email Activity
160.120.165.0	24	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	CI TO-S-2020-0298 Malicious Email Activity
160.122.107.152	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=152,AU)
160.122.234.106	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=106,AU)
160.124.136.57	32	DT	None	2020-10-05 00:00:00	2021-01-05 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT # 21C00034 (IP=57,ZA)
160.124.49.139	32	dbc	None	2020-09-23 00:00:00	2021-09-23 00:00:00	None	ZA TO-S-2020-0826 Hive Case 3950 Malicious Email Activity
160.153.128.0	32	TLM	None	2021-06-10 00:00:00	2021-12-10 00:00:00	None	HIVE CASE #5606 TO-S-2021-1338
160.153.128.24	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	NL TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
160.153.128.28	32	dbc	None	2020-09-17 00:00:00	2021-09-17 00:00:00	None	US TO-S-2020-0805 Malicious Email Activity
160.153.128.37	32	wmp	None	2020-09-15 00:00:00	2021-10-21 00:00:00	None	HIVE Case #3853 TO-S-2020-0804 COLS-NA-TIP-20-0291 (IP=37,US) | updated by dbc Block expiration extended with reason NL TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
160.153.128.7	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
160.153.129.210	32	bob	None	2016-10-14 05:00:00	2021-01-28 00:00:00	None	US TO-S-2017-0045 USA IP address associated with phishing activities | updated by NAB Block was inactive. Reactivated on 20201030 with reason HIVE Case #4238 COLS-NA-TIP-20-0344 (IP=210,US)
160.153.129.215	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	NL TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
160.153.129.234	32	dbc	None	2020-09-23 00:00:00	2021-09-23 00:00:00	None	NL TO-S-2020-0826 Hive Case 3950 Malicious Email Activity
160.153.129.238	32	wmp	None	2020-08-31 00:00:00	2021-10-08 00:00:00	None	HIVE Case #3683 COLS-NA-TIP-20-0273 (IP=238,US) | updated by dbc Block expiration extended with reason HIVE Case #4064 TO-S-2020-0859 (IP=238,US)
160.153.129.24	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	US TO-S-2020-0750 Malicious Email Activity
160.153.129.33	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	US TO-S-2021-1007 Malicious Email Activity
160.153.131.148	32	dbc	None	2020-06-08 00:00:00	2021-06-08 00:00:00	None	US TO-S-2020-0592 Malicious Email Activity
160.153.133.150	32	kmw	None	2020-01-02 00:00:00	2021-01-02 00:00:00	None	US TO-S-2020-0228 Malicious Email Activity
160.153.133.174	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	US TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
160.153.133.193	32	dbc	None	2020-05-13 00:00:00	2021-05-13 00:00:00	None	Unaffiliated TO-S-2020-0503 Malicious Email Activity
160.153.133.209	32	wmp	None	2020-09-24 00:00:00	2021-10-29 00:00:00	None	HIVE Case #3974 COLS-NA-TIP-20-0301 (IP=209,US) | updated by dbc Block expiration extended with reason NL Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
160.153.133.226	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
160.153.137.170	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
160.153.137.210	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
160.153.137.218	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=218,US)
160.153.137.99	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=99,US)
160.153.138.219	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	NL TO-S-2020-0331 Malicious Email Activity
160.153.140.149	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
160.153.147.135	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
160.153.147.159	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
160.153.153.17	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
160.153.153.20	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
160.153.153.43	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
160.153.154.130	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
160.153.154.152	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
160.153.155.14	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
160.153.16.63	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=63,NL)
160.153.16.65	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=65,NL)
160.153.162.130	32	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	US TO-S-2020-0838 Malicious Email Activity
160.153.162.140	32	NAB	None	2021-01-07 00:00:00	2021-04-07 00:00:00	None	HIVE Case #NA FP Security (IP=140,US)
160.153.201.205	32	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5629 TO-S-2021-1303 (IP=205,NL)
160.153.203.116	32	RR	None	2019-07-16 00:00:00	2021-04-23 00:00:00	None	SQL HTTP URI blind injection attempt - 6hr Web Attacks (IP=116,US) | updated by dbc Block was inactive. Reactivated on 20200423 with reason US TO-S-2020-0459 Malware Activity
160.153.203.117	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
160.153.203.194	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
160.153.206.13	32	RR	None	2019-07-16 00:00:00	2021-04-23 00:00:00	None	SQL use of sleep function with and - likely SQL injection - SourceFire (IP=13,US) | updated by dbc Block was inactive. Reactivated on 20200423 with reason US TO-S-2020-0459 Malware Activity
160.153.206.185	32	dbc	None	2020-09-17 00:00:00	2021-09-17 00:00:00	None	US TO-S-2020-0805 Malicious Email Activity
160.153.209.41	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	US TO-S-2020-0331 Malware Activity
160.153.210.86	32	wmp	None	2020-07-17 00:00:00	2021-09-17 00:00:00	None	HIVE Case #3353 TO-S-2020-0682 COLS-NA-TIP-20-0223 (IP=86,US) | updated by dbc Block expiration extended with reason US TO-S-2020-0805 Malicious Email Activity
160.153.216.159	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	US TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
160.153.221.212	32	wmp	None	2020-09-11 00:00:00	2021-10-21 00:00:00	None	HIVE Case #3845 COLS-NA-TIP-20-0289 (IP=212,US) | updated by dbc Block expiration extended with reason US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
160.153.249.115	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	US TO-S-2021-1007 Malware Activity
160.153.249.59	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	US TO-S-2021-1007 Malware Activity
160.153.250.98	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	US TO-S-2021-1007 Malware Activity
160.153.252.225	32	NAB	None	2020-10-30 00:00:00	2021-11-03 00:00:00	None	HIVE Case #4238 COLS-NA-TIP-20-0344 (IP=225,US) | updated by dbc Block expiration extended with reason US Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
160.153.34.37	32	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	US TO-S-2020-0315 Malicious Web Application Activity
160.153.42.197	32	dbc	None	2020-03-24 00:00:00	2021-03-24 00:00:00	None	US TO-S-2020-0369 Malicious Email Activity
160.153.49.102	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
160.153.50.65	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
160.153.57.38	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	US TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
160.153.59.165	32	dbc	None	2020-05-13 00:00:00	2021-05-13 00:00:00	None	Unaffiliated TO-S-2020-0503 Malicious Email Activity
160.153.59.230	32	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5637 TO-S-2021-1321 (IP=230,US)
160.153.60.162	32	dbc	None	2020-04-08 00:00:00	2021-04-08 00:00:00	None	US TO-S-2020-0419 Malware Activity
160.153.65.129	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
160.153.73.103	32	dbc	None	2020-04-08 00:00:00	2021-04-08 00:00:00	None	US TO-S-2020-0419 Malware Activity
160.153.76.128	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	US TO-S-2020-0331 Malicious Email Activity
160.153.78.67	32	dbc	None	2020-03-24 00:00:00	2021-03-24 00:00:00	None	US TO-S-2020-0369 Malicious Email Activity
160.153.90.34	32	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	US TO-S-2020-0838 Malicious Email Activity
160.153.94.135	32	dbc	None	2020-04-08 00:00:00	2021-04-08 00:00:00	None	US TO-S-2020-0419 Malicious Email Activity
160.153.94.72	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
160.153.96.194	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	US TO-S-2020-0331 Malicious Email Activity
160.154.112.0	23	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	CI TO-S-2020-0303 Malware Activity
160.154.145.65	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	CI TO-S-2020-0298 Malicious Email Activity
160.16.134.110	32	dbc	None	2020-09-01 00:00:00	2021-09-01 00:00:00	None	JP HIVE Case #3744 TO-S-2020-0772 Malicious Email Activity
160.16.150.121	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	JP TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
160.16.196.187	24	KD	None	2021-06-14 00:00:00	2021-09-13 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt- Web Attacks (IP=187,JP)
160.16.211.7	24	DT	None	2021-03-08 00:00:00	2021-06-08 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=7,JP)
160.16.225.55	24	RR	None	2021-04-01 00:00:00	2021-06-30 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=55,JP)
160.16.240.114	24	EE	None	2021-03-27 00:00:00	2021-06-25 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=114,JP)
160.16.66.113	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	JP TO-S-2020-0331 Malicious Web Application Activity
160.16.85.117	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	JP TO-S-2020-0493 Malware Activity
160.16.97.202	24	DT	None	2021-04-13 00:00:00	2021-07-12 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=202,JP)
160.177.13.56	24	RB	None	2021-06-06 00:00:00	2021-09-04 00:00:00	None	SERVER-WEBAPP Fortinet FortiOS SSL VPN web portal directory traversal attempt - 6hr web attacks (IP=56,MA)
160.177.13.56	24	RR	None	2021-06-06 00:00:00	2021-09-04 00:00:00	None	SERVER-WEBAPP Fortinet FortiOS SSL VPN web portal directory traversal attempt - SourceFire (IP=56,MA)
160.177.186.192	24	PS	None	2021-06-03 00:00:00	2021-09-01 00:00:00	None	SERVER-WEBAPP JBoss web console access - SourceFire (1:24342:4) (IP=192,MA)
160.177.186.192	24	PS	None	2021-06-03 00:00:00	2021-09-01 00:00:00	None	Adobe ColdFusion Administrator Access Restriction - Web Attacks (IP=192,MA)
160.177.186.192	24	PS	None	2021-06-03 00:00:00	2021-09-01 00:00:00	None	SERVER-WEBAPP JBoss web console access - SourceFire (1:24342:4) (IP=192,MA)
160.177.186.192	24	PS	None	2021-06-03 00:00:00	2021-09-01 00:00:00	None	Adobe ColdFusion Administrator Access Restriction - Web Attacks (IP=192,MA)
160.178.241.236	24	UA	None	2021-08-16 00:00:00	2021-11-14 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt (1:19559:13) - Sourcefire (IP=236,MA)
160.178.80.115	24	RR	None	2021-07-02 00:00:00	2021-09-30 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - SourceFire (IP=115,MA)
160.2.245.53	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=53,US)
160.20.147.163	32	dbc	None	2020-06-08 00:00:00	2021-06-08 00:00:00	None	DE TO-S-2020-0592 Malware Activity
160.238.240.0	22	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	BR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
160.242.53.38	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	HIVE Case #Firepower Firepower (IP=38,NA)
160.251.16.234	24	RB	None	2021-03-29 00:00:00	2021-06-27 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr web attacks (IP=234,JP)
160.251.6.176	24	EE	None	2021-04-02 00:00:00	2021-07-01 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attack (IP=176,JP)
160.251.72.213	32	NAB	None	2021-04-05 00:00:00	2021-07-04 00:00:00	None	HIVE Case #5201 TO-S-21-1209 (IP=213,JP)
160.251.72.50	32	NAB	None	2021-04-05 00:00:00	2021-07-04 00:00:00	None	HIVE Case #5201 TO-S-21-1209 (IP=50,JP)
160.251.73.152	32	NAB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HIVE Case #5136 TO-S-21-1197 TO-S-21-1197.01 (IP=152,JP)
160.251.74.154	32	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5629 TO-S-2021-1303 (IP=154,JP)
160.251.78.62	32	NAB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HIVE Case #5136 TO-S-21-1197 TO-S-21-1197.01 (IP=62,JP)
160.251.81.221	32	NAB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HIVE Case #5136 TO-S-21-1197 TO-S-21-1197.01 (IP=221,JP)
160.251.9.25	32	dbc	None	2020-09-01 00:00:00	2021-09-01 00:00:00	None	JP HIVE Case #3744 TO-S-2020-0772 Malicious Email Activity
160.3.27.158	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=158,US)
160.86.180.200	24	KD	None	2021-06-10 00:00:00	2021-09-09 00:00:00	None	SERVER-WEBAPP Terramaster TOS command injection attempt- Web Attacks (IP=200,JP)
160.93.13.4	32	BB	None	2021-07-13 00:00:00	2021-10-11 00:00:00	None	SQL injection - Web Attacks (IP=4,US)
161.0.128.0	19	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,HT)
161.117.177.248	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	SG Hive Case 4187 TO-S-2021-0898 Malicious Web Application Activity
161.117.186.96	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	SG Hive Case 4187 TO-S-2021-0898 Malicious Web Application Activity
161.117.236.229	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	SG Hive Case 4187 TO-S-2021-0898 Malicious Web Application Activity
161.117.248.42	24	EE	None	2021-04-04 00:00:00	2021-07-03 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attack (IP=42,SG)
161.129.64.124	32	NAB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HIVE Case #5136 TO-S-21-1197 TO-S-21-1197.01 (IP=124,NL)
161.129.67.221	32	dbc	None	2020-03-24 00:00:00	2021-03-24 00:00:00	None	NL TO-S-2020-0369 Malicious Email Activity
161.132.124.25	24	EE	None	2021-03-28 00:00:00	2021-06-26 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks(IP=25,PE)
161.132.127.164	24	RW	None	2021-03-25 00:00:00	2021-06-25 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr web attacks (IP=164,PE)
161.132.127.164	32	wmp	None	2021-03-25 00:00:00	2021-06-25 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=164,PE)
161.132.127.164	32	wmp	None	2021-03-25 00:00:00	2021-06-25 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=164,PE)
161.132.18.0	24	NAB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HIVE Case #5136 TO-S-21-1197 TO-S-21-1197.01 (IP=0,PE)
161.132.234.232	24	DT	None	2021-06-18 00:00:00	2021-09-16 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt (1:19559:13) - Source Fire (IP=232,PE)
161.132.234.232	24	RT	None	2021-06-18 00:00:00	2021-09-16 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6hr Failed Logons (IP=232,PE)
161.189.114.127	32	nab	None	2021-02-12 00:00:00	2021-05-12 00:00:00	None	HIVE Case #NA Mass Attempted Telnet (IP=127,CN)
161.189.170.47	24	BMP	None	2021-04-10 00:00:00	2021-07-09 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=47,CN)
161.189.203.39	24	KH	None	2021-08-03 00:00:00	2021-11-01 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=39,CN)
161.199.204.140	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=140,US)
161.200.194.3	24	KH	None	2021-08-30 00:00:00	2021-11-28 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - 6hr Web Attacks (IP=3,TH)
161.230.76.137	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	PT TO-S-2020-0535 Malicious Email Activity
161.35.100.134	32	BMP	None	2021-06-26 00:00:00	2021-09-24 00:00:00	None	SERVER-ORACLE Oracle WebLogic Server r emote code execution attempt (B-type) (1:1000135:3) - SourceFire (IP=134,US)
161.35.100.134	32	AR	None	2021-06-26 00:00:00	2021-09-24 00:00:00	None	SERVER-ORACLE Oracle WebLogic Server remote code execution attempt (B-type) (1:1000135:3) - SourceFire (IP=134,US)
161.35.101.145	32	AR	None	2021-06-25 00:00:00	2021-09-23 00:00:00	None	RCC-CONUS HTTP_GET_Psble_F5TMUI_RCE_RC130840 - IR# 21C01370 (IP=145,US)
161.35.105.175	32	BMP	None	2021-05-06 00:00:00	2021-08-04 00:00:00	None	SQL injection - 6hr Web Attacks (IP=175,US)
161.35.106.114	32	KD	None	2021-08-03 00:00:00	2021-11-01 00:00:00	None	SQL 1 = 0 - possible sql injection attempt (1:19440:10) - Sourcefire (IP=114,US)
161.35.107.8	32	KD	None	2021-08-10 00:00:00	2021-11-08 00:00:00	None	SERVER-WEBAPP Ulterius web server directory traversal attempt - SourceFire (IP=8,US)
161.35.108.34	32	RW	None	2021-04-19 00:00:00	2021-07-19 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=34,US)
161.35.109.148	32	AR	None	2021-06-26 00:00:00	2021-09-24 00:00:00	None	SQL injection - 6HR Web Attack (IP=148,US)
161.35.110.231	32	AR	None	2021-06-26 00:00:00	2021-09-24 00:00:00	None	SQL injection - 6HR Web Attack (IP=231,US)
161.35.111.118	32	RR	None	2021-07-16 00:00:00	2021-10-14 00:00:00	None	Command Injection (IP=118,US)
161.35.113.58	32	BMP	None	2021-03-25 00:00:00	2021-06-23 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - SourceFire (IP=58,US)
161.35.114.224	32	DT	None	2021-08-31 00:00:00	2021-11-29 00:00:00	None	SQL injection - Web Attacks (IP=224,US)
161.35.115.213	32	DT	None	2021-08-13 00:00:00	2021-11-11 00:00:00	None	Microsoft Exchange CVE-2021-34473 Remote Code Execution - IPS Events (IP=213,US)
161.35.119.243	32	RB	None	2021-04-19 00:00:00	2021-07-18 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - 6hr web attacks (IP=243,US)
161.35.119.55	32	GM	None	2021-03-29 00:00:00	2021-06-29 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=55,US)
161.35.119.63	32	BMP	None	2021-03-30 00:00:00	2021-06-28 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=63,US)
161.35.12.143	32	BMP	None	2021-05-06 00:00:00	2021-08-07 00:00:00	None	SQL injection - 6hr Web Attacks (IP=143,US) | updated by wmp Block expiration extended with reason Palo Alto Suspicious Scan Activity (IP=143,US) Palo Alto Suspicious Scan Activity (IP=143,US)
161.35.12.143	32	wmp	None	2021-05-07 00:00:00	2021-08-07 00:00:00	None	SQL injection - 6hr Web Attacks (IP=143,US) | updated by wmp Block expiration extended with reason Palo Alto Suspicious Scan Activity (IP=143,US) Palo Alto Suspicious Scan Activity (IP=143,US)
161.35.12.38	32	DT	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=38,US)
161.35.12.38	32	DT	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=38,US)
161.35.124.51	32	ABC	None	2021-07-12 00:00:00	2021-10-10 00:00:00	None	Command Injection (IP=51,US)
161.35.125.174	32	BMP	None	2021-05-06 00:00:00	2021-08-07 00:00:00	None	SQL injection - 6hr Web Attacks (IP=174,US) | updated by wmp Block expiration extended with reason Palo Alto Suspicious Scan Activity (IP=174,US) Palo Alto Suspicious Scan Activity (IP=174,US)
161.35.125.174	32	wmp	None	2021-05-07 00:00:00	2021-08-07 00:00:00	None	SQL injection - 6hr Web Attacks (IP=174,US) | updated by wmp Block expiration extended with reason Palo Alto Suspicious Scan Activity (IP=174,US) Palo Alto Suspicious Scan Activity (IP=174,US)
161.35.131.229	32	ZH	None	2021-06-18 00:00:00	2021-09-16 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - Sourcefire Rpt (IP=229,US)
161.35.136.121	32	UA	None	2021-06-10 00:00:00	2021-09-10 00:00:00	None	FireEye Web Alerts High Attacker Suspicious Scan Activity (IP=121,US)
161.35.136.97	32	UA	None	2021-06-10 00:00:00	2021-09-10 00:00:00	None	FireEye Web Alerts High Attacker Suspicious Scan Activity (IP=97,US)
161.35.143.69	32	wmp	None	2021-01-26 00:00:00	2021-09-19 00:00:00	None	Suspicious Scan Activity (IP=69,US) | updated by RR Block was inactive. Reactivated on 20210528 with reason SQL injection - Web Attacks (IP=69,US) SQL injection - Web Attacks (IP=69,US) | updated by RR Block expiration extended with reason SQL inject
161.35.143.69	32	RR	None	2021-05-28 00:00:00	2021-09-19 00:00:00	None	Suspicious Scan Activity (IP=69,US) | updated by RR Block was inactive. Reactivated on 20210528 with reason SQL injection - Web Attacks (IP=69,US) SQL injection - Web Attacks (IP=69,US) | updated by RR Block expiration extended with reason SQL inject
161.35.143.69	32	RR	None	2021-06-21 00:00:00	2021-09-19 00:00:00	None	Suspicious Scan Activity (IP=69,US) | updated by RR Block was inactive. Reactivated on 20210528 with reason SQL injection - Web Attacks (IP=69,US) SQL injection - Web Attacks (IP=69,US) | updated by RR Block expiration extended with reason SQL inject
161.35.144.106	32	RR	None	2021-08-31 00:00:00	2021-11-30 00:00:00	None	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - TT# 21C01701 (IP=106,US)
161.35.145.178	32	RR	None	2021-08-31 00:00:00	2021-11-29 00:00:00	None	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - TT# 21C01698 (IP=178,US)
161.35.145.197	32	DT	None	2021-08-31 00:00:00	2021-11-30 00:00:00	None	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - TT# 21C01703 (IP=197,NL)
161.35.147.0	24	RR	None	2021-08-31 00:00:00	2021-11-29 00:00:00	None	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - TT# 21C01698 (IP=0,US)
161.35.15.134	32	BMP	None	2021-03-27 00:00:00	2021-06-25 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=134,US)
161.35.152.147	32	RR	None	2021-08-31 00:00:00	2021-11-29 00:00:00	None	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - TT# 21C01698 (IP=147,US)
161.35.156.92	32	RR	None	2021-01-07 00:00:00	2021-04-07 00:00:00	None	Generic URI Injection wget Attempt - IPS Events (IP=92,US)
161.35.157.253	32	RR	None	2021-08-31 00:00:00	2021-11-29 00:00:00	None	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - TT# 21C01698 (IP=253,US)
161.35.157.255	32	RR	None	2021-08-31 00:00:00	2021-11-30 00:00:00	None	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - TT# 21C01699 (IP=255,US)
161.35.158.176	32	RR	None	2021-04-23 00:00:00	2021-07-23 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=176,US)
161.35.159.175	24	UA	None	2021-08-15 00:00:00	2021-11-13 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire (IP=175,NL)
161.35.174.187	32	RW	None	2020-10-28 00:00:00	2021-01-28 00:00:00	None	Unauthorized Access-Probe // UDP: Host Sweep - TT# 21C00193 (IP=187,US)
161.35.175.90	24	RB	None	2021-03-11 00:00:00	2021-06-09 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=90,GB)
161.35.177.165	32	ZH	None	2021-06-18 00:00:00	2021-09-16 00:00:00	None	SERVER-APACHE Apache Struts remote code execution attempt - POST parameter (1:23631:7) - Sourcefire Rpt (IP=165,US)
161.35.178.0	24	KH	None	2021-08-04 00:00:00	2021-11-02 00:00:00	None	Self Report/ ColdFusion Error/Bulk IP Block - TT# 21C01516 (IP=0,US)
161.35.178.220	32	ZH	None	2021-06-18 00:00:00	2021-09-16 00:00:00	None	SERVER-APACHE Apache Struts freemarker tag OGNL expression injection attempt (1:44328:3) - Sourcefire Rpt (IP=220,US)
161.35.178.63	32	ZH	None	2021-06-18 00:00:00	2021-09-16 00:00:00	None	SQL Injection - 6hr Web Attacks (IP=63,US)
161.35.179.225	32	wmp	None	2021-01-29 00:00:00	2021-04-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=225,US)
161.35.180.95	32	ZH	None	2021-06-18 00:00:00	2021-09-16 00:00:00	None	SQL Injection - 6hr Web Attacks (IP=95,US)
161.35.181.141	32	ZH	None	2021-06-18 00:00:00	2021-09-16 00:00:00	None	OS-OTHER Bash CGI environment variable injection attempt (1:31978:5) - Sourcefire Rpt (IP=141,US)
161.35.181.144	32	SW	None	2021-06-17 00:00:00	2021-09-15 00:00:00	None	OS-OTHER Bash CGI environment variable injection attempt - Web Attacks (IP=144,US)
161.35.181.151	32	ZH	None	2021-06-18 00:00:00	2021-09-16 00:00:00	None	SERVER-ORACLE Oracle iPlanet Web Server unauthenticated information disclosure attempt (1:54214:1) - Sourcefire Rpt (IP=151,US)
161.35.181.161	32	ZH	None	2021-06-18 00:00:00	2021-09-16 00:00:00	None	SERVER-WEBAPP Apache Struts remote code execution attempt (1:47649:1) - Sourcefire Rpt (IP=161,US)
161.35.181.168	32	ZH	None	2021-06-18 00:00:00	2021-09-16 00:00:00	None	SERVER-APACHE Apache Struts remote code execution attempt - POST parameter (1:23631:7) - Sourcefire Rpt (IP=168,US)
161.35.181.173	32	ZH	None	2021-06-18 00:00:00	2021-09-16 00:00:00	None	SERVER-WEBAPP Klog Server authenticate.php user command injection attempt (1:57492:1) - Sourcefire Rpt (IP=173,US)
161.35.181.186	32	ZH	None	2021-06-18 00:00:00	2021-09-16 00:00:00	None	POLICY-OTHER Adobe ColdFusion component browser access attempt (1:25977:3) - Sourcefire Rpt (IP=186,US)
161.35.181.205	32	ZH	None	2021-06-18 00:00:00	2021-09-16 00:00:00	None	SERVER-WEBAPP Atlassian Jira makeRequest server side request forgery attempt (1:52406:1) - Sourcefire Rpt (IP=205,US)
161.35.181.212	32	ZH	None	2021-06-18 00:00:00	2021-09-16 00:00:00	None	SERVER-WEBAPP Ruby on Rails render file directory traversal attempt (1:51261:1) - Sourcefire Rpt (IP=212,US)
161.35.181.44	32	BMP	None	2021-03-13 00:00:00	2021-06-11 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=44,US)
161.35.183.15	32	DT	None	2021-06-29 00:00:00	2021-09-27 00:00:00	None	SQL use of concat function with select - likely SQL injection (1:24172:2) - Source Fire (IP=15,US)
161.35.183.19	32	DT	None	2021-06-29 00:00:00	2021-09-27 00:00:00	None	SERVER-WEBAPP Atlassian OAuth plugin multiple versions server side request forgery attempt (1:46898:1) - Source Fire (IP=19,US)
161.35.183.198	32	DT	None	2021-06-29 00:00:00	2021-09-27 00:00:00	None	SERVER-WEBAPP Oracle-BI convert servlet XML external entity injection attempt (1:50773:1) - Source Fire (IP=198,US
161.35.183.75	32	DT	None	2021-06-29 00:00:00	2021-09-27 00:00:00	None	OS-OTHER Bash CGI environment variable injection attempt (1:31978:5) - Source Fire (IP=75,US)
161.35.184.185	32	RW	None	2021-08-04 00:00:00	2021-11-02 00:00:00	None	External IP scanning - Fireeye NX (IP=185,US)
161.35.186.0	24	KH	None	2021-08-04 00:00:00	2021-11-02 00:00:00	None	Self Report/ ColdFusion Error/Bulk IP Block - TT# 21C01516 (IP=0,US)
161.35.186.133	32	ZH	None	2021-06-18 00:00:00	2021-09-16 00:00:00	None	SERVER-WEBAPP Microsoft Exchange Server server side request forgery attempt (1:57244:4) - Sourcefire Rpt (IP=133,US)
161.35.187.132	32	AR	None	2021-06-30 00:00:00	2021-09-28 00:00:00	None	SERVER-WEBAPP NUUO NVRmini upgrade_handle.php command injection attempt (1:50646:1) - SourceFire (IP=132,US)
161.35.187.191	32	RW	None	2021-06-17 00:00:00	2021-09-15 00:00:00	None	SERVER-WEBAPP Citrix ADC and Gateway information disclosure attempt - SourceFire (IP=191,US)
161.35.187.246	32	AR	None	2021-06-30 00:00:00	2021-09-28 00:00:00	None	SERVER-WEBAPP Apache Unomi OGNL MVEL2 remote command execution attempt (1:56990:1) - SourceFire (IP=246,US)
161.35.187.52	32	KH	None	2021-06-30 00:00:00	2021-09-28 00:00:00	None	SERVER-WEBAPP Kibana Console for Elasticsearch local file inclusion attempt (1:48815:3) - SourceFire (IP=52,US)
161.35.188.255	32	BMP	None	2021-06-18 00:00:00	2021-09-16 00:00:00	None	SQL injection - 6hr Web Attacks (IP=255,US)
161.35.189.1	32	SW	None	2021-06-17 00:00:00	2021-09-15 00:00:00	None	SQL injection - Web Attacks (IP=1,US)
161.35.189.105	32	BMP	None	2021-06-17 00:00:00	2021-09-15 00:00:00	None	SERVER-WEBAPP Symantec Messaging Gateway KavaChart Component directory traversal attempt - 6hr Web Attacks (IP=105,US)
161.35.190.58	32	BMP	None	2021-06-18 00:00:00	2021-09-16 00:00:00	None	SQL injection - 6hr Web Attacks (IP=58,US)
161.35.196.33	32	KH	None	2021-09-12 00:00:00	2021-12-11 00:00:00	None	PHP File Inclusion Vulnerability - TT# 21C01830 (IP=33,US)
161.35.203.192	32	BMP	None	2021-03-25 00:00:00	2021-06-23 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=192,US)
161.35.204.152	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	DE Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
161.35.207.89	24	GM	None	2021-03-29 00:00:00	2021-06-29 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=89,DE)
161.35.208.217	32	CR	None	2021-05-05 00:00:00	2021-08-05 00:00:00	None	SQL 1 = 1 - possible sql injection attempt - 6 hr Web Attacks (IP=217,US)
161.35.208.88	24	RB	None	2021-05-09 00:00:00	2021-08-07 00:00:00	None	HTTP: SQL Injection - Exploit - 6hr web attacks (IP=88,DE)
161.35.209.79	24	CR	None	2021-04-30 00:00:00	2021-07-30 00:00:00	None	HTTP SQL injection_Web Attack Report (IP=79,DE)
161.35.210.202	32	EE	None	2021-03-27 00:00:00	2021-06-25 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=202,US)
161.35.211.1	32	BB	None	2021-09-18 00:00:00	2021-12-17 00:00:00	None	HTTP: Apache Struts2 XML Deserialization Remote Code Execution (CVE-2017-9805) - IR# 21C01887 (IP=15, US)
161.35.211.219	24	BMP	None	2021-05-13 00:00:00	2021-08-11 00:00:00	None	Command Injection (IP=219,DE)
161.35.213.3	24	CR	None	2021-04-30 00:00:00	2021-07-30 00:00:00	None	HTTP SQL injection_Web Attack Report (IP=3,DE)
161.35.213.36	24	CR	None	2021-04-30 00:00:00	2021-07-30 00:00:00	None	HTTP SQL injection_Web Attack Report (IP=36,DE)
161.35.213.68	24	CR	None	2021-04-30 00:00:00	2021-07-30 00:00:00	None	HTTP SQL injection_Web Attack Report (IP=68,DE)
161.35.214.255	32	RB	None	2021-03-30 00:00:00	2021-06-28 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Sourcefire (IP=255,US)
161.35.217.217	24	CR	None	2021-04-30 00:00:00	2021-07-30 00:00:00	None	HTTP SQL injection_Web Attack Report (IP=217,DE)
161.35.217.81	24	CR	None	2021-04-30 00:00:00	2021-07-30 00:00:00	None	HTTP SQL injection_Web Attack Report (IP=81,DE)
161.35.219.244	24	GM	None	2021-03-09 00:00:00	2021-06-07 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=244,DE)
161.35.220.90	24	CR	None	2021-04-30 00:00:00	2021-07-30 00:00:00	None	HTTP SQL injection_Web Attack Report (IP=90,DE)
161.35.221.19	24	RW	None	2021-05-01 00:00:00	2021-08-01 00:00:00	None	SQL injection - Web attacks (IP=19,DE)
161.35.223.142	24	RB	None	2021-05-09 00:00:00	2021-08-07 00:00:00	None	SQL injection - 6hr web attacks (IP=142,DE)
161.35.225.164	32	wmp	None	2021-02-09 00:00:00	2021-05-09 00:00:00	None	FireEye IPS Nuclei Vulnerability Scan Activity (IP=164,US)
161.35.27.226	24	EE	None	2021-04-07 00:00:00	2021-07-06 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=226,DE)
161.35.32.91	24	GM	None	2020-12-25 00:00:00	2021-03-25 00:00:00	None	Generic URI Injection wget Attempt - FireEye CMS (IP=91,GB)
161.35.37.57	24	GM	None	2021-03-09 00:00:00	2021-06-07 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=57,GB)
161.35.38.190	32	BMP	None	2021-03-13 00:00:00	2021-06-11 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=190,US)
161.35.4.184	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	US Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
161.35.41.98	24	RB	None	2021-03-30 00:00:00	2021-06-28 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr web attacks (IP=98,GB)
161.35.46.242	24	GM	None	2021-04-03 00:00:00	2021-07-03 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=242,GB)
161.35.49.35	32	BMP	None	2021-06-23 00:00:00	2021-09-21 00:00:00	None	SQL injection - 6hr Web Attacks (IP=35,US)
161.35.51.23	32	AR	None	2021-07-10 00:00:00	2021-10-08 00:00:00	None	POLICY-OTHER PHP uri tag injection attempt (1:23111:14) - SourceFire (IP=23,US)
161.35.54.68	32	BMP	None	2021-05-06 00:00:00	2021-08-04 00:00:00	None	SQL injection - 6hr Web Attacks (IP=68,US)
161.35.57.218	32	DT	None	2021-08-31 00:00:00	2021-11-29 00:00:00	None	SQL injection - Web Attacks (IP=218,US)
161.35.59.252	32	BMP	None	2020-12-12 00:00:00	2021-03-12 00:00:00	None	External Scanning - FireEye CMS (IP=252,US)
161.35.6.72	32	BMP	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=72,US)
161.35.61.42	32	BMP	None	2021-05-06 00:00:00	2021-08-07 00:00:00	None	SQL injection - 6hr Web Attacks (IP=42,US) | updated by wmp Block expiration extended with reason Palo Alto Suspicious Scan Activity (IP=42,US) Palo Alto Suspicious Scan Activity (IP=42,US)
161.35.61.42	32	wmp	None	2021-05-07 00:00:00	2021-08-07 00:00:00	None	SQL injection - 6hr Web Attacks (IP=42,US) | updated by wmp Block expiration extended with reason Palo Alto Suspicious Scan Activity (IP=42,US) Palo Alto Suspicious Scan Activity (IP=42,US)
161.35.62.131	32	GM	None	2021-03-29 00:00:00	2021-06-29 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=131,US)
161.35.63.176	32	FT	None	2021-03-19 00:00:00	2021-06-19 00:00:00	None	SSH User Authentication Brute Force Attempt - 6hr Failed Logons (IP=176,US)
161.35.68.30	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	DE TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
161.35.73.250	32	dbc	None	2020-05-22 00:00:00	2021-05-27 00:00:00	None	Unafilliated TO-S-2020-0559 Malicious Email Activity | updated by dbc Block expiration extended with reason Unafilliated TO-S-2020-0559.01 Malicious Email Activity
161.35.78.147	32	RR	None	2021-03-11 00:00:00	2021-06-09 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=147,US)
161.35.8.180	32	ZH	None	2021-06-24 00:00:00	2021-09-22 00:00:00	None	SQL injection - 6hr web attacks (IP=180,US)
161.35.80.120	32	RR	None	2021-08-31 00:00:00	2021-11-29 00:00:00	None	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - TT# 21C01698 (IP=120,US)
161.35.80.44	32	RR	None	2021-08-31 00:00:00	2021-11-29 00:00:00	None	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - TT# 21C01698 (IP=44,US)
161.35.84.242	32	RR	None	2021-08-31 00:00:00	2021-11-29 00:00:00	None	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - TT# 21C01698 (IP=242,US)
161.35.88.218	32	RR	None	2021-08-31 00:00:00	2021-11-29 00:00:00	None	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - TT# 21C01698 (IP=218,US)
161.35.90.122	32	RR	None	2021-08-31 00:00:00	2021-11-29 00:00:00	None	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - TT# 21C01698 (IP=122,US)
161.35.92.244	32	RR	None	2021-08-31 00:00:00	2021-11-29 00:00:00	None	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - TT# 21C01698 (IP=244,US)
161.35.94.16	24	RW	None	2021-04-11 00:00:00	2021-07-11 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Sourcefire (IP=16,NL)
161.35.94.16	32	KD	None	2021-06-02 00:00:00	2021-08-31 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt- Web Attacks (IP=16,US)
161.35.94.16	32	KD	None	2021-06-02 00:00:00	2021-08-31 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt- Web Attacks (IP=16,US) SERVER-WEBAPP PHPUnit PHP remote code execution attempt- Web Attacks (IP=16,US)
161.35.95.250	32	RR	None	2021-08-31 00:00:00	2021-11-30 00:00:00	None	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - TT# 21C01691 (IP=250,US)
161.35.95.54	32	EE	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=54,US)
161.35.98.183	24	RW	None	2021-03-13 00:00:00	2021-06-13 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=183,US)
161.35.98.27	32	FT	None	2021-04-25 00:00:00	2021-07-25 00:00:00	None	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - TT# 21C01077 (IP=27,US)
161.35.98.27	32	FT	None	2021-04-25 00:00:00	2021-07-25 00:00:00	None	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - TT# 21C01077 (IP=27,US) HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - TT# 21C01077 (IP=27,US)
161.49.120.66	32	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5637 TO-S-2021-1321 (IP=66,PH)
161.52.178.130	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=130,SE)
161.53.93.125	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	HR TO-S-2020-0303 Malicious Email Activity
161.71.41.2	32	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5629 TO-S-2021-1303 (IP=2,GB)
161.71.41.2	32	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5629 TO-S-2021-1303 (IP=2,GB)
161.82.130.185	24	WR	None	2021-07-12 00:00:00	2021-10-10 00:00:00	None	Unauthorized Access-Probe - TT# 21C01406 (IP=185,TH)
161.97.102.240	32	RB	None	2021-03-09 00:00:00	2021-06-07 00:00:00	None	HTTP: Apache Struts2 Remote Command Execution Vulnerability - IR# 21C00565 (IP=240,DE)
161.97.107.18	32	wmp	None	2021-02-17 00:00:00	2021-05-17 00:00:00	None	Firepower Suspicious Scan Activity (IP=18,DE)
161.97.108.46	24	GM	None	2021-04-02 00:00:00	2021-07-02 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=46,DE)
161.97.112.227	24	ABC	None	2021-04-20 00:00:00	2021-07-19 00:00:00	None	Command Injection (IP=227,DE)
161.97.115.63	24	RR	None	2021-03-29 00:00:00	2021-06-27 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt -SourceFire (IP=63,DE)
161.97.116.221	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	DE TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
161.97.126.250	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	US TO-S-2021-0949 Hive Case 4363 Malicious Email Activity
161.97.127.183	24	WR	None	2021-06-07 00:00:00	2021-09-07 00:00:00	None	Unauthorized Access-Probe - TT# 21C01272 (IP=183,DE)
161.97.129.144	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	DE TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
161.97.133.240	24	DT	None	2021-03-23 00:00:00	2021-06-21 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=240,DE)
161.97.141.227	32	RR	None	2021-09-07 00:00:00	2021-12-06 00:00:00	None	SQL use of sleep function in HTTP header - likely SQL injection attempt - Web Attacks (IP=227,US)
161.97.143.62	32	wmp	None	2021-03-05 00:00:00	2021-06-05 00:00:00	None	McAfee Suspicious Scan Activity (IP=62,DE)
161.97.147.163	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	DE TO-S-2021-1007 Malware Activity
161.97.162.87	32	TLM	None	2021-07-29 00:00:00	2021-10-27 00:00:00	None	HIVE Case #5884 TO-S-2021-1435 (IP=87,DE)
161.97.171.52	32	BMP	None	2021-02-08 00:00:00	2021-05-09 00:00:00	None	Unauthorized Access-Probe/UDP: Host Sweep - IR# 21C00480 (IP=52,IN)
161.97.254.126	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
161.97.78.47	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	DE Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
161.97.82.27	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	DE Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
161.97.85.243	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	DE Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
161.97.87.135	32	NAB	None	2020-10-30 00:00:00	2021-01-28 00:00:00	None	HIVE Case #4238 COLS-NA-TIP-20-0344 (IP=135,US)
162.0.209.107	32	TLM	None	2021-06-17 00:00:00	2021-12-17 00:00:00	None	HIVE Case #5644 TO-S-2021-1352 (IP=107,US)
162.0.209.118	32	NAB	None	2021-04-05 00:00:00	2021-07-04 00:00:00	None	HIVE Case #5201 TO-S-21-1209 (IP=118,US)
162.0.209.154	32	NAB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HIVE Case #5136 TO-S-21-1197 TO-S-21-1197.01 (IP=154,US)
162.0.209.216	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	US TO-S-2021-1007 Malicious Email Activity
162.0.209.83	32	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5629 TO-S-2021-1303 (IP=83,US)
162.0.211.140	32	NAB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HIVE Case #5136 TO-S-21-1197 TO-S-21-1197.01 (IP=140,US)
162.0.215.18	32	NAB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HIVE Case #5136 TO-S-21-1197 TO-S-21-1197.01 (IP=18,US)
162.0.215.214	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=214,US)
162.0.215.37	32	TLM	None	2021-07-29 00:00:00	2021-10-27 00:00:00	None	HIVE Case #5884 TO-S-2021-1435 (IP=37,US)
162.0.215.55	32	jkc	None	2021-04-21 00:00:00	2021-10-21 00:00:00	None	Case # 5273 IOC_TO-S-2021-1233 Malicious callback IP
162.0.216.45	32	NAB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HIVE Case #5136 TO-S-21-1197 TO-S-21-1197.01 (IP=45,US)
162.0.220.36	32	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5629 TO-S-2021-1303 (IP=36,US)
162.0.222.100	32	TLM	None	2021-06-17 00:00:00	2021-12-17 00:00:00	None	HIVE Case #5644 TO-S-2021-1352 (IP=100,US)
162.0.222.238	24	RR	None	2021-03-11 00:00:00	2021-06-09 00:00:00	None	HTTP: SQL Injection - Exploit - Web Attacks (IP=238,CA)
162.0.223.136	32	TLM	None	2021-06-17 00:00:00	2021-12-17 00:00:00	None	HIVE Case #5644 TO-S-2021-1352 (IP=136,US)
162.0.227.87	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	US TO-S-2021-1007 Malicious Email Activity
162.0.228.112	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	Unaffiliated TO-S-2020-0535 Malicious Email Activity
162.0.229.12	32	wmp	None	2020-08-26 00:00:00	2021-10-08 00:00:00	None	HIVE Case #3650 COLS-NA-TIP-20-0271 (IP=12,CA) | updated by dbc Block expiration extended with reason HIVE Case #4064 TO-S-2020-0859 (IP=12,CA)
162.0.229.213	32	wmp	None	2020-07-30 00:00:00	2021-09-17 00:00:00	None	HIVE Case #3433 COLS-NA-TIP-20-0238 (IP=213,CA) | updated by dbc Block expiration extended with reason US TO-S-2020-0805 Malicious Email Activity
162.0.229.216	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	CA TO-S-2021-0949 Hive Case 4363 Malicious Email Activity
162.0.229.249	32	wmp	None	2020-07-30 00:00:00	2021-09-17 00:00:00	None	HIVE Case #3433 COLS-NA-TIP-20-0238 (IP=249,CA) | updated by dbc Block expiration extended with reason US TO-S-2020-0805 Malicious Email Activity
162.0.229.9	32	wmp	None	2020-08-26 00:00:00	2021-10-08 00:00:00	None	HIVE Case #3650 COLS-NA-TIP-20-0271 (IP=9,CA) | updated by dbc Block expiration extended with reason HIVE Case #4064 TO-S-2020-0859 (IP=9,CA)
162.0.229.90	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	US Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
162.0.231.127	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	CA TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
162.0.231.2	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	US TO-S-2021-1007 Malicious Email Activity
162.0.231.228	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	CA TO-S-2020-0750 Malicious Email Activity
162.0.232.167	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=167,US)
162.0.232.194	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	US TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
162.0.232.231	32	TLM	None	2021-06-17 00:00:00	2021-12-17 00:00:00	None	HIVE Case #5644 TO-S-2021-1352 (IP=231,US)
162.0.232.50	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=50,US)
162.0.232.68	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	US TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
162.0.232.76	32	NAB	None	2021-04-05 00:00:00	2021-07-04 00:00:00	None	HIVE Case #5201 TO-S-21-1209 (IP=76,US)
162.0.233.113	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	CA TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
162.0.235.144	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	US Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
162.0.235.15	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	US TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
162.0.235.200	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	US TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
162.0.235.237	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	US TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
162.0.235.46	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=46,US)
162.0.236.107	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
162.0.236.21	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	US Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
162.0.236.253	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=253,CA)
162.0.236.49	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	US Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
162.0.236.96	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	US TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
162.0.237.229	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	US Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
162.0.238.144	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	US Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
162.0.239.240	32	NAB	None	2021-04-05 00:00:00	2021-07-04 00:00:00	None	HIVE Case #5201 TO-S-21-1209 (IP=240,US)
162.119.150.172	32	dbc	None	2020-05-22 00:00:00	2021-05-27 00:00:00	None	Unafilliated TO-S-2020-0559 Malicious Email Activity | updated by dbc Block expiration extended with reason Unafilliated TO-S-2020-0559.01 Malicious Email Activity
162.125.8.1	32	JKC	None	2021-06-08 00:00:00	2021-06-08 00:00:00	None	Malicious IP Hive Case 2977 TIPPER 20-0172 (ip=1, US)
162.13.127.58	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
162.13.167.155	24	RR	None	2020-12-30 00:00:00	2021-03-30 00:00:00	None	SERVER-WEBAPP JBoss JMXInvokerServlet access attempt - SourceFire (IP=155,GB)
162.133.133.75	32	RB	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	FireEye IPS Nuclei Vulnerability Scanner (IP=75,US) | updated by BMP Block expiration extended with reason FTP Multiple Exploits - 6hr Web Attacks (IP=75,US)
162.142.125.0	24	RR	None	2020-12-30 00:00:00	2021-04-01 00:00:00	None	scanning activity against our CDAP server - - TT# 21C00378 (IP=0,US)
162.142.125.37	32	RT	None	2021-06-18 00:00:00	2021-09-16 00:00:00	None	Malicious Activity - TT# 21C01336 (IP=37,US)
162.142.125.38	32	RT	None	2021-06-18 00:00:00	2021-09-16 00:00:00	None	Malicious Activity - TT# 21C01336 (IP=38,US)
162.142.125.39	32	RT	None	2021-06-18 00:00:00	2021-09-16 00:00:00	None	Malicious Activity - TT# 21C01336 (IP=38,US)
162.142.125.40	32	RT	None	2021-06-18 00:00:00	2021-09-16 00:00:00	None	Malicious Activity - TT# 21C01336 (IP=40,US)
162.142.125.53	32	RT	None	2021-06-18 00:00:00	2021-09-16 00:00:00	None	Malicious Activity - TT# 21C01336 (IP=53,US)
162.142.125.54	32	RT	None	2021-06-18 00:00:00	2021-09-16 00:00:00	None	Malicious Activity - TT# 21C01336 (IP=54,US)
162.142.125.55	32	RT	None	2021-06-18 00:00:00	2021-09-16 00:00:00	None	Malicious Activity - TT# 21C01336 (IP=55,US)
162.142.125.56	32	RT	None	2021-06-18 00:00:00	2021-09-16 00:00:00	None	Malicious Activity - TT# 21C01336 (IP=56,US)
162.144.104.246	32	dbc	None	2020-03-24 00:00:00	2021-03-24 00:00:00	None	US TO-S-2020-0369 Malicious Email Activity
162.144.116.216	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
162.144.117.119	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=119,US)
162.144.119.148	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	US TO-S-2020-0698 Malicious Email Activity
162.144.12.145	32	wmp	None	2020-09-22 00:00:00	2021-10-29 00:00:00	None	HIVE Case #3941 TO-S-2020-0821 COLS-NA-TIP-20-0298 (IP=145,US) | updated by dbc Block expiration extended with reason US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
162.144.12.242	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=242,US)
162.144.123.107	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	US TO-S-2020-0493 Malware Activity
162.144.135.237	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
162.144.158.101	32	RR	None	2019-07-16 00:00:00	2021-02-20 00:00:00	None	SQL HTTP URI blind injection attempt - 6hr Web Attacks (IP=101,US) | updated by dbc Block was inactive. Reactivated on 20200220 with reason US TO-S-2020-0303 Malicious Web Application Activity
162.144.159.205	32	dbc	None	2020-05-13 00:00:00	2021-05-13 00:00:00	None	Unaffiliated TO-S-2020-0503 Malicious Email Activity
162.144.17.41	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
162.144.18.74	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
162.144.180.15	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
162.144.180.16	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
162.144.180.19	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	US TO-S-2020-0698 Malware Activity
162.144.180.39	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
162.144.180.55	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=55,US)
162.144.181.236	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
162.144.181.27	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
162.144.20.14	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
162.144.20.200	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
162.144.203.213	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	US TO-S-2021-1007 Malicious Email Activity
162.144.232.209	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	US TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
162.144.233.92	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=92,US)
162.144.234.137	32	TLM	None	2021-06-17 00:00:00	2021-12-17 00:00:00	None	HIVE Case #5644 TO-S-2021-1352 (IP=137,US)
162.144.234.50	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	US Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
162.144.236.41	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
162.144.237.49	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
162.144.238.134	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=134,US)
162.144.238.179	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=179,US)
162.144.238.185	32	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5629 TO-S-2021-1303 (IP=185,US)
162.144.239.233	32	wmp	None	2020-09-15 00:00:00	2021-10-21 00:00:00	None	HIVE Case #3853 TO-S-2020-0804 COLS-NA-TIP-20-0291 (IP=233,US) | updated by dbc Block expiration extended with reason US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
162.144.249.154	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
162.144.252.48	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	US TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
162.144.32.31	32	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	US TO-S-2020-0838 Malicious Email Activity
162.144.35.19	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	US TO-S-2021-0949 Hive Case 4363 Malicious Email Activity
162.144.37.219	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
162.144.38.214	32	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5629 TO-S-2021-1303 (IP=214,US)
162.144.38.66	32	RR	None	2018-07-24 05:00:00	2021-04-23 00:00:00	None	SQL 1 = 1 - possible sql injection attempt (IP=66,US) | updated by dbc Block was inactive. Reactivated on 20200423 with reason US TO-S-2020-0459 Malware Activity
162.144.39.52	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
162.144.42.157	32	TLM	None	2021-06-10 00:00:00	2021-12-10 00:00:00	None	HIVE CASE #5606 TO-S-2021-1338
162.144.45.118	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	US TO-S-2020-0750 Malicious Email Activity
162.144.49.207	32	dbc	None	2020-09-17 00:00:00	2021-09-17 00:00:00	None	US TO-S-2020-0805 Malicious Email Activity
162.144.59.158	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	US TO-S-2020-0493 Malware Activity
162.144.60.226	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	US Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
162.144.76.210	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
162.144.82.120	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	US TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
162.144.96.64	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
162.144.97.213	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
162.144.99.5	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=5,US)
162.158.119.126	24	DT	None	2021-06-24 00:00:00	2021-09-22 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=126,JP)
162.158.88.95	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	CZ TO-S-2021-0876 Hive Case 4166 Malicious Web Application Activity
162.159.135.233	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	US TO-S-2020-0698 Malicious Email Activity
162.159.210.20	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	US Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
162.209.163.0	24	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	CN TO-S-2020-0303 Malicious Email Activity
162.209.181.193	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	US TO-S-2020-0303 Malicious Email Activity
162.210.102.233	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
162.210.102.34	32	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	US TO-S-2020-0838 Malicious Email Activity
162.210.102.39	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
162.210.192.159	32	RB	None	2020-08-24 00:00:00	2021-12-18 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 20C03762 (IP=159,US) | updated by dbc Block was inactive. Reactivated on 20201218 with reason US TO-S-2021-1007 Malware Activity
162.210.193.205	32	NAB	None	2021-01-07 00:00:00	2021-09-22 00:00:00	None	HIVE Case #NA FP Security (IP=205,US) | updated by NAB Block expiration extended with reason HIVE Case #NA FP Security (IP=205,US) | updated by CR Block was inactive. Reactivated on 20210622 with reason HIVE FP Security (IP=205,US)
162.210.195.122	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
162.210.196.171	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	US TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
162.210.196.173	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	US Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
162.210.198.130	32	DT	None	2021-04-09 00:00:00	2021-07-08 00:00:00	None	HTTP: PHP-FPM Remote Code Execution Vulnerability (CVE-2019-11043) - TT# 21C00989 (IP=130,US)
162.210.96.122	32	dbc	None	2020-09-23 00:00:00	2021-09-23 00:00:00	None	US TO-S-2020-0826 Hive Case 3950 Malicious Email Activity
162.213.121.194	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=194,US)
162.213.250.84	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
162.213.251.105	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	US TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
162.213.251.110	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=110,US)
162.213.251.199	32	dbc	None	2020-05-13 00:00:00	2021-05-13 00:00:00	None	Unaffiliated TO-S-2020-0503 Malicious Email Activity
162.213.251.211	32	wmp	None	2020-09-16 00:00:00	2021-10-21 00:00:00	None	HIVE Case #3904 COLS-NA-TIP-20-0292 (IP=211,US) | updated by dbc Block expiration extended with reason US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
162.213.251.80	32	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5629 TO-S-2021-1303 (IP=80,US)
162.213.253.115	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	US Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
162.213.253.14	32	dbc	None	2020-05-13 00:00:00	2021-05-13 00:00:00	None	Unaffiliated TO-S-2020-0503 Malicious Email Activity
162.213.253.15	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	US TO-S-2021-1007 Malicious Email Activity
162.213.253.222	32	dbc	None	2020-03-24 00:00:00	2021-03-24 00:00:00	None	US TO-S-2020-0369 Malicious Email Activity
162.213.255.13	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	US Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
162.213.255.53	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	US TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
162.214.1.47	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	US Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
162.214.105.169	32	wmp	None	2020-06-19 00:00:00	2021-08-24 00:00:00	None	HIVE Case #3038 CTO-20-168 (IP=169,US) | updated by dbc Block expiration extended with reason US TO-S-2020-0750 Malicious Email Activity
162.214.106.136	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
162.214.107.228	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=228,US)
162.214.108.181	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	US Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
162.214.108.83	32	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5629 TO-S-2021-1303 (IP=83,US)
162.214.109.203	32	jkc	None	2021-04-21 00:00:00	2021-10-21 00:00:00	None	Case # 5273 IOC_TO-S-2021-1233 Malicious callback IP
162.214.116.235	32	wmp	None	2020-06-19 00:00:00	2021-08-24 00:00:00	None	HIVE Case #3038 CTO-20-168 (IP=235,US) | updated by dbc Block expiration extended with reason US TO-S-2020-0750 Malicious Email Activity
162.214.117.245	32	dbc	None	2020-09-17 00:00:00	2021-09-17 00:00:00	None	US TO-S-2020-0805 Malicious Email Activity
162.214.117.84	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	US TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
162.214.119.0	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,US)
162.214.119.213	32	NAB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HIVE Case #5136 TO-S-21-1197 TO-S-21-1197.01 (IP=213,US)
162.214.119.40	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=40,US)
162.214.125.18	32	NAB	None	2020-10-30 00:00:00	2021-01-28 00:00:00	None	HIVE Case #4238 COLS-NA-TIP-20-0344 (IP=18,US)
162.214.145.117	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
162.214.148.107	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	US TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
162.214.148.183	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
162.214.153.204	32	jkc	None	2021-04-21 00:00:00	2021-10-21 00:00:00	None	Case # 5273 IOC_TO-S-2021-1233 Malicious callback IP
162.214.160.175	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	US Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
162.214.160.30	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	US Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
162.214.162.141	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	US TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
162.214.162.2	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	US TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
162.214.163.76	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	US TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
162.214.168.198	32	TLM	None	2021-07-29 00:00:00	2021-10-27 00:00:00	None	HIVE Case #5884 TO-S-2021-1435 (IP=198,US)
162.214.169.169	32	TLM	None	2021-06-10 00:00:00	2021-12-10 00:00:00	None	HIVE CASE #5606 TO-S-2021-1338
162.214.171.40	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	US TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
162.214.173.155	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	US TO-S-2021-1007 Malicious Email Activity
162.214.175.33	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	US TO-S-2021-1007 Malicious Email Activity
162.214.194.232	32	NAB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HIVE Case #5136 TO-S-21-1197 TO-S-21-1197.01 (IP=232,US)
162.214.194.25	32	jkc	None	2021-04-21 00:00:00	2021-10-21 00:00:00	None	Case # 5273 IOC_TO-S-2021-1233 Malicious callback IP
162.214.195.66	32	NAB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HIVE Case #5136 TO-S-21-1197 TO-S-21-1197.01 (IP=66,US)
162.214.197.141	32	NAB	None	2021-04-05 00:00:00	2021-07-04 00:00:00	None	HIVE Case #5201 TO-S-21-1209 (IP=141,US)
162.214.197.59	32	jkc	None	2021-04-21 00:00:00	2021-10-21 00:00:00	None	Case # 5273 IOC_TO-S-2021-1233 Malicious callback IP
162.214.208.247	32	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5629 TO-S-2021-1303 (IP=247,US)
162.214.209.52	32	TLM	None	2021-06-10 00:00:00	2021-12-10 00:00:00	None	HIVE CASE #5606 TO-S-2021-1338
162.214.209.64	32	TLM	None	2021-06-10 00:00:00	2021-12-10 00:00:00	None	HIVE CASE #5606 TO-S-2021-1338
162.214.213.3	32	TLM	None	2021-06-17 00:00:00	2021-12-17 00:00:00	None	HIVE Case #5644 TO-S-2021-1352 (IP=3,US)
162.214.29.236	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	US TO-S-2020-0698 Malicious Email Activity
162.214.48.210	32	TLM	None	2021-06-10 00:00:00	2021-12-10 00:00:00	None	HIVE CASE #5606 TO-S-2021-1338
162.214.49.244	32	dbc	None	2020-06-08 00:00:00	2021-06-08 00:00:00	None	US TO-S-2020-0592 Malicious Email Activity
162.214.53.26	32	NAB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HIVE Case #5136 TO-S-21-1197 TO-S-21-1197.01 (IP=26,US)
162.214.55.148	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	US TO-S-2020-0750 Malicious Email Activity
162.214.55.173	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	US TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
162.214.55.208	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
162.214.65.68	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	US TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
162.214.66.81	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	US TO-S-2020-0535 Malicious Email Activity
162.214.66.9	32	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5629 TO-S-2021-1303 (IP=9,US)
162.214.67.92	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
162.214.68.171	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malware Activity
162.214.69.45	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	Unaffiliated TO-S-2020-0535 Malicious Email Activity
162.214.7.197	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
162.214.72.58	32	wmp	None	2020-08-17 00:00:00	2021-10-08 00:00:00	None	HIVE Case #3559 COLS-NA-TIP-20-0258 (IP=58,US) | updated by dbc Block expiration extended with reason HIVE Case #4064 TO-S-2020-0859 (IP=58,US)
162.214.75.104	32	TLM	None	2021-06-10 00:00:00	2021-12-10 00:00:00	None	HIVE CASE #5606 TO-S-2021-1338
162.214.75.114	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	US TO-S-2021-1007 Malicious Email Activity
162.214.75.129	32	dbc	None	2020-06-08 00:00:00	2021-06-08 00:00:00	None	Unafiliated TO-S-2020-0592 Malicious Email Activity
162.214.75.189	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	US TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
162.214.76.208	32	TLM	None	2021-07-29 00:00:00	2021-10-27 00:00:00	None	HIVE Case #5884 TO-S-2021-1435 (IP=208,US)
162.214.76.39	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	US TO-S-2021-1007 Malicious Email Activity
162.214.77.46	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	US Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
162.214.78.121	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
162.214.80.24	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
162.214.80.79	32	NAB	None	2021-04-05 00:00:00	2021-07-04 00:00:00	None	HIVE Case #5201 TO-S-21-1209 (IP=79,US)
162.214.89.84	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=84,US)
162.214.92.22	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	US TO-S-2020-0750 Malicious Email Activity
162.214.94.233	32	wmp	None	2020-08-20 00:00:00	2021-10-08 00:00:00	None	HIVE Case #3601 COLS-NA-TIP-20-0260 (IP=233,US) | updated by dbc Block expiration extended with reason HIVE Case #4064 TO-S-2020-0859 (IP=233,US)
162.214.94.29	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
162.214.95.199	32	wmp	None	2020-07-10 00:00:00	2021-08-24 00:00:00	None	HIVE Case #3270 COLS-NA-TIP-20-0210 (IP=199,US) | updated by dbc Block expiration extended with reason US TO-S-2020-0750 Malicious Email Activity
162.215.248.152	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=152,US)
162.215.248.163	32	dbc	None	2020-09-23 00:00:00	2021-09-23 00:00:00	None	US TO-S-2020-0826 Hive Case 3950 Malicious Email Activity
162.215.248.46	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	US Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
162.215.252.26	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	US TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
162.215.253.205	32	dbc	None	2020-09-17 00:00:00	2021-09-17 00:00:00	None	US TO-S-2020-0805 Malicious Email Activity
162.215.253.97	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	US TO-S-2020-0750 Malicious Email Activity
162.215.254.72	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
162.215.255.54	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
162.216.113.45	32	BMP	None	2021-02-08 00:00:00	2021-05-09 00:00:00	None	FireEye CMS IPs (IP=45,US)
162.216.142.0	24	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5637 TO-S-2021-1321 (IP=0,IN)
162.216.17.191	32	ZH	None	2021-07-24 00:00:00	2021-10-22 00:00:00	None	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - TT# 21C01477
162.216.19.69	32	RT	None	2021-05-27 00:00:00	2021-08-25 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire Report (IP=69,US)
162.216.241.44	32	TLM	None	2021-07-29 00:00:00	2021-10-27 00:00:00	None	HIVE Case #5884 TO-S-2021-1435 (IP=44,US)
162.217.96.153	32	dbc	None	2020-03-24 00:00:00	2021-03-24 00:00:00	None	US TO-S-2020-0369 Malicious Email Activity
162.219.178.26	24	ZH	None	2021-08-19 00:00:00	2021-11-17 00:00:00	None	SERVER-OTHER Cisco IOS truncated NTP packet processing denial of service attempt (3:39878:4) - Sourcefire Rpt (IP=26,CA)
162.219.249.105	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
162.219.250.43	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	US TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
162.220.162.122	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
162.220.162.40	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	US TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
162.221.185.10	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=10,US)
162.221.185.250	32	wmp	None	2020-08-25 00:00:00	2021-10-08 00:00:00	None	HIVE Case #3649 COLS-NA-TIP-20-0268 (IP=250,US) | updated by dbc Block expiration extended with reason HIVE Case #4064 TO-S-2020-0859 (IP=250,US)
162.221.187.186	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=186,US)
162.221.188.131	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=131,US)
162.221.192.26	32	RR	None	2021-06-11 00:00:00	2021-12-18 00:00:00	None	: HTTP: Microsoft Windows HTTP.sys Remote Code Execution (CVE-2015-1635) - TT# 21C01287 (IP=26,US) | updated by BB Block was inactive. Reactivated on 20210919 with reason HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 21C01897 (IP=26, US)
162.221.95.49	32	BMP	None	2021-02-13 00:00:00	2021-05-13 00:00:00	None	Unauthorized Access-Probe/UDP: Host Sweep - IR# 21C00495 (IP=49,US)
162.222.213.197	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
162.222.215.168	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	US TO-S-2020-0698 Malicious Email Activity
162.222.89.252	32	RB	None	2021-01-10 00:00:00	2021-04-10 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr web attacks (IP=252,US)
162.238.111.212	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=212,US)
162.240.3.103	32	TLM	None	2021-07-29 00:00:00	2021-10-27 00:00:00	None	HIVE Case #5884 TO-S-2021-1435 (IP=103,US)
162.240.4.251	32	TLM	None	2021-07-29 00:00:00	2021-10-27 00:00:00	None	HIVE Case #5884 TO-S-2021-1435 (IP=251,US)
162.240.4.252	32	TLM	None	2021-07-29 00:00:00	2021-10-27 00:00:00	None	HIVE Case #5884 TO-S-2021-1435 (IP=252,US)
162.240.7.167	32	TLM	None	2021-07-29 00:00:00	2021-10-27 00:00:00	None	HIVE Case #5884 TO-S-2021-1435 (IP=167,US)
162.241.105.130	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	US TO-S-2020-0750 Malicious Email Activity
162.241.106.20	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	US Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
162.241.108.158	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	US TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
162.241.108.68	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
162.241.114.112	32	TLM	None	2021-06-10 00:00:00	2021-12-10 00:00:00	None	HIVE CASE #5606 TO-S-2021-1338
162.241.114.155	32	dbc	None	2020-09-17 00:00:00	2021-09-17 00:00:00	None	US TO-S-2020-0805 Malicious Email Activity
162.241.114.156	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	US TO-S-2020-0750 Malicious Email Activity
162.241.114.161	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	US TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
162.241.114.200	32	wmp	None	2020-08-20 00:00:00	2021-10-08 00:00:00	None	HIVE Case #3601 COLS-NA-TIP-20-0260 (IP=200,US) | updated by dbc Block expiration extended with reason HIVE Case #4064 TO-S-2020-0859 (IP=200,US)
162.241.114.202	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	US Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
162.241.114.204	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
162.241.114.208	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	US TO-S-2020-0698 Malicious Email Activity
162.241.114.230	32	wmp	None	2020-07-02 00:00:00	2021-09-01 00:00:00	None	HIVE Case #3190 COLS-NA-TIP-20-0200 (IP=230,US) | updated by dbc Block expiration extended with reason US HIVE Case #3744 TO-S-2020-0772 Malicious Email Activity
162.241.114.48	32	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5637 TO-S-2021-1321 (IP=48,US)
162.241.114.65	32	dbc	None	2020-06-08 00:00:00	2021-06-08 00:00:00	None	US TO-S-2020-0592 Malware Activity
162.241.114.89	32	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	US TO-S-2020-0838 Malicious Email Activity
162.241.115.105	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	Unaffiliated TO-S-2020-0535 Malicious Email Activity
162.241.115.13	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
162.241.115.135	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	US TO-S-2020-0698 Malicious Email Activity
162.241.115.157	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	US Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
162.241.115.186	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
162.241.115.217	32	TLM	None	2021-07-29 00:00:00	2021-10-27 00:00:00	None	HIVE Case #5884 TO-S-2021-1435 (IP=217,US)
162.241.115.237	32	TLM	None	2021-06-17 00:00:00	2021-12-17 00:00:00	None	HIVE Case #5644 TO-S-2021-1352 (IP=237,US)
162.241.115.69	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
162.241.115.7	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	Unaffiliated TO-S-2020-0535 Malicious Email Activity
162.241.115.71	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	US TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
162.241.115.95	32	NAB	None	2020-10-30 00:00:00	2021-01-28 00:00:00	None	HIVE Case #4238 COLS-NA-TIP-20-0344 (IP=95,US)
162.241.116.110	32	TLM	None	2021-06-17 00:00:00	2021-12-17 00:00:00	None	HIVE Case #5644 TO-S-2021-1352 (IP=110,US)
162.241.117.133	32	jkc	None	2021-04-21 00:00:00	2021-10-21 00:00:00	None	Case # 5273 IOC_TO-S-2021-1233 Malicious callback IP
162.241.117.173	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	US TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
162.241.117.18	32	wmp	None	2020-08-26 00:00:00	2021-10-08 00:00:00	None	HIVE Case #3650 COLS-NA-TIP-20-0271 (IP=18,US) | updated by dbc Block expiration extended with reason HIVE Case #4064 TO-S-2020-0859 (IP=18,US)
162.241.117.239	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	US Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
162.241.117.251	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	US Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
162.241.117.53	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	US Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
162.241.117.79	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
162.241.120.106	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
162.241.120.117	32	dbc	None	2020-09-23 00:00:00	2021-09-23 00:00:00	None	US TO-S-2020-0826 Hive Case 3950 Malicious Email Activity
162.241.120.162	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=162,US)
162.241.120.184	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	US TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
162.241.120.212	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	US TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
162.241.120.232	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
162.241.120.238	32	NAB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HIVE Case #5136 TO-S-21-1197 TO-S-21-1197.01 (IP=238,US)
162.241.120.40	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
162.241.120.44	32	wmp	None	2020-08-20 00:00:00	2021-10-08 00:00:00	None	HIVE Case #3601 COLS-NA-TIP-20-0260 (IP=44,US) | updated by wmp Block expiration extended with reason HIVE Case #3650 COLS-NA-TIP-20-0271 (IP=44,US) | updated by dbc Block expiration extended with reason HIVE Case #4064 TO-S-2020-0859 (IP=44,US)
162.241.121.106	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	US TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
162.241.121.11	32	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	US TO-S-2020-0838 Malicious Email Activity
162.241.121.128	32	dbc	None	2020-09-17 00:00:00	2021-09-17 00:00:00	None	US TO-S-2020-0805 Malicious Email Activity
162.241.121.197	32	dbc	None	2020-09-17 00:00:00	2021-09-17 00:00:00	None	US TO-S-2020-0805 Malicious Email Activity
162.241.121.207	32	wmp	None	2020-08-20 00:00:00	2021-09-29 00:00:00	None	HIVE Case #3601 COLS-NA-TIP-20-0260 (IP=207,US) | updated by dbc Block expiration extended with reason US TO-S-2020-0838 Malicious Email Activity
162.241.121.214	32	TLM	None	2021-07-29 00:00:00	2021-10-27 00:00:00	None	HIVE Case #5884 TO-S-2021-1435 (IP=214,US)
162.241.121.230	32	dbc	None	2020-09-23 00:00:00	2021-09-23 00:00:00	None	US TO-S-2020-0826 Hive Case 3950 Malicious Email Activity
162.241.121.52	32	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	US TO-S-2020-0838 Malicious Email Activity
162.241.121.66	32	dbc	None	2020-09-17 00:00:00	2021-09-17 00:00:00	None	US TO-S-2020-0805 Malicious Email Activity
162.241.123.34	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
162.241.124.107	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=107,US)
162.241.124.111	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
162.241.124.123	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
162.241.124.127	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malicious Web Application Activity
162.241.124.132	32	NAB	None	2020-10-30 00:00:00	2021-01-28 00:00:00	None	HIVE Case #4238 COLS-NA-TIP-20-0344 (IP=132,US)
162.241.124.155	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	US TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
162.241.124.173	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
162.241.124.184	32	wmp	None	2020-09-11 00:00:00	2021-10-21 00:00:00	None	HIVE Case #3845 COLS-NA-TIP-20-0289 (IP=184,US) | updated by dbc Block expiration extended with reason US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
162.241.124.195	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	US TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
162.241.124.231	32	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5637 TO-S-2021-1321 (IP=231,US)
162.241.124.236	32	NAB	None	2020-10-30 00:00:00	2021-01-28 00:00:00	None	HIVE Case #4238 COLS-NA-TIP-20-0344 (IP=236,US)
162.241.124.46	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	US TO-S-2021-1007 Malicious Email Activity
162.241.125.120	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
162.241.125.125	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
162.241.125.129	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=129,US)
162.241.125.130	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	US Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
162.241.125.150	32	wmp	None	2020-09-03 00:00:00	2021-10-08 00:00:00	None	HIVE Case #3770 TO-S-2020-0779 COLS-NA-TIP-20-0280 (IP=150,US) | updated by dbc Block expiration extended with reason HIVE Case #4064 TO-S-2020-0859 (IP=150,US)
162.241.125.161	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	US TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
162.241.125.171	32	wmp	None	2020-09-03 00:00:00	2021-10-08 00:00:00	None	HIVE Case #3770 TO-S-2020-0779 COLS-NA-TIP-20-0280 (IP=171,US) | updated by dbc Block expiration extended with reason HIVE Case #4064 TO-S-2020-0859 (IP=171,US)
162.241.125.173	32	wmp	None	2020-09-03 00:00:00	2021-10-21 00:00:00	None	HIVE Case #3770 TO-S-2020-0779 COLS-NA-TIP-20-0280 (IP=173,US) | updated by dbc Block expiration extended with reason US TO-S-2021-0876 Hive Case 4166 Malicious Web Application Activity
162.241.125.176	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=176,US)
162.241.125.179	32	TLM	None	2021-07-29 00:00:00	2021-10-27 00:00:00	None	HIVE Case #5884 TO-S-2021-1435 (IP=179,US)
162.241.125.19	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malicious Web Application Activity
162.241.125.221	32	TLM	None	2021-06-17 00:00:00	2021-12-17 00:00:00	None	HIVE Case #5644 TO-S-2021-1352 (IP=221,US)
162.241.125.225	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	US Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
162.241.125.234	32	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5637 TO-S-2021-1321 (IP=234,US)
162.241.125.30	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
162.241.125.76	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	US Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
162.241.126.109	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	US TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
162.241.126.150	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	US TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
162.241.126.176	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	US TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
162.241.126.181	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	US TO-S-2021-0949 Hive Case 4363 Malicious Email Activity
162.241.126.195	32	TLM	None	2021-07-29 00:00:00	2021-10-27 00:00:00	None	HIVE Case #5884 TO-S-2021-1435 (IP=195,US)
162.241.126.231	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	US TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
162.241.126.242	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	US TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
162.241.126.244	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	US TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
162.241.126.50	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	US TO-S-2021-1007 Malicious Email Activity
162.241.127.12	32	NAB	None	2020-10-30 00:00:00	2021-11-03 00:00:00	None	HIVE Case #4238 COLS-NA-TIP-20-0344 (IP=12,US) | updated by dbc Block expiration extended with reason US Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
162.241.127.123	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	US Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
162.241.127.124	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	US TO-S-2021-0949 Hive Case 4363 Malicious Email Activity
162.241.127.152	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	US Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
162.241.127.158	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	US TO-S-2021-0949 Hive Case 4363 Malicious Email Activity
162.241.127.202	32	TLM	None	2021-06-17 00:00:00	2021-12-17 00:00:00	None	HIVE Case #5644 TO-S-2021-1352 (IP=202,US)
162.241.127.77	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	US TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
162.241.127.98	32	BMP	None	2021-05-10 00:00:00	2021-08-08 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability - 6hr Web Attacks (CVE-2017-9841) (IP=98,US)
162.241.137.137	32	dbc	None	2020-03-24 00:00:00	2021-03-24 00:00:00	None	US TO-S-2020-0369 Malicious Email Activity
162.241.137.197	32	wmp	None	2020-08-26 00:00:00	2021-10-08 00:00:00	None	HIVE Case #3650 COLS-NA-TIP-20-0271 (IP=197,US) | updated by dbc Block expiration extended with reason HIVE Case #4064 TO-S-2020-0859 (IP=197,US)
162.241.138.82	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
162.241.140.54	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	US TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
162.241.141.88	32	NAB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HIVE Case #5136 TO-S-21-1197 TO-S-21-1197.01 (IP=88,US)
162.241.143.7	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	US Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
162.241.148.10	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
162.241.148.163	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	US Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
162.241.148.226	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	US TO-S-2021-0949 Hive Case 4363 Malicious Email Activity
162.241.148.36	32	wmp	None	2020-08-20 00:00:00	2021-10-08 00:00:00	None	HIVE Case #3601 COLS-NA-TIP-20-0260 (IP=36,US) | updated by dbc Block expiration extended with reason HIVE Case #4064 TO-S-2020-0859 (IP=36,US)
162.241.149.208	32	dbc	None	2020-04-08 00:00:00	2021-04-08 00:00:00	None	US TO-S-2020-0419 Malicious Email Activity
162.241.149.38	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	US TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
162.241.154.46	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=46,US)
162.241.156.188	32	wmp	None	2020-09-03 00:00:00	2021-10-21 00:00:00	None	HIVE Case #3770 TO-S-2020-0779 COLS-NA-TIP-20-0280 (IP=188,US) | updated by dbc Block expiration extended with reason US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
162.241.158.22	32	dbc	None	2020-04-08 00:00:00	2021-04-08 00:00:00	None	US TO-S-2020-0419 Malicious Email Activity
162.241.159.36	32	TLM	None	2021-06-17 00:00:00	2021-12-17 00:00:00	None	HIVE Case #5644 TO-S-2021-1352 (IP=36,US)
162.241.169.23	32	NAB	None	2021-04-05 00:00:00	2021-07-04 00:00:00	None	HIVE Case #5201 TO-S-21-1209 (IP=23,US)
162.241.171.138	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
162.241.174.102	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	US TO-S-2020-0331 Malware Activity
162.241.174.213	32	NAB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HIVE Case #5136 TO-S-21-1197 TO-S-21-1197.01 (IP=213,US)
162.241.174.48	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	US TO-S-2020-0331 Malicious Email Activity
162.241.174.71	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	US TO-S-2020-0331 Malicious Email Activity
162.241.174.95	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	US TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
162.241.175.131	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=131,US)
162.241.175.18	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	US TO-S-2020-0698 Malicious Email Activity
162.241.175.201	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	US TO-S-2020-0750 Malicious Email Activity
162.241.188.220	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
162.241.188.29	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=29,US)
162.241.190.216	32	NAB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HIVE Case #5136 TO-S-21-1197 TO-S-21-1197.01 (IP=216,US)
162.241.190.39	32	TLM	None	2021-07-29 00:00:00	2021-10-27 00:00:00	None	HIVE Case #5884 TO-S-2021-1435 (IP=39,US)
162.241.194.167	32	NAB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HIVE Case #5136 TO-S-21-1197 TO-S-21-1197.01 (IP=167,US)
162.241.2.146	32	wmp	None	2020-08-26 00:00:00	2021-10-08 00:00:00	None	HIVE Case #3650 COLS-NA-TIP-20-0271 (IP=146,US) | updated by dbc Block expiration extended with reason HIVE Case #4064 TO-S-2020-0859 (IP=146,US)
162.241.2.162	32	kmw	None	2020-01-02 00:00:00	2021-01-02 00:00:00	None	US TO-S-2020-0228 Malicious Email Activity
162.241.2.171	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
162.241.2.19	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=19,US)
162.241.2.243	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	US TO-S-2021-0949 Hive Case 4363 Malicious Email Activity
162.241.2.30	32	kmw	None	2020-01-02 00:00:00	2021-01-02 00:00:00	None	US TO-S-2020-0228 Malicious Email Activity
162.241.2.34	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	US TO-S-2020-0750 Malicious Email Activity
162.241.2.44	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=44,US)
162.241.200.38	32	dbc	None	2020-04-08 00:00:00	2021-04-08 00:00:00	None	US TO-S-2020-0419 Malware Activity
162.241.200.47	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
162.241.201.239	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	US TO-S-2021-1007 Malicious Email Activity
162.241.201.243	32	NAB	None	2021-04-05 00:00:00	2021-07-04 00:00:00	None	HIVE Case #5201 TO-S-21-1209 (IP=243,US)
162.241.201.68	32	NAB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HIVE Case #5136 TO-S-21-1197 TO-S-21-1197.01 (IP=68,US)
162.241.201.89	32	dbc	None	2020-03-24 00:00:00	2021-03-24 00:00:00	None	US TO-S-2020-0369 Malicious Email Activity
162.241.203.21	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	US TO-S-2020-0750 Malicious Email Activity
162.241.203.231	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	US TO-S-2020-0698 Malicious Email Activity
162.241.203.236	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	Unaffiliated TO-S-2020-0535 Malicious Email Activity
162.241.203.37	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
162.241.203.42	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=42,US)
162.241.203.45	32	dbc	None	2020-03-24 00:00:00	2021-03-24 00:00:00	None	US TO-S-2020-0369 Malicious Email Activity
162.241.203.50	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	US TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
162.241.203.86	32	dbc	None	2020-03-24 00:00:00	2021-03-24 00:00:00	None	US TO-S-2020-0369 Malicious Email Activity
162.241.207.240	32	TLM	None	2021-06-17 00:00:00	2021-12-17 00:00:00	None	HIVE Case #5644 TO-S-2021-1352 (IP=240,US)
162.241.209.153	32	NAB	None	2021-04-05 00:00:00	2021-07-04 00:00:00	None	HIVE Case #5201 TO-S-21-1209 (IP=153,US)
162.241.209.69	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	US TO-S-2021-0949 Hive Case 4363 Malicious Email Activity
162.241.216.158	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	US TO-S-2020-0698 Malicious Email Activity
162.241.217.225	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
162.241.218.109	32	wmp	None	2020-08-31 00:00:00	2021-10-29 00:00:00	None	HIVE Case #3723 COLS-NA-TIP-20-0275 (IP=109,US) | updated by dbc Block expiration extended with reason US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
162.241.218.13	32	GM	None	2020-03-13 00:00:00	2021-05-07 00:00:00	None	HTTP: SQL Injection - Exploit II - Web Attacks (IP=13,US) | updated by dbc Block expiration extended with reason US TO-S-2020-0493 Malware Activity
162.241.218.136	32	JKC	None	2020-06-11 00:00:00	2021-06-11 00:00:00	None	Malicious IP Hive Case 2987 COLS-NA TIP 20-0165 CTO 20-156 (ip=136, US)
162.241.218.160	32	dbc	None	2020-03-24 00:00:00	2021-03-24 00:00:00	None	US TO-S-2020-0369 Malicious Email Activity
162.241.218.232	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	US TO-S-2020-0750 Malicious Email Activity
162.241.218.238	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	US TO-S-2020-0698 Malicious Email Activity
162.241.219.155	32	GM	None	2019-02-10 00:00:00	2021-10-29 00:00:00	None	SQL 1 = 1 - possible sql injection attempt (IP=155,US) | updated by dbc Block was inactive. Reactivated on 20201029 with reason US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
162.241.219.164	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	US Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
162.241.219.173	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	US TO-S-2020-0698 Malicious Email Activity
162.241.219.59	32	dbc	None	2020-09-23 00:00:00	2021-09-23 00:00:00	None	US TO-S-2020-0826 Hive Case 3950 Malicious Email Activity
162.241.222.107	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	US Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
162.241.222.192	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	US TO-S-2021-0949 Hive Case 4363 Malicious Email Activity
162.241.222.42	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=42,US)
162.241.222.70	32	TLM	None	2021-06-17 00:00:00	2021-12-17 00:00:00	None	HIVE Case #5644 TO-S-2021-1352 (IP=70,US)
162.241.222.86	32	dbc	None	2020-05-13 00:00:00	2021-06-10 00:00:00	None	Unaffiliated TO-S-2020-0503 Malicious Email Activity | updated by dbc Block expiration extended with reason Unaffiliated TO-S-2020-0601 Malicious Email Activity
162.241.224.38	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=38,US)
162.241.225.138	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	US TO-S-2020-0750 Malicious Email Activity
162.241.225.150	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	US Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
162.241.225.162	32	NAB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HIVE Case #5136 TO-S-21-1197 TO-S-21-1197.01 (IP=162,US)
162.241.225.30	32	wmp	None	2020-08-05 00:00:00	2021-09-17 00:00:00	None	HIVE Case #3479 COLS-NA-TIP-20-0246 (IP=30,US) | updated by wmp Block expiration extended with reason HIVE Case #3649 COLS-NA-TIP-20-0268 (IP=30,US) | updated by dbc Block expiration extended with reason US TO-S-2020-0805 Malicious Email Activity
162.241.225.45	32	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	US TO-S-2020-0838 Malicious Email Activity
162.241.225.51	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
162.241.225.54	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=54,US)
162.241.225.63	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
162.241.225.90	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	US TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
162.241.226.136	32	jkc	None	2021-04-21 00:00:00	2021-10-21 00:00:00	None	Case # 5273 IOC_TO-S-2021-1233 Malicious callback IP
162.241.226.160	32	dbc	None	2020-09-17 00:00:00	2021-09-17 00:00:00	None	US TO-S-2020-0805 Malicious Email Activity
162.241.226.40	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	US TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
162.241.232.23	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
162.241.24.200	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=200,US)
162.241.24.62	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=62,US)
162.241.24.71	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=71,US)
162.241.241.140	32	dbc	None	2020-05-13 00:00:00	2021-05-13 00:00:00	None	Unaffiliated TO-S-2020-0503 Malicious Email Activity
162.241.242.173	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=173,US)
162.241.243.209	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	US TO-S-2021-1007 Malicious Email Activity
162.241.244.141	32	wmp	None	2020-09-22 00:00:00	2021-11-03 00:00:00	None	HIVE Case #3941 TO-S-2020-0821 COLS-NA-TIP-20-0298 (IP=141,US) | updated by dbc Block expiration extended with reason US Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
162.241.244.16	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=16,US)
162.241.252.104	32	wmp	None	2020-07-17 00:00:00	2021-09-17 00:00:00	None	HIVE Case #3353 TO-S-2020-0682 COLS-NA-TIP-20-0223 (IP=104,US) | updated by dbc Block expiration extended with reason US TO-S-2020-0805 Malicious Email Activity
162.241.252.134	32	TLM	None	2021-06-10 00:00:00	2021-12-10 00:00:00	None	HIVE CASE #5606 TO-S-2021-1338
162.241.252.53	32	TLM	None	2021-06-10 00:00:00	2021-12-10 00:00:00	None	HIVE CASE #5606 TO-S-2021-1338
162.241.253.120	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=120,US)
162.241.253.180	32	NAB	None	2021-04-05 00:00:00	2021-07-04 00:00:00	None	HIVE Case #5201 TO-S-21-1209 (IP=180,US)
162.241.253.216	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
162.241.26.10	32	JKC	None	None	2021-08-24 00:00:00	None	TIPPR19-0140 (IP=10, US) | updated by dbc with reason US TO-S-2019-0626.01 Malicious Email Activity | updated by WR Block was inactive. Reactivated on 20210526 with reason INDICATOR-OBFUSCATION obfuscated
162.241.27.21	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=21,US)
162.241.27.33	32	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	US TO-S-2020-0838 Malicious Email Activity
162.241.27.89	32	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	US TO-S-2020-0838 Malicious Email Activity
162.241.29.113	32	TLM	None	2021-06-17 00:00:00	2021-12-17 00:00:00	None	HIVE Case #5644 TO-S-2021-1352 (IP=113,US)
162.241.29.134	32	wmp	None	2020-08-20 00:00:00	2021-10-08 00:00:00	None	HIVE Case #3601 COLS-NA-TIP-20-0260 (IP=134,US) | updated by dbc Block expiration extended with reason HIVE Case #4064 TO-S-2020-0859 (IP=134,US)
162.241.29.149	32	NAB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HIVE Case #5136 TO-S-21-1197 TO-S-21-1197.01 (IP=149,US)
162.241.29.166	32	dbc	None	2020-06-10 00:00:00	2021-06-10 00:00:00	None	Unaffiliated TO-S-2020-0601 Malicious Email Activity
162.241.3.15	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=15,US)
162.241.3.35	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
162.241.3.4	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=4,US)
162.241.34.180	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	US Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
162.241.40.150	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
162.241.47.157	32	dbc	None	2020-06-08 00:00:00	2021-06-08 00:00:00	None	Unafiliated TO-S-2020-0592 Malicious Email Activity
162.241.47.47	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
162.241.47.62	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	US TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
162.241.50.38	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	US TO-S-2020-0698 Malware Activity
162.241.60.125	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
162.241.60.183	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
162.241.60.213	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
162.241.60.254	32	wmp	None	2020-08-26 00:00:00	2021-10-08 00:00:00	None	HIVE Case #3650 COLS-NA-TIP-20-0271 (IP=254,US) | updated by dbc Block expiration extended with reason HIVE Case #4064 TO-S-2020-0859 (IP=254,US)
162.241.60.30	32	TLM	None	2021-06-17 00:00:00	2021-12-17 00:00:00	None	HIVE Case #5644 TO-S-2021-1352 (IP=30,US)
162.241.61.219	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=219,US)
162.241.61.244	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
162.241.61.84	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	US TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
162.241.65.149	32	jkc	None	2021-04-21 00:00:00	2021-10-21 00:00:00	None	Case # 5273 IOC_TO-S-2021-1233 Malicious callback IP
162.241.65.172	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
162.241.65.40	32	dbc	None	2020-04-08 00:00:00	2021-04-08 00:00:00	None	US TO-S-2020-0419 Malware Activity
162.241.65.73	32	dbc	None	2020-09-17 00:00:00	2021-09-17 00:00:00	None	US TO-S-2020-0805 Malicious Email Activity
162.241.65.74	32	NAB	None	2021-04-05 00:00:00	2021-07-04 00:00:00	None	HIVE Case #5201 TO-S-21-1209 (IP=74,US)
162.241.65.79	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	US TO-S-2020-0535 Malicious Email Activity
162.241.67.182	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	US TO-S-2020-0698 Malicious Email Activity
162.241.67.187	32	dbc	None	2020-03-24 00:00:00	2021-03-24 00:00:00	None	US TO-S-2020-0369 Malicious Email Activity
162.241.67.201	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=201,US)
162.241.67.214	32	NAB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HIVE Case #5136 TO-S-21-1197 TO-S-21-1197.01 (IP=214,US)
162.241.67.242	32	NAB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HIVE Case #5136 TO-S-21-1197 TO-S-21-1197.01 (IP=242,US)
162.241.67.32	32	dbc	None	2020-03-24 00:00:00	2021-03-24 00:00:00	None	US TO-S-2020-0369 Malicious Email Activity
162.241.67.89	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	US TO-S-2020-0535 Malicious Email Activity
162.241.69.141	32	TLM	None	2021-06-17 00:00:00	2021-12-17 00:00:00	None	HIVE Case #5644 TO-S-2021-1352 (IP=141,US)
162.241.69.226	32	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5637 TO-S-2021-1321 (IP=226,US)
162.241.69.86	32	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5637 TO-S-2021-1321 (IP=86,US)
162.241.70.123	32	JKC	None	2020-06-11 00:00:00	2021-06-11 00:00:00	None	Malicious IP Hive Case 2987 COLS-NA TIP 20-0165 CTO 20-156 (ip=123, US)
162.241.70.130	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	US TO-S-2020-0535 Malicious Email Activity
162.241.70.180	32	dbc	None	2020-05-13 00:00:00	2021-06-10 00:00:00	None	Unaffiliated TO-S-2020-0503 Malicious Email Activity | updated by dbc Block expiration extended with reason Unaffiliated TO-S-2020-0601 Malicious Email Activity
162.241.70.199	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
162.241.70.208	32	TLM	None	2021-07-29 00:00:00	2021-10-27 00:00:00	None	HIVE Case #5884 TO-S-2021-1435 (IP=208,US)
162.241.70.217	32	dbc	None	2020-01-08 00:00:00	2021-01-08 00:00:00	None	US TO-S-2020-0236 Malicious Email Activity
162.241.70.89	32	NAB	None	2021-04-05 00:00:00	2021-07-04 00:00:00	None	HIVE Case #5201 TO-S-21-1209 (IP=89,US)
162.241.71.170	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
162.241.71.252	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	US TO-S-2020-0331 Malicious Email Activity
162.241.71.33	32	TLM	None	2021-06-17 00:00:00	2021-12-17 00:00:00	None	HIVE Case #5644 TO-S-2021-1352 (IP=33,US)
162.241.71.38	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	US TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
162.241.71.86	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=86,US)
162.241.73.112	32	dbc	None	2020-03-24 00:00:00	2021-03-24 00:00:00	None	US TO-S-2020-0369 Malicious Email Activity
162.241.74.163	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	US TO-S-2020-0535 Malware Activity
162.241.78.229	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	US TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
162.241.80.15	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=15,US)
162.241.80.6	32	dbc	None	2020-03-24 00:00:00	2021-03-24 00:00:00	None	US TO-S-2020-0369 Malicious Email Activity
162.241.85.103	32	TLM	None	2021-06-17 00:00:00	2021-12-17 00:00:00	None	HIVE Case #5644 TO-S-2021-1352 (IP=103,US)
162.241.85.112	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=112,US)
162.241.85.120	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	US TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
162.241.85.21	32	wmp	None	2020-09-16 00:00:00	2021-10-21 00:00:00	None	HIVE Case #3904 COLS-NA-TIP-20-0292 (IP=21,US) | updated by dbc Block expiration extended with reason US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
162.241.85.218	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
162.241.85.65	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	US Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
162.241.85.66	32	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5637 TO-S-2021-1321 (IP=66,US)
162.241.85.85	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	US TO-S-2020-0750 Malicious Email Activity
162.241.87.145	32	wmp	None	2020-08-26 00:00:00	2021-10-08 00:00:00	None	HIVE Case #3650 COLS-NA-TIP-20-0271 (IP=145,US) | updated by dbc Block expiration extended with reason HIVE Case #4064 TO-S-2020-0859 (IP=145,US)
162.241.87.153	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	US Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
162.241.87.156	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=156,US)
162.241.87.207	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=207,US)
162.241.87.212	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
162.241.87.46	32	wmp	None	2020-07-21 00:00:00	2021-09-17 00:00:00	None	HIVE Case #3375 COLS-NA-TIP-20-0230 (IP=46,US) | updated by dbc Block expiration extended with reason US TO-S-2020-0805 Malicious Email Activity
162.241.87.74	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=74,US)
162.241.87.79	32	wmp	None	2020-08-17 00:00:00	2021-10-08 00:00:00	None	HIVE Case #3559 COLS-NA-TIP-20-0258 (IP=79,US) | updated by dbc Block expiration extended with reason HIVE Case #4064 TO-S-2020-0859 (IP=79,US)
162.241.87.82	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
162.241.87.99	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	US TO-S-2020-0698 Malicious Email Activity
162.241.89.50	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=50,US)
162.241.92.194	32	BMP	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=194,US)
162.243.1.231	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	US TO-S-2020-0298 Malware Activity
162.243.13.195	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
162.243.166.170	32	dbc	None	2020-03-24 00:00:00	2021-03-24 00:00:00	None	US TO-S-2020-0369 Malicious Email Activity
162.243.175.177	32	BMP	None	2021-08-15 00:00:00	2021-11-13 00:00:00	None	SQL injection - 6hr Web Attacks (IP=177,US)
162.243.175.196	32	GM	None	2021-04-02 00:00:00	2021-07-02 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=196,US)
162.243.175.33	32	RR	None	2021-05-23 00:00:00	2021-08-21 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Sourcefire (IP=33,US) | updated by RR Block expiration extended with reason HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=33,US) HTTP: PHPUnit Remote Code E
162.243.175.33	32	RW	None	2021-04-11 00:00:00	2021-08-21 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Sourcefire (IP=33,US) | updated by RR Block expiration extended with reason HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=33,US) HTTP: PHPUnit Remote Code E
162.243.187.129	32	GM	None	2020-12-20 00:00:00	2021-03-20 00:00:00	None	Masscan TCP Port Scanner - FireEye CMS (IP=129,US)
162.244.125.164	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=164,US)
162.244.253.253	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	US TO-S-2020-0298 Malware Activity
162.244.81.151	32	BMP	None	2021-04-01 00:00:00	2021-06-30 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=151,US)
162.245.236.19	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=19,US)
162.246.116.201	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=201,US)
162.246.20.210	32	CR	None	2018-09-21 05:00:00	2021-04-23 00:00:00	None	SQL 1 = 1 - possible sql injection attempt, (IP=210,US) | updated by dbc Block was inactive. Reactivated on 20200423 with reason US TO-S-2020-0459 Malware Activity
162.246.22.20	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=20,US)
162.248.150.134	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	MULTIPLE UNRECOGNIZED TECHNIQUES; FORWARD TO DEV TEAM (IP=134,US)
162.248.164.40	32	dbc	None	2020-04-08 00:00:00	2021-04-08 00:00:00	None	CA TO-S-2020-0419 Malware Activity
162.248.246.182	32	dbc	None	2020-09-17 00:00:00	2021-09-17 00:00:00	None	US TO-S-2020-0805 Malicious Email Activity
162.248.46.58	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	PR TO-S-2020-0331 Malicious Web Application Activity
162.249.125.84	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
162.249.127.160	32	NAB	None	2021-01-07 00:00:00	2021-12-26 00:00:00	None	HIVE Case #NA FP Security (IP=160,US) | updated by JKC Block was inactive. Reactivated on 20210927 with reason HIVE Case #NA FP Security/CIO Policy (IP=160,US)
162.249.2.226	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	US TO-S-2021-1007 Malicious Email Activity
162.249.220.190	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malware Activity
162.250.120.139	32	TLM	None	2021-07-29 00:00:00	2021-10-27 00:00:00	None	HIVE Case #5884 TO-S-2021-1435 (IP=139,US)
162.250.127.142	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=142,US)
162.251.60.132	32	KH	None	2021-06-30 00:00:00	2021-09-28 00:00:00	None	OS-OTHER Bash CGI environment variable injection attempt - web attacks (IP=132,US)
162.251.80.13	32	RR	None	2020-08-13 00:00:00	2021-10-30 00:00:00	None	SQL union select - possible sql injection attempt - GET parameter - SourceFire (IP=13,US) | updated by NAB Block was inactive. Reactivated on 20210430 with reason HIVE Case #5320 TO-S-21-1247 (IP=13,US)
162.251.85.146	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	Unaffiliated TO-S-2020-0535 Malicious Email Activity
162.251.85.205	32	dbc	None	2020-05-13 00:00:00	2021-05-13 00:00:00	None	Unaffiliated TO-S-2020-0503 Malicious Email Activity
162.251.85.72	32	wmp	None	2020-08-26 00:00:00	2021-10-08 00:00:00	None	HIVE Case #3650 COLS-NA-TIP-20-0271 (IP=72,US) | updated by dbc Block expiration extended with reason HIVE Case #4064 TO-S-2020-0859 (IP=72,US)
162.251.85.8	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	US Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
162.252.242.51	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=51,CA)
162.252.82.220	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	US TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
162.252.82.30	32	dbc	None	2020-04-08 00:00:00	2021-04-08 00:00:00	None	US TO-S-2020-0419 Malicious Email Activity
162.253.125.200	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
162.253.128.82	24	FT	None	2021-04-14 00:00:00	2021-07-13 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt (1:28556:3) Attempted Denial of Service - Sourcefire (IP=82,CN)
162.253.128.82	32	wmp	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=82,CA)
162.253.155.226	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	US TO-S-2020-0298 Malware Activity
162.253.224.15	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
162.254.150.34	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
162.254.150.6	32	dbc	None	2020-06-08 00:00:00	2021-06-08 00:00:00	None	US TO-S-2020-0592 Malware Activity
162.254.158.161	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=161,US)
162.255.1.26	32	GM	None	2020-12-27 00:00:00	2021-03-27 00:00:00	None	SSH User Authentication Brute Force Attempt - Failed Logons (IP=26,US)
162.255.116.226	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
162.255.119.101	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	US TO-S-2020-0698 Malicious Email Activity
162.255.119.102	32	wmp	None	2020-09-25 00:00:00	2021-11-03 00:00:00	None	HIVE Case #3980 COLS-NA-TIP-20-0305 (IP=102,US) | updated by dbc Block expiration extended with reason US Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
162.255.119.103	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	US TO-S-2020-0535 Malware Activity
162.255.119.113	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	US TO-S-2020-0535 Malware Activity
162.255.119.123	32	NAB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HIVE Case #5136 TO-S-21-1197 TO-S-21-1197.01 (IP=123,US)
162.255.119.140	32	TLM	None	2021-06-10 00:00:00	2021-12-10 00:00:00	None	HIVE CASE #5606 TO-S-2021-1338
162.255.119.153	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	US TO-S-2020-0535 Malware Activity
162.255.119.166	32	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	US TO-S-2020-0315 Malicious Web Application Activity
162.255.119.227	32	wmp	None	2020-07-17 00:00:00	2021-09-17 00:00:00	None	HIVE Case #3353 TO-S-2020-0682 COLS-NA-TIP-20-0223 (IP=227,US) | updated by dbc Block expiration extended with reason US TO-S-2020-0805 Malicious Email Activity
162.255.119.250	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	US TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
162.255.119.33	32	TLM	None	2021-07-29 00:00:00	2021-10-27 00:00:00	None	HIVE Case #5884 TO-S-2021-1435 (IP=33,US)
162.255.119.42	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malware Activity
162.255.119.49	32	NAB	None	2021-04-05 00:00:00	2021-07-04 00:00:00	None	HIVE Case #5201 TO-S-21-1209 (IP=49,US)
162.255.119.54	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
162.255.119.61	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	US TO-S-2020-0535 Malware Activity
162.255.119.86	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	US TO-S-2020-0535 Malware Activity
162.255.165.13	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
162.255.202.246	32	UA	None	2021-09-13 00:00:00	2021-12-12 00:00:00	None	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - TT# 21C01805 (IP=246,US)
162.55.221.172	24	KD	None	2021-08-24 00:00:00	2021-11-22 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=172,DE)
162.62.11.128	24	DT	None	2021-06-29 00:00:00	2021-09-27 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Source Fire (IP=128,RU)
162.62.14.0	23	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	RU TO-S-2020-0298 Malicious Email Activity
162.62.14.12	24	DT	None	2021-06-25 00:00:00	2021-09-23 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Source Fire (IP=12,RU)
162.62.15.22	24	RB	None	2019-07-03 00:00:00	2021-09-21 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt_SourceFire (IP=22,RU) | updated by BMP Block was inactive. Reactivated on 20210623 with reason INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sou
162.62.15.22	24	BMP	None	2021-06-23 00:00:00	2021-09-21 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt_SourceFire (IP=22,RU) | updated by BMP Block was inactive. Reactivated on 20210623 with reason INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sou
162.62.16.194	24	ZH	None	2021-06-12 00:00:00	2021-09-10 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire Rpt (IP=194,RU)
162.62.16.194	24	ZH	None	2021-06-12 00:00:00	2021-09-10 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire Rpt (IP=194,RU)
162.62.17.42	24	SW	None	2021-05-21 00:00:00	2021-08-20 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - SourceFire (IP=42,SG)
162.62.174.195	24	ZH	None	2021-06-28 00:00:00	2021-09-26 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire Rpt (IP=195,RU)
162.62.175.211	24	ZH	None	2021-06-28 00:00:00	2021-09-26 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire Rpt (IP=211,RU)
162.62.176.7	24	DT	None	2021-06-28 00:00:00	2021-09-26 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Source Fire (IP=7,RU)
162.62.178.4	24	RW	None	2021-06-29 00:00:00	2021-09-27 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire (IP=4,RU)
162.62.179.162	24	ZH	None	2021-06-28 00:00:00	2021-09-26 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire Rpt (IP=162,RU)
162.62.18.0	23	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	RU TO-S-2020-0298 Malicious Email Activity
162.62.181.151	24	RT	None	2021-06-29 00:00:00	2021-09-27 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire Report (IP=151,RU)
162.62.20.238	32	srm	None	2021-05-11 00:00:00	2021-08-09 00:00:00	None	Firepower Suspicious Scan Activity (IP=238,RU)
162.62.209.10	24	RW	None	2021-06-29 00:00:00	2021-09-27 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire (IP=10,DE)
162.62.213.20	24	RW	None	2021-06-29 00:00:00	2021-09-27 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire (IP=20,DE)
162.62.214.110	24	DT	None	2021-06-28 00:00:00	2021-09-26 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Source Fire (IP=110,DE)
162.62.219.224	32	UA	None	2021-09-29 00:00:00	2021-12-28 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=224,DE)
162.62.26.207	24	BMP	None	2021-05-14 00:00:00	2021-08-12 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire (IP=207,RU)
162.62.33.143	24	KH	None	2021-07-30 00:00:00	2021-10-28 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire (IP=143,RU)
162.62.7.146	24	BMP	None	2021-08-08 00:00:00	2021-11-06 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire (IP=146,RU)
162.62.8.62	24	BMP	None	2021-06-26 00:00:00	2021-09-24 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire (IP=62,SG)
162.62.9.16	24	RW	None	2021-06-29 00:00:00	2021-09-27 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire (IP=16,RU)
162.62.9.75	24	UA	None	2021-09-29 00:00:00	2021-12-28 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=75,RU)
163.116.133.118	32	BMP	None	2021-02-11 00:00:00	2021-05-11 00:00:00	None	Adobe ColdFusion Administrator Access Restriction - 6hr Web Attacks (IP=118,US)
163.125.156.23	32	wmp	None	2021-04-20 00:00:00	2021-07-20 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=23,CN)
163.125.200.53	32	wmp	None	2021-05-07 00:00:00	2021-08-07 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=53,CN)
163.125.205.218	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=218,CN)
163.158.142.180	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	NL TO-S-2020-0298 Malicious Email Activity
163.164.18.5	24	BMP	None	2021-03-30 00:00:00	2021-06-28 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=5,GB)
163.172.100.23	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	FR Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
163.172.108.97	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=97,FR)
163.172.117.90	32	dbc	None	2020-09-17 00:00:00	2021-09-17 00:00:00	None	FR TO-S-2020-0805 Malicious Email Activity
163.172.130.113	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	FR TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
163.172.136.226	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	FR Hive Case 4187 TO-S-2021-0898 Malicious Web Application Activity
163.172.161.87	24	FT	None	2021-03-20 00:00:00	2021-06-18 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=87,FR)
163.172.164.105	24	EE	None	2021-03-28 00:00:00	2021-06-26 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks(IP=105,FR)
163.172.186.112	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	FR TO-S-2020-0493 Malware Activity
163.172.190.160	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	FR TO-S-2020-0303 Malicious Web Application Activity
163.172.199.40	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	FR TO-S-2020-0298 Malicious Email Activity
163.172.203.31	24	EE	None	2021-03-12 00:00:00	2021-06-10 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=31,FR)
163.172.212.166	24	KD	None	2021-07-14 00:00:00	2021-10-12 00:00:00	None	Unauthorized Access-Probe- TT# 21C01442 (IP=166,NL)
163.172.212.166	24	KD	None	2021-07-14 00:00:00	2021-10-12 00:00:00	None	Unauthorized Access-Probe- TT# 21C01442 (IP=166,NL) Unauthorized Access-Probe- TT# 21C01442 (IP=166,NL)
163.172.212.180	32	EE	None	2021-03-10 00:00:00	2021-06-08 00:00:00	None	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00666 (IP=180,NL)
163.172.212.180	32	EE	None	2021-03-10 00:00:00	2021-06-08 00:00:00	None	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00666 (IP=180,NL) HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00666 (IP=180,NL)
163.172.220.146	32	wmp	None	2021-03-09 00:00:00	2021-06-09 00:00:00	None	ArcSight ESM High Attacker (IP=146,NL)
163.172.226.80	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	FR TO-S-2020-0493 Malware Activity
163.172.234.215	32	wmp	None	2021-02-10 00:00:00	2021-05-10 00:00:00	None	Firepower Suspicious Scan Activity (IP=215,FR)
163.172.29.30	32	RR	None	2021-03-09 00:00:00	2021-06-07 00:00:00	None	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00575 (IP=30,FR)
163.172.42.220	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	FR TO-S-2020-0298 Malware Activity
163.172.45.32	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	FR TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
163.172.75.153	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	FR TO-S-2020-0698 Malware Activity
163.172.89.39	24	SW	None	2021-08-25 00:00:00	2021-11-23 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - WebAttacks (IP=39, FR)
163.179.171.138	32	wmp	None	2021-04-28 00:00:00	2021-07-28 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=138,CN)
163.179.171.138	32	wmp	None	2021-04-28 00:00:00	2021-07-28 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=138,CN)
163.191.83.131	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=131,US)
163.197.192.118	32	TLM	None	2021-06-10 00:00:00	2021-12-10 00:00:00	None	HIVE CASE #5606 TO-S-2021-1338
163.197.225.229	32	wmp	None	2020-10-22 00:00:00	2021-01-20 00:00:00	None	HIVE Case #4172 CTO-20-295 (IP=229,US)
163.204.137.58	24	KH	None	2021-09-22 00:00:00	2021-12-21 00:00:00	None	Generic URI Injection wget Attempt - Sourcefire (IP=58,CN)
163.43.128.105	24	RW	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Sourcefire (IP=105,CN)
163.43.193.80	24	DT	None	2021-03-23 00:00:00	2021-06-21 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=80,JP)
163.44.128.0	19	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	SG TO-S-2020-0750 Malicious Email Activity
163.44.136.225	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	SG TO-S-2020-0459 Malware Activity
163.44.185.241	32	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5629 TO-S-2021-1303 (IP=241,JP)
163.44.185.241	32	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5629 TO-S-2021-1303 (IP=241,JP)
163.44.57.243	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	JP Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
163.47.124.54	32	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	AU TO-S-2020-0838 Malicious Email Activity
163.47.148.187	24	BMP	None	2021-03-07 00:00:00	2021-06-28 00:00:00	None	SERVER-WEBAPP vBulletin template rendering arbitrary PHP code execution attempt (1:54768:2) - SourceFire (IP=187,NP) | updated by RB Block expiration extended with reason SERVER-WEBAPP F5 BIG-IP Traffic Management User Interface remote code execution at
163.47.148.187	24	RB	None	2021-03-30 00:00:00	2021-06-28 00:00:00	None	SERVER-WEBAPP vBulletin template rendering arbitrary PHP code execution attempt (1:54768:2) - SourceFire (IP=187,NP) | updated by RB Block expiration extended with reason SERVER-WEBAPP F5 BIG-IP Traffic Management User Interface remote code execution at
163.47.172.0	22	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	KH TO-S-2020-0303 Malicious Email Activity
163.53.180.0	22	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	BD TO-S-2020-0331 Malicious Web Application Activity
163.53.185.198	24	RW	None	2021-07-23 00:00:00	2021-10-21 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt (1:19559:13) - Sourcefire (IP=198,ID)
163.53.196.0	22	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	KH TO-S-2020-0459 Malware Activity
163.53.208.0	22	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	IN TO-S-2020-0298 Malicious Email Activity
163.53.25.138	24	RW	None	2021-03-07 00:00:00	2021-06-07 00:00:00	None	POLICY-OTHER SAP NetWeaver AS LM Configuration Wizard access detected - Sourcefire (IP=138,NP)
163.53.25.138	24	RW	None	2021-03-07 00:00:00	2021-06-07 00:00:00	None	POLICY-OTHER SAP NetWeaver AS LM Configuration Wizard access detected - Sourcefire (IP=138,NP)
163.53.25.138	24	RW	None	2021-03-07 00:00:00	2021-06-07 00:00:00	None	POLICY-OTHER SAP NetWeaver AS LM Configuration Wizard access detected - Sourcefire (IP=138,NP)
164.115.23.113	24	RR	None	2020-11-15 00:00:00	2021-02-13 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - SourceFire (IP=113,TH)
164.115.42.200	24	GM	None	2020-11-01 00:00:00	2021-02-01 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=200,TH)
164.115.43.173	24	GM	None	2020-12-08 00:00:00	2021-03-08 00:00:00	None	Masscan TCP Port Scanner - FireEye CMS (IP=173,TH)
164.132.116.247	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	FR TO-S-2020-0535 Malware Activity
164.132.164.162	32	NAB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HIVE Case #5136 TO-S-21-1197 TO-S-21-1197.01 (IP=162,FR)
164.132.177.1	24	UA	None	2021-05-31 00:00:00	2021-09-04 00:00:00	None	SERVER-WEBAPP Drupal unsafe - Exploit - Web Attacks (IP=1,FR) | updated by RR Block expiration extended with reason SERVER-WEBAPP Drupal unsafe internal attribute remote code execution attempt - SourceFire (IP=1,FR)
164.132.201.204	32	GM	None	2021-03-03 00:00:00	2021-06-03 00:00:00	None	Unauthorized Access-Probe - TT # 21C00545 (IP=204,FR)
164.132.201.87	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	FR Hive Case 4187 TO-S-2021-0898 Malicious Web Application Activity
164.132.235.17	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	FR Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
164.132.34.79	32	wmp	None	2020-08-20 00:00:00	2021-10-08 00:00:00	None	HIVE Case #3601 COLS-NA-TIP-20-0260 (IP=79,FR) | updated by dbc Block expiration extended with reason HIVE Case #4064 TO-S-2020-0859 (IP=79,FR)
164.132.63.221	32	DT	None	2020-10-07 00:00:00	2021-01-07 00:00:00	None	Unauthorized Access-Probe // UDP: Host Sweep - TT # 21C00047 (IP=221,UK)
164.132.74.98	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	FR TO-S-2020-0459 Malware Activity
164.132.74.98	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	FR TO-S-2020-0459 Malware Activity
164.132.77.139	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	FR TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
164.138.210.100	32	NAB	None	2020-10-30 00:00:00	2021-01-28 00:00:00	None	HIVE Case #4238 COLS-NA-TIP-20-0344 (IP=100,ES)
164.138.210.100	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	ES Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
164.151.137.226	32	jkc	None	2021-04-21 00:00:00	2021-10-21 00:00:00	None	Case # 5273 IOC_TO-S-2021-1233 Malicious callback IP
164.155.74.214	32	RW	None	2020-12-15 00:00:00	2021-03-15 00:00:00	None	Hello Peppa Scan - Fireeye IPS (IP=214,US)
164.155.74.40	32	GM	None	2020-11-05 00:00:00	2021-02-05 00:00:00	None	SERVER-WEBAPP vBulletin template rendering arbitrary PHP code execution attempt - Sourcefire (IP=40,US)
164.155.91.55	32	DT	None	2021-04-22 00:00:00	2021-07-22 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=117,US)
164.160.4.0	22	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	UG TO-S-2020-0331 Malicious Web Application Activity
164.163.172.0	22	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	BR TO-S-2020-0331 Malicious Web Application Activity
164.215.32.0	21	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	FI Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
164.52.146.11	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
164.52.146.19	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	US Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
164.52.24.162	32	wmp	None	2021-06-29 00:00:00	2021-09-29 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=162,CN)
164.58.224.38	32	GM	None	2021-03-27 00:00:00	2021-06-25 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=38,US)
164.68.103.237	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	DE TO-S-2020-0298 Malicious Email Activity
164.68.105.158	32	TLM	None	2021-06-17 00:00:00	2021-12-17 00:00:00	None	HIVE Case #5644 TO-S-2021-1352 (IP=158,DE)
164.68.112.178	32	dbc	None	2020-03-24 00:00:00	2021-03-24 00:00:00	None	DE TO-S-2020-0369 Malicious Email Activity
164.68.118.95	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=95,DE)
164.68.120.168	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	DE TO-S-2021-0876 Hive Case 4166 Malware Activity
164.68.121.224	32	wmp	None	2020-09-22 00:00:00	2021-10-29 00:00:00	None	HIVE Case #3941 TO-S-2020-0821 COLS-NA-TIP-20-0298 (IP=224,DE) | updated by dbc Block expiration extended with reason DE Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
164.68.122.0	23	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5637 TO-S-2021-1321 (IP=0,DE)
164.68.124.174	32	TLM	None	2021-09-14 00:00:00	2021-12-13 00:00:00	None	HIVE Case #6164 TO-S-2021-1528 (IP=174,DE)
164.68.125.155	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=155,DE)
164.68.126.82	24	KD	None	2021-07-29 00:00:00	2021-10-28 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt- 6Hr Web Attacks (IP=82,DE) | updated by BB Block expiration extended with reason SERVER-WEBAPP PHPUnit PHP remote code execution attempt - SourceFire (IP=82,DE)
164.68.127.237	32	NAB	None	2021-04-05 00:00:00	2021-07-04 00:00:00	None	HIVE Case #5201 TO-S-21-1209 (IP=237,DE)
164.70.64.233	32	srm	None	2021-03-30 00:00:00	2021-06-30 00:00:00	None	Firepower Suspicious Scan Activity (IP=233,JP)
164.73.142.222	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	UY TO-S-2020-0298 Malicious Email Activity
164.77.111.60	24	BMP	None	2021-03-07 00:00:00	2021-06-07 00:00:00	None	SERVER-WEBAPP LifeRay arbitrary Java object deserialization attempt - 6hr Web Attacks (IP=60,CL)
164.88.127.0	24	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,ZA)
164.90.128.98	32	RW	None	2021-06-17 00:00:00	2021-09-15 00:00:00	None	SERVER-WEBAPP JBoss JMX console access attempt - SourceFire (IP=98,US)
164.90.135.165	32	RR	None	2021-07-16 00:00:00	2021-10-14 00:00:00	None	Self Report / coldFusion Errors - TT# 21C01454 (IP=165,US)
164.90.135.178	32	RT	None	2021-07-17 00:00:00	2021-10-15 00:00:00	None	Google Chrome XSSAuditor Policy ByPass - FireEye IPS (IP=178,US)
164.90.135.180	32	RR	None	2021-07-16 00:00:00	2021-10-14 00:00:00	None	Self Report / coldFusion Errors - TT# 21C01454 (IP=180,US)
164.90.135.73	32	RR	None	2021-07-16 00:00:00	2021-10-14 00:00:00	None	Self Report / coldFusion Errors - TT# 21C01454 (IP=73,US)
164.90.136.152	32	RW	None	2021-06-17 00:00:00	2021-09-15 00:00:00	None	SQL injection - Web Attacks (IP=152,US)
164.90.139.163	32	RW	None	2021-07-17 00:00:00	2021-10-15 00:00:00	None	Google Chrome XSSAuditor Policy ByPass - Fireeye IPS (IP=163,US)
164.90.139.229	32	RW	None	2021-07-17 00:00:00	2021-10-15 00:00:00	None	Google Chrome XSSAuditor Policy ByPass - Fireeye IPS (IP=229,US)
164.90.140.70	32	ZH	None	2021-06-18 00:00:00	2021-09-16 00:00:00	None	SQL Injection - 6hr Web Attacks (IP=70,US)
164.90.140.81	32	ZH	None	2021-06-18 00:00:00	2021-09-16 00:00:00	None	SQL Injection - 6hr Web Attacks (IP=81,US)
164.90.140.86	32	GM	None	2021-03-11 00:00:00	2021-06-11 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=86,US)
164.90.142.24	24	ZH	None	2021-06-18 00:00:00	2021-09-16 00:00:00	None	Multiple SQL Injection attempts across address space - 6hr Web Attacks (IP=24,US)
164.90.144.203	32	GM	None	2021-03-11 00:00:00	2021-06-11 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=203,US)
164.90.147.43	32	wmp	None	2021-02-10 00:00:00	2021-05-10 00:00:00	None	FireEye IPS Nuclei Vulnerability Scanner (IP=43,US)
164.90.148.224	32	RB	None	2021-03-11 00:00:00	2021-06-09 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=224,US)
164.90.154.11	32	BMP	None	2021-03-13 00:00:00	2021-06-13 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=11,US)
164.90.156.178	32	RR	None	2020-11-25 00:00:00	2021-02-25 00:00:00	None	MALWARE-OBJECT - Case 4376 (IP=178,US)
164.90.156.79	24	RR	None	2021-05-20 00:00:00	2021-08-18 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - SourceFire (IP=79,US)
164.90.156.79	32	DT	None	2021-04-05 00:00:00	2021-08-15 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=79,US) | updated by RB Block expiration extended with reason HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=79,US)
164.90.160.252	24	CR	None	2021-04-30 00:00:00	2021-07-30 00:00:00	None	Webshell.Binary.php.FEC2 (IP=252,DE)
164.90.163.250	32	CR	None	2021-04-30 00:00:00	2021-07-30 00:00:00	None	SERVER-WEBAPP SolarWinds Orion authentication bypass attempt - 6 hr failed logons (IP=250,US)
164.90.163.76	24	CR	None	2021-04-30 00:00:00	2021-07-30 00:00:00	None	HTTP SQL injection_Web Attack Report (IP=76,DE)
164.90.164.218	24	CR	None	2021-04-30 00:00:00	2021-07-30 00:00:00	None	HTTP SQL injection_Web Attack Report (IP=218,DE)
164.90.165.72	24	CR	None	2021-04-27 00:00:00	2021-07-26 00:00:00	None	HTTP SQL Injection Attempt - Web Attacks (IP=72,DE)
164.90.165.72	32	BMP	None	2021-04-28 00:00:00	2021-08-15 00:00:00	None	Adobe ColdFusion Administrator Access Restriction - 6hr Web Attacks (IP=72,US) | updated by RB Block expiration extended with reason AR RCC-CONUS HTTP_GET_Psble_F5TMUI_RCE_RC130840 - TT# 21C01133 (IP=72,US)
164.90.167.156	32	DT	None	2021-04-23 00:00:00	2021-07-23 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=156,US)
164.90.167.53	24	CR	None	2021-04-30 00:00:00	2021-07-30 00:00:00	None	HTTP SQL injection_Web Attack Report (IP=53,DE)
164.90.170.237	24	CR	None	2021-04-30 00:00:00	2021-07-30 00:00:00	None	HTTP SQL injection_Web Attack Report (IP=237,DE)
164.90.171.106	24	CR	None	2021-04-30 00:00:00	2021-07-30 00:00:00	None	HTTP SQL injection_Web Attack Report (IP=106,DE)
164.90.172.113	24	CR	None	2021-04-30 00:00:00	2021-07-30 00:00:00	None	HTTP SQL injection_Web Attack Report (IP=113,DE)
164.90.173.147	24	CR	None	2021-04-30 00:00:00	2021-07-30 00:00:00	None	HTTP SQL injection_Web Attack Report (IP=147,DE)
164.90.174.101	32	wmp	None	2021-04-30 00:00:00	2021-07-30 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=101,DE)
164.90.176.237	24	RW	None	2021-03-31 00:00:00	2021-06-30 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Sourcefire (IP=237,DE)
164.90.188.173	32	BMP	None	2021-03-13 00:00:00	2021-06-13 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=173,US)
164.90.190.105	24	RW	None	2021-03-13 00:00:00	2021-06-28 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=105,DE) | updated by DT Block expiration extended with reason HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=105,DE)
164.90.194.224	32	BMP	None	2021-04-01 00:00:00	2021-06-30 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=224,US)
164.90.200.74	24	UA	None	2021-08-15 00:00:00	2021-11-13 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire (IP=74,NL)
164.90.233.178	24	GM	None	2021-03-11 00:00:00	2021-06-11 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=178,DE)
165.100.148.200	32	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	JP TO-S-2020-0315 Malicious Email Activity
165.154.233.69	24	KH	None	2021-08-03 00:00:00	2021-11-01 00:00:00	None	SERVER-WEBAPP VMWare vSphere Client remote code execution attempt - Web Attacks (IP=69,PH)
165.16.200.0	21	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	ZA TO-S-2020-0331 Malicious Web Application Activity
165.16.208.0	20	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,BF)
165.22.0.174	32	RR	None	2020-11-24 00:00:00	2021-02-22 00:00:00	None	SQL union select - possible sql injection attempt - GET parameter - Web Attacks (IP=174,US)
165.22.101.92	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	SG TO-S-2020-0303 Malicious Email Activity
165.22.107.233	24	RB	None	2021-03-29 00:00:00	2021-06-27 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr web attacks (IP=233,SG)
165.22.11.101	32	BMP	None	2021-03-27 00:00:00	2021-06-25 00:00:00	None	SQL injection - 6hr Web Attacks (IP=101,US)
165.22.11.138	32	BMP	None	2021-03-27 00:00:00	2021-06-25 00:00:00	None	SQL injection - 6hr Web Attacks (IP=138,US)
165.22.11.27	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
165.22.114.98	24	DT	None	2021-03-20 00:00:00	2021-06-18 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=98,GB)
165.22.125.167	32	EE	None	2021-01-08 00:00:00	2021-04-08 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire (IP=167,US)
165.22.14.229	32	EE	None	2021-04-04 00:00:00	2021-07-03 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) Web Attack (IP=229,US)
165.22.16.117	24	BMP	None	2021-04-30 00:00:00	2021-07-29 00:00:00	None	SQL injection - 6hr Web Attacks (IP=117,DE)
165.22.18.180	24	BMP	None	2021-04-30 00:00:00	2021-07-29 00:00:00	None	SQL injection - 6hr Web Attacks (IP=180,DE)
165.22.180.251	32	RW	None	2021-04-10 00:00:00	2021-07-10 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Sourcefire (IP=251,US)
165.22.185.175	32	EE	None	2021-04-02 00:00:00	2021-07-01 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire(IP=175,US)
165.22.186.199	32	RT	None	2021-05-27 00:00:00	2021-08-25 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire Report (IP=199,US)
165.22.187.218	32	KD	None	2021-06-14 00:00:00	2021-09-13 00:00:00	None	Adobe ColdFusion Administrator Access Restriction- Web Attacks (IP=218,US)
165.22.20.157	24	BMP	None	2021-04-30 00:00:00	2021-07-29 00:00:00	None	SERVER-WEBAPP Java XML deserialization remote code execution attempt - 6hr Web Attacks (IP=157,DE)
165.22.204.15	32	RR	None	2021-08-31 00:00:00	2021-11-29 00:00:00	None	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - TT# 21C01698 (IP=15,US)
165.22.207.135	32	wmp	None	2021-05-27 00:00:00	2021-08-27 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=135,NL)
165.22.207.81	32	RR	None	2021-08-31 00:00:00	2021-11-29 00:00:00	None	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - TT# 21C01698 (IP=81,US)
165.22.209.245	24	BMP	None	2021-04-02 00:00:00	2021-07-01 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=145,IN)
165.22.209.67	32	EE	None	2021-03-27 00:00:00	2021-06-25 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=67,US)
165.22.210.128	24	RW	None	2021-04-19 00:00:00	2021-07-19 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=128,IN)
165.22.210.142	32	FT	None	2020-12-17 00:00:00	2021-03-17 00:00:00	None	OS-OTHER Bash CGI environment variable injection attempt - 6hr Web Attacks (IP=142,IN)
165.22.211.54	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	IN TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
165.22.212.117	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	IN TO-S-2020-0331 Malicious Web Application Activity
165.22.212.137	24	RB	None	2021-04-19 00:00:00	2021-07-18 00:00:00	None	SQL injection - 6hr web attacks (IP=137,IN)
165.22.214.133	32	srm	None	2021-04-28 00:00:00	2021-07-27 00:00:00	None	Firepower Suspicious Scan Activity (IP=133,IN)
165.22.214.152	32	srm	None	2021-04-28 00:00:00	2021-07-27 00:00:00	None	Firepower Suspicious Scan Activity (IP=152,IN)
165.22.216.166	24	GM	None	2021-04-22 00:00:00	2021-07-21 00:00:00	None	Command Injection - Automated Block Calculations (IP=166,IN)
165.22.217.143	24	WR	None	2021-06-26 00:00:00	2021-09-24 00:00:00	None	SERVER-WEBAPP Netgear ReadyNAS Surveillance upgrade_handle.php command injection attempt (1:44472:3) - SourceFire (IP=143,IN)
165.22.22.212	24	RB	None	2021-03-29 00:00:00	2021-06-27 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr web attacks (IP=212,DE)
165.22.220.185	24	RB	None	2021-04-19 00:00:00	2021-07-18 00:00:00	None	SQL injection - 6hr web attacks (IP=185,IN)
165.22.221.173	32	dbc	None	2020-09-17 00:00:00	2021-09-17 00:00:00	None	IN TO-S-2020-0805 Malicious Web Application Activity
165.22.222.167	24	RR	None	2021-04-23 00:00:00	2021-07-23 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=167,IN)
165.22.225.128	32	srm	None	2021-03-30 00:00:00	2021-06-30 00:00:00	None	Firepower Suspicious Scan Activity (IP=128,CA)
165.22.225.208	24	DT	None	2021-04-09 00:00:00	2021-07-08 00:00:00	None	HTTP: PHP-FPM Remote Code Execution Vulnerability (CVE-2019-11043) - 6hr Web Attacks (IP=208,CA)
165.22.227.201	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=201,CA)
165.22.227.24	24	EE	None	2021-03-27 00:00:00	2021-06-25 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=24,CA)
165.22.230.210	24	UA	None	2021-07-11 00:00:00	2021-10-09 00:00:00	None	POLICY-OTHER Adobe ColdFusion component browser access attempt - Web Attacks (IP=210,CA)
165.22.239.20	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	CA TO-S-2020-0493 Malware Activity
165.22.247.95	32	srm	None	2021-04-28 00:00:00	2021-07-27 00:00:00	None	Firepower Suspicious Scan Activity (IP=95,SG)
165.22.25.3	32	wmp	None	2021-05-05 00:00:00	2021-08-05 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=3,DE)
165.22.32.98	32	DT	None	2021-03-14 00:00:00	2021-06-14 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=98,US)
165.22.33.2	32	RW	None	2021-05-17 00:00:00	2021-08-15 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=2,US)
165.22.42.167	32	RR	None	2021-06-13 00:00:00	2021-09-11 00:00:00	None	SQL injection - Web Attacks (IP=167,US)
165.22.42.239	32	ZH	None	2021-08-26 00:00:00	2021-11-24 00:00:00	None	SERVER-WEBAPP Cisco ASA directory traversal attempt - 6 hr Web Attacks (IP=239,US)
165.22.44.232	32	RR	None	2021-06-19 00:00:00	2021-09-17 00:00:00	None	SERVER-WEBAPP Jenkins Groovy metaprogramming remote code execution attempt - SourceFire (IP=232,US)
165.22.46.166	32	RR	None	2021-08-18 00:00:00	2021-11-16 00:00:00	None	SQL injection - Web Attacks (IP=166,US)
165.22.47.117	32	RW	None	2021-06-17 00:00:00	2021-09-15 00:00:00	None	SERVER-WEBAPP NUUO NVRmini upgrade_handle.php command injection attempt - SourceFire (IP=117,US)
165.22.53.165	24	ZH	None	2021-08-21 00:00:00	2021-11-22 00:00:00	None	SQL injection - 6hr Web Attacks (IP=165,SG) | updated by RR Block expiration extended with reason SQL injection - Web Attacks (IP=165, SG)
165.22.53.187	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	SG TO-S-2020-0298 Malicious Email Activity
165.22.54.222	24	EE	None	2021-04-02 00:00:00	2021-07-01 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=222,SG)
165.22.59.246	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	SG TO-S-2020-0459 Malware Activity
165.22.6.208	32	ZH	None	2021-09-08 00:00:00	2021-12-07 00:00:00	None	SERVER-WEBAPP Ulterius web server directory traversal attempt - Sourcefire Rpt (IP=208,US)
165.22.6.220	32	EE	None	2021-03-27 00:00:00	2021-06-25 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=220,US)
165.22.61.34	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	SG TO-S-2020-0459 Malware Activity
165.22.64.110	24	BMP	None	2021-05-11 00:00:00	2021-08-09 00:00:00	None	Malware Object Download - Hive Case 5414 (IP=10,DE)
165.22.66.124	24	BMP	None	2021-05-14 00:00:00	2021-08-12 00:00:00	None	SQL injection - 6hr Web Attacks (IP=124,DE)
165.22.69.201	32	wmp	None	2021-05-05 00:00:00	2021-08-05 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=201,DE)
165.22.7.15	32	BMP	None	2021-03-27 00:00:00	2021-06-25 00:00:00	None	HTTP: SQL Injection - Exploit - 6hr Web Attacks (IP=15,US)
165.22.7.245	32	RR	None	2021-03-29 00:00:00	2021-06-27 00:00:00	None	Possible Cross-site Scripting Attack- IPS Event (IP=245,US)
165.22.72.35	24	GM	None	2021-03-27 00:00:00	2021-06-25 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=244,DE)
165.22.73.41	32	wmp	None	2021-05-11 00:00:00	2021-08-11 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=41,DE)
165.22.74.218	24	BMP	None	2021-05-14 00:00:00	2021-08-12 00:00:00	None	SQL injection - 6hr Web Attacks (IP=218,DE)
165.22.76.103	24	RB	None	2021-05-08 00:00:00	2021-08-06 00:00:00	None	SQL injection - 6hr web attacks (IP=103,DE)
165.22.77.91	24	EE	None	2021-03-28 00:00:00	2021-06-26 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=91,DE)
165.22.78.154	24	RB	None	2021-05-10 00:00:00	2021-08-08 00:00:00	None	SQL injection - 6hr web attacks (IP=154,DE)
165.22.80.95	24	RB	None	2021-05-02 00:00:00	2021-07-31 00:00:00	None	SQL injection - 6hr web attacks (IP=95,DE)
165.22.82.220	24	BMP	None	2021-04-30 00:00:00	2021-07-29 00:00:00	None	SQL injection - 6hr Web Attacks (IP=220,DE)
165.22.83.168	24	BMP	None	2021-04-30 00:00:00	2021-07-29 00:00:00	None	SQL injection - 6hr Web Attacks (IP=168,DE)
165.22.85.155	24	BMP	None	2021-04-30 00:00:00	2021-07-29 00:00:00	None	SERVER-WEBAPP Atlassian OAuth plugin multiple versions server side request forgery attempt - 6hr Web Attacks (IP=155,DE)
165.22.86.155	24	BMP	None	2021-04-30 00:00:00	2021-07-29 00:00:00	None	SQL injection - 6hr Web Attacks (IP=155,DE)
165.22.88.83	24	BMP	None	2021-05-05 00:00:00	2021-08-03 00:00:00	None	HTTP SQL Injection Attempt - 6hr Web Attacks (IP=83,DE)
165.22.9.49	32	KD	None	2021-06-14 00:00:00	2021-09-13 00:00:00	None	SERVER-APACHE ApacheTomcatmod_jk accesscontrol bypassattempt(1:48381:1) - Source fire (IP=49,US)
165.22.91.229	24	BMP	None	2021-04-30 00:00:00	2021-07-29 00:00:00	None	SQL injection - 6hr Web Attacks (IP=229,DE)
165.22.92.122	24	BMP	None	2021-04-30 00:00:00	2021-07-29 00:00:00	None	HTTP SQL Injection Attempt - 6hr Web Attacks (IP=122,DE)
165.22.93.88	24	BMP	None	2021-03-13 00:00:00	2021-06-11 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=88,DE)
165.22.95.222	24	RR	None	2021-04-01 00:00:00	2021-06-30 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=222,DE)
165.22.98.190	24	FT	None	2021-03-30 00:00:00	2021-06-28 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=190,SG)
165.220.233.90	24	RR	None	2021-05-31 00:00:00	2021-08-29 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - Failed Logons (IP=90,PH)
165.225.104.0	24	dbc	None	2020-06-10 00:00:00	2021-06-10 00:00:00	None	IN TO-S-2020-0601 Malware Activity
165.225.104.124	24	JKC	None	2020-04-13 00:00:00	2021-04-13 00:00:00	None	CTR-20-0629 MALWARE CAMPAIGN HIVE CASE #2512 (IP=124, IN)
165.225.104.66	32	dbc	None	2020-01-08 00:00:00	2021-01-08 00:00:00	None	IN TO-S-2020-0236 Malicious Email Activity
165.225.216.226	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=226,US)
165.225.216.230	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=230,US)
165.225.216.252	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=252,US)
165.225.216.76	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=76,US)
165.225.217.57	32	BMP	None	2021-07-15 00:00:00	2021-10-13 00:00:00	None	SQL injection - 6hr Web Attacks (IP=57,US)
165.225.242.254	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=254,US)
165.225.50.164	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=164,US)
165.225.50.172	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=172,US)
165.225.73.29	24	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=29,CH)
165.225.77.152	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	FR TO-S-2021-0876 Hive Case 4166 Malware Activity
165.227.101.77	32	RR	None	2021-03-08 00:00:00	2021-06-06 00:00:00	None	SERVER-WEBAPP Java XML deserialization remote code execution attempt - SourceFire (IP=77,US)
165.227.109.16	32	DT	None	2021-03-25 00:00:00	2021-06-23 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=16,US)
165.227.109.195	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	US TO-S-2020-0493 Malware Activity
165.227.114.69	32	BMP	None	2021-06-15 00:00:00	2021-09-13 00:00:00	None	SQL injection - 6hr Web Attacks (IP=69,US)
165.227.116.135	32	RT	None	2021-06-18 00:00:00	2021-09-17 00:00:00	None	SQL injection - 6HR Web Attacks (IP=135,US) | updated by RR Block expiration extended with reason SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt - Web Attacks (IP=135,US)
165.227.118.255	32	BMP	None	2021-06-03 00:00:00	2021-09-04 00:00:00	None	HTTP Request Brute Force Attack - 6hr Failed Logons (IP=255,US) | updated by KD Block expiration extended with reason HTTP: Firefuzzer SQL Injection Scanning II - Web Attacks (IP=255,US) HTTP: Firefuzzer SQL Injection Scanning II - Web Attacks (IP=255,
165.227.118.255	32	KD	None	2021-06-03 00:00:00	2021-09-04 00:00:00	None	HTTP Request Brute Force Attack - 6hr Failed Logons (IP=255,US) | updated by KD Block expiration extended with reason HTTP: Firefuzzer SQL Injection Scanning II - Web Attacks (IP=255,US) HTTP: Firefuzzer SQL Injection Scanning II - Web Attacks (IP=255,
165.227.118.255	32	BMP	None	2021-06-03 00:00:00	2021-09-01 00:00:00	None	HTTP Request Brute Force Attack - 6hr Failed Logons (IP=255,US)
165.227.118.255	32	KD	None	2021-06-03 00:00:00	2021-09-04 00:00:00	None	HTTP: Firefuzzer SQL Injection Scanning II - Web Attacks (IP=255,US)
165.227.12.111	32	NAB	None	2021-01-07 00:00:00	2021-04-07 00:00:00	None	HIVE Case #NA FP Security (IP=111,US)
165.227.120.193	32	CR	None	2021-05-05 00:00:00	2021-08-05 00:00:00	None	SQL injection - Web Attacks Report (IP=193,US)
165.227.123.141	32	DT	None	2021-03-03 00:00:00	2021-06-02 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=141,US)
165.227.130.195	32	RW	None	2020-10-18 00:00:00	2021-01-18 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - IR# 21C00142 (IP=195,US)
165.227.134.246	24	DT	None	2021-03-14 00:00:00	2021-06-14 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=246,DE)
165.227.137.91	24	KD	None	2021-06-11 00:00:00	2021-09-10 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=91,DE)
165.227.147.161	32	wmp	None	2021-05-05 00:00:00	2021-08-05 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=161,DE)
165.227.147.197	32	wmp	None	2021-05-06 00:00:00	2021-08-06 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=197,DE)
165.227.150.88	24	RW	None	2021-05-15 00:00:00	2021-08-13 00:00:00	None	SQL injection - Web Attacks (IP=88,DE)
165.227.152.76	24	EE	None	2021-03-22 00:00:00	2021-06-20 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attack(IP=76,DE)
165.227.154.207	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	HIVE Case #Firepower Firepower (IP=207,DE)
165.227.154.207	24	KD	None	2021-06-02 00:00:00	2021-08-31 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt- Web Attacks (IP=207,DE)
165.227.155.93	24	RR	None	2021-03-29 00:00:00	2021-06-27 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt -SourceFire (IP=93,DE)
165.227.156.155	32	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	DE TO-S-2020-0315 Malicious Email Activity
165.227.156.227	24	RB	None	2021-03-09 00:00:00	2021-06-07 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=227,DE)
165.227.160.174	32	FT	None	2020-10-09 00:00:00	2021-01-09 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 21C00070 (IP=174,US)
165.227.160.174	32	FT	None	2020-10-09 00:00:00	2021-01-09 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 21C00070 (IP=174,US)
165.227.160.174	32	FT	None	2020-10-09 00:00:00	2021-01-09 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 21C00070 (IP=174,US)
165.227.160.69	32	RR	None	2021-09-23 00:00:00	2021-12-22 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - TT# 21C01937(IP=69,US)
165.227.162.35	32	DT	None	2020-10-08 00:00:00	2021-01-08 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - IR # 21C00065 (IP=12,US)
165.227.163.158	24	RW	None	2021-05-15 00:00:00	2021-08-13 00:00:00	None	SQL injection - Web Attacks (IP=158,DE)
165.227.164.54	32	RW	None	2020-10-17 00:00:00	2021-01-17 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 21C00139 (IP=54,US)
165.227.166.12	24	CR	None	2021-05-04 00:00:00	2021-08-03 00:00:00	None	SQL injection - 6hr Web Attacks (IP=12,DE)
165.227.168.44	32	wmp	None	2021-05-07 00:00:00	2021-08-07 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=44,DE)
165.227.170.39	24	GM	None	2021-03-29 00:00:00	2021-06-29 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=39,DE)
165.227.171.3	24	CR	None	2021-05-04 00:00:00	2021-08-03 00:00:00	None	SQL injection - 6hr Web Attacks (IP=3,DE)
165.227.174.155	24	BMP	None	2021-05-14 00:00:00	2021-08-12 00:00:00	None	SQL injection - 6hr Web Attacks (IP=155,DE)
165.227.175.60	24	RW	None	2021-05-15 00:00:00	2021-08-13 00:00:00	None	SQL injection - Web Attacks (IP=60,DE)
165.227.177.255	32	RR	None	2021-02-26 00:00:00	2021-05-27 00:00:00	None	SERVER-WEBAPP Citrix ADC and Gateway information disclosure attempt - Web Attacks (IP=255,US)
165.227.182.180	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	US TO-S-2020-0493 Malware Activity
165.227.187.211	32	RR	None	2021-02-26 00:00:00	2021-05-27 00:00:00	None	HTTP: Apache mod_cgi Bash Environment Variable Code Injection - Web Attacks (IP=211,US)
165.227.2.117	32	NAB	None	2020-10-30 00:00:00	2021-11-19 00:00:00	None	HIVE Case #4238 COLS-NA-TIP-20-0344 (IP=117,US) | updated by dbc Block expiration extended with reason US TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
165.227.2.122	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	US TO-S-2020-0493 Malware Activity
165.227.206.207	32	KD	None	2021-05-28 00:00:00	2021-08-27 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=207,US)
165.227.209.165	32	RR	None	2021-03-08 00:00:00	2021-06-06 00:00:00	None	SERVER-WEBAPP Java XML deserialization remote code execution attempt - SourceFire (IP=165,US)
165.227.209.235	32	DT	None	2021-03-13 00:00:00	2021-06-13 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=235,US)
165.227.210.74	24	EE	None	2021-04-15 00:00:00	2021-07-14 00:00:00	None	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - TT# 21C01014 (IP=74,FR)
165.227.217.123	32	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	US TO-S-2020-0315 Malicious Web Application Activity
165.227.218.70	32	BMP	None	2021-07-04 00:00:00	2021-10-02 00:00:00	None	Adobe ColdFusion Administrator Access Restriction - 6hr Web Attacks (IP=70,US)
165.227.218.84	32	KH	None	2021-08-19 00:00:00	2021-11-17 00:00:00	None	FE_Webshell_PHP_Generic_1 - Hive Case 5927 (IP=84,US)
165.227.226.87	24	RT	None	2021-05-27 00:00:00	2021-08-25 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire Report (IP=87,UK)
165.227.230.141	24	ZH	None	2021-07-05 00:00:00	2021-10-03 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire Rpt (IP=141,GB)
165.227.236.224	32	wmp	None	2021-06-15 00:00:00	2021-09-15 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=224,GB)
165.227.239.66	32	srm	None	2021-04-28 00:00:00	2021-07-27 00:00:00	None	Firepower Suspicious Scan Activity (IP=66,GB)
165.227.28.146	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	US TO-S-2020-0493 Malware Activity
165.227.29.82	32	BMP	None	2021-04-10 00:00:00	2021-07-10 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=82,US)
165.227.39.180	24	RR	None	2021-05-06 00:00:00	2021-08-04 00:00:00	None	SQL injection - Web Attacks (IP=180,CA)
165.227.40.225	24	RB	None	2021-01-09 00:00:00	2021-04-11 00:00:00	None	Suspicious Scan Activity - Hive Case #4744 (IP=225,CA) | updated by BMP Block expiration extended with reason Backdoor.TROCHILUS - Hive Case 4744 (IP=225,CA)
165.227.5.116	32	BMP	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=116,US)
165.227.50.227	32	RW	None	2021-03-10 00:00:00	2021-06-30 00:00:00	None	Nuclei Vulnerability Scanner - Fireeye IPS (IP=227,US) | updated by BMP Block expiration extended with reason OS-OTHER Bash CGI environment variable injection attempt - 6hr Web Attacks (IP=227,US)
165.227.52.1	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	US TO-S-2020-0331 Malicious Email Activity
165.227.53.137	32	RW	None	2021-03-10 00:00:00	2021-06-10 00:00:00	None	Nuclei Vulnerability Scanner - Fireeye IPS (IP=137,US)
165.227.57.45	32	BMP	None	2021-03-13 00:00:00	2021-06-13 00:00:00	None	SERVER-WEBAPP JBoss JMX console access attempt - 6hr Web Attacks (IP=45,US)
165.227.59.148	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	US TO-S-2020-0298 Malicious Email Activity
165.227.62.245	32	RW	None	2021-03-10 00:00:00	2021-06-10 00:00:00	None	Nuclei Vulnerability Scanner - Fireeye IPS (IP=245,US)
165.227.64.148	32	CR	None	2021-06-08 00:00:00	2021-09-07 00:00:00	None	Telerik UI CVE-2017-9248 Information Disclosure - FE IPS Events (IP=148,US)
165.227.64.201	32	GM	None	2021-03-29 00:00:00	2021-06-29 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=201,US)
165.227.69.40	32	RR	None	2021-06-13 00:00:00	2021-09-11 00:00:00	None	SQL injection - Web Attacks (IP=40,US)
165.227.71.180	32	BMP	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=180,US)
165.227.73.184	32	EE	None	2021-01-20 00:00:00	2021-04-21 00:00:00	None	HTTP: PHP Unit Remote Code Execution Vulnerability (CVE-2017-9841) - 6 HR Web Attack (IP=184,US)
165.227.74.213	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=213,US)
165.227.75.33	32	DT	None	2021-03-30 00:00:00	2021-06-28 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=33,US)
165.227.77.45	32	BMP	None	2021-05-05 00:00:00	2021-08-03 00:00:00	None	SQL use of concat function with select - likely SQL injection - 6hr Web Attacks (IP=45,US)
165.227.8.118	32	RB	None	2021-04-01 00:00:00	2021-08-10 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Sourcefire (IP=118,US) | updated by RB Block expiration extended with reason HTTP: PHPUnit Remote Code Execution Vulnerability - 6hr web attacks (IP=118,US)
165.227.80.40	32	RW	None	2021-01-21 00:00:00	2021-04-21 00:00:00	None	Self Report/Suspicious Errors - TT# 21C00420 (IP=40,US)
165.227.82.153	32	RT	None	2021-06-10 00:00:00	2021-09-08 00:00:00	None	SQL injection - 6 HR WebAttack (IP=153,US)
165.227.83.68	32	EE	None	2021-03-27 00:00:00	2021-06-25 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=68,US)
165.227.93.108	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	US TO-S-2020-0331 Malicious Email Activity
165.227.95.121	32	GM	None	2020-10-08 00:00:00	2021-01-08 00:00:00	None	SSLv2 Client Hello Request Detected - FE CMS/IPS alerts (IP=121,US)
165.227.96.20	32	RR	None	2021-05-13 00:00:00	2021-08-11 00:00:00	None	SQL injection - Web Attacks (IP=20,US)
165.227.97.21	32	RB	None	2021-03-30 00:00:00	2021-06-28 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Sourcefire (IP=21,US)
165.227.97.42	32	RR	None	2021-06-13 00:00:00	2021-09-11 00:00:00	None	SQL injection - Web Attacks (IP=42,US)
165.228.172.84	24	DT	None	2020-12-23 00:00:00	2021-03-23 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - Web Attacks (IP=84,AU)
165.232.105.154	24	RB	None	2021-04-07 00:00:00	2021-07-06 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Sourcefire (IP=154,GB)
165.232.105.154	32	EE	None	2021-04-06 00:00:00	2021-07-05 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attack (IP=154,US)
165.232.128.10	32	GM	None	2021-02-15 00:00:00	2021-05-15 00:00:00	None	SERVER-WEBAPP Symantec Messaging Gateway KavaChart Component directory traversal attempt - Sourcefire (IP=10,US)
165.232.128.18	32	BMP	None	2021-02-16 00:00:00	2021-05-15 00:00:00	None	HTTP: Apache mod_cgi Bash Environment Variable Code Injection - 6hr Web Attacks (IP=18,US)
165.232.128.201	32	BMP	None	2021-02-16 00:00:00	2021-05-15 00:00:00	None	OS-OTHER Bash CGI environment variable injection attempt - 6hr Web Attacks (IP=201,US)
165.232.128.201	24	RW	None	2021-02-16 00:00:00	2021-05-16 00:00:00	None	HTTP: SQL Injection - Exploit II - Web Attacks (IP=201,US)
165.232.128.246	32	GM	None	2021-02-15 00:00:00	2021-05-15 00:00:00	None	SERVER-WEBAPP JBoss JMXInvokerServlet access attempt - Sourcefire (IP=246,US)
165.232.132.39	24	BMP	None	2021-02-17 00:00:00	2021-05-16 00:00:00	None	SERVER-APACHE Apache Tomcat remote JSP file upload attempt (1:44531:3) - SourceFire (IP=39,US)
165.232.133.223	32	RW	None	2021-03-31 00:00:00	2021-06-30 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability - 6hr web attacks (IP=223,US)
165.232.134.123	32	BMP	None	2021-03-08 00:00:00	2021-06-08 00:00:00	None	HTTP: Apache mod_cgi Bash Environment Variable Code Injection - 6hr Web Attacks (IP=123,US)
165.232.134.134	32	BMP	None	2021-03-08 00:00:00	2021-06-22 00:00:00	None	HTTP: SQL Injection - Exploit II - 6hr Web Attacks (IP=134,US) | updated by RB Block expiration extended with reason HTTP: SQL Injection - Exploit II - 6hr web attack (IP=134,US)
165.232.136.206	24	BMP	None	2021-02-17 00:00:00	2021-05-16 00:00:00	None	SQL generic sql with comments injection attempt - GET parameter (1:16431:6) - SourceFire (IP=206,US)
165.232.136.24	32	SW	None	2021-09-17 00:00:00	2021-12-16 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - WebAttacks (IP=24, US)
165.232.139.103	32	RW	None	2021-03-10 00:00:00	2021-06-10 00:00:00	None	SERVER-WEBAPP JBoss JMXInvokerServlet access attempt - Sourcefire (IP=103,US)
165.232.141.77	32	RW	None	2021-03-10 00:00:00	2021-06-10 00:00:00	None	SERVER-WEBAPP JBoss web console access attempt - Sourcefire (IP=77,US)
165.232.149.13	32	RW	None	2021-03-10 00:00:00	2021-06-10 00:00:00	None	SERVER-WEBAPP JBoss JMXInvokerServlet access attempt - Sourcefire (IP=13,US)
165.232.149.154	32	BMP	None	2021-03-10 00:00:00	2021-06-10 00:00:00	None	POLICY-OTHER Adobe ColdFusion admin interface access attempt - 6hr Web Attacks (IP=154,US)
165.232.149.157	32	BMP	None	2021-03-10 00:00:00	2021-06-10 00:00:00	None	HTTP: SQL Injection - Exploit II - 6hr Web Attacks (IP=157,US)
165.232.150.53	32	RW	None	2021-03-10 00:00:00	2021-06-10 00:00:00	None	SERVER-WEBAPP Oracle Business Intelligence directory traversal attempt - Sourcefire (IP=53,US)
165.232.151.226	32	RW	None	2021-03-10 00:00:00	2021-06-10 00:00:00	None	SQL injection - 6hr web attacks (IP=226,US)
165.232.155.47	24	BMP	None	2021-03-10 00:00:00	2021-06-10 00:00:00	None	SERVER-WEBAPP Netgear ReadyNAS Surveillance upgrade_handle.php command injection attempt - Sourcefire (IP=47,US)
165.232.157.240	32	RW	None	2021-03-10 00:00:00	2021-06-10 00:00:00	None	SERVER-WEBAPP Symantec Messaging Gateway KavaChart Component directory traversal attempt - Sourcefire (IP=240,US)
165.232.157.247	32	DT	None	2021-03-30 00:00:00	2021-06-28 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=247,US)
165.232.162.146	32	BMP	None	2021-05-03 00:00:00	2021-08-01 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - SourceFire (IP=146,US)
165.232.164.104	32	RB	None	2021-04-26 00:00:00	2021-07-26 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - 6hr web attacks (IP=104,US) | updated by BMP Block expiration extended with reason SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=104,US)
165.232.164.84	32	BMP	None	2021-05-03 00:00:00	2021-08-01 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - SourceFire (IP=84,US)
165.232.166.65	24	RB	None	2021-04-26 00:00:00	2021-07-25 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=65,SG)
165.232.170.13	32	BMP	None	2021-04-02 00:00:00	2021-07-01 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=13,US)
165.232.171.237	32	BMP	None	2021-04-18 00:00:00	2021-07-18 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=US,237)
165.232.172.93	24	RW	None	2021-05-02 00:00:00	2021-08-02 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=93,SG)
165.232.174.170	32	CR	None	2021-05-05 00:00:00	2021-08-05 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - FirePower report (IP=170,US)
165.232.181.126	24	RR	None	2021-07-02 00:00:00	2021-09-30 00:00:00	None	SERVER-WEBAPP Oracle-BI convert servlet XML external entity injection attempt - SourceFire (IP=126,US)
165.232.186.254	32	BMP	None	2021-03-30 00:00:00	2021-06-28 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=254,US)
165.232.188.134	24	BB	None	2021-07-05 00:00:00	2021-10-03 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - SourceFire (IP=134,VN)
165.232.188.74	32	BMP	None	2021-03-27 00:00:00	2021-06-25 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=74,US)
165.232.46.18	32	RB	None	2021-03-29 00:00:00	2021-06-27 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=18,US)
165.232.54.188	24	RW	None	2020-11-09 00:00:00	2021-02-09 00:00:00	None	POLICY-OTHER Adobe ColdFusion admin interface access attempt - 6hr web attacks (IP=188,HK)
165.232.58.94	32	RB	None	2021-03-29 00:00:00	2021-06-27 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr web attacks (IP=94,US)
165.232.61.31	32	RB	None	2021-04-01 00:00:00	2021-06-30 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability - 6hr web attacks (IP=31,US)
165.232.75.228	24	GM	None	2021-03-29 00:00:00	2021-06-29 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=228,DE)
165.255.105.231	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	ZA TO-S-2020-0331 Malicious Web Application Activity
165.255.130.113	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	US TO-S-2020-0303 Malicious Email Activity
165.255.40.205	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	ZA TO-S-2020-0298 Malicious Email Activity
165.255.55.85	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	ZA Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
165.3.94.15	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	ZA TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
165.73.60.72	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	ZA Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
165.98.224.0	24	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	NI TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
166.137.147.192	32	UA	None	2021-06-22 00:00:00	2021-09-22 00:00:00	None	SERVER-OTHER Cisco IOS invalid IKE fragment length memory corruption or exhaustion attempt (IP=192,US)
166.137.83.17	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=17,US)
166.137.83.49	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=49,US)
166.167.34.116	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=116,US)
166.170.59.221	32	WR	None	2021-06-26 00:00:00	2021-09-24 00:00:00	None	SERVER-OTHER Cisco IOS invalid IKE fragment length memory corruption or exhaustion attempt (3:37675:4) - SourceFire (IP=221,US)
166.205.190.100	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=100,US)
166.205.190.37	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=37,US)
166.216.159.94	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=94,US)
166.246.131.160	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=160,US)
166.253.233.208	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=208,US)
166.62.10.142	32	dcg	None	2018-05-01 05:00:00	2021-01-28 00:00:00	None	US TO-S-2018-0708 DNS Cache Poisoning/IP Block | updated by NAB Block was inactive. Reactivated on 20201030 with reason HIVE Case #4238 COLS-NA-TIP-20-0344 (IP=142,US)
166.62.10.144	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	RU TO-S-2021-1007 Malicious Email Activity
166.62.10.188	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
166.62.10.227	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=227,US)
166.62.10.54	32	dbc	None	2020-06-10 00:00:00	2021-06-10 00:00:00	None	Unaffiliated TO-S-2020-0601 Malicious Email Activity
166.62.107.20	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
166.62.108.196	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=196,US)
166.62.110.72	32	dbc	None	2020-09-29 00:00:00	2021-09-28 00:00:00	None	US TO-S-2020-0838 Malicious Email Activity | Unblocked IP due to it having 500+ DNS entries associated with it.
166.62.112.107	32	dbc	None	2021-01-28 00:00:00	2021-06-23 00:00:00	None	US TO-S-2021-1050 Hive Case 4821 Malicious Email Activity| Unblocked-IP is hosting 1900+ sites and the overall risk is low and we have other mitigations
166.62.112.150	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=150,US)
166.62.112.199	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	US TO-S-2020-0331 Malicious Email Activity
166.62.113.175	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=175,US)
166.62.26.43	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	US TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
166.62.26.45	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	US TO-S-2020-0698 Malicious Email Activity
166.62.27.183	32	NAB	None	2021-01-07 00:00:00	2021-04-07 00:00:00	None	HIVE Case #NA FP Security (IP=183,US)
166.62.27.185	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
166.62.27.60	32	NAB	None	2020-10-30 00:00:00	2021-01-28 00:00:00	None	HIVE Case #4238 COLS-NA-TIP-20-0344 (IP=60,US)
166.62.28.102	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	SG TO-S-2021-1007 Malicious Email Activity
166.62.28.120	32	kmw	None	2020-01-02 00:00:00	2021-01-02 00:00:00	None	SG TO-S-2020-0228 Malicious Email Activity
166.62.28.80	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	US TO-S-2020-0535 Malicious Email Activity
166.62.28.87	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	US Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
166.62.28.89	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
166.62.36.222	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	US TO-S-2020-0493 Malware Activity
166.62.39.153	32	RR	None	2019-07-01 00:00:00	2021-04-23 00:00:00	None	HTTP: Blind SQL Injection - Timing - 6 hr Web Attacks (IP=153,US) | updated by dbc Block was inactive. Reactivated on 20200423 with reason US TO-S-2020-0459 Malware Activity
166.62.41.179	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
166.62.42.238	32	RW	None	2020-05-14 00:00:00	2021-12-18 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 20C02785 (IP=238,US) | updated by dbc Block was inactive. Reactivated on 20201218 with reason US TO-S-2021-1007 Malware Activity
166.62.44.17	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	US TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
166.62.6.65	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	US TO-S-2020-0331 Malicious Email Activity
166.62.72.193	32	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	US TO-S-2020-0315 Malicious Web Application Activity
166.62.74.128	32	dbc	None	2020-03-24 00:00:00	2021-03-24 00:00:00	None	US TO-S-2020-0369 Malicious Email Activity
166.62.77.160	32	dbc	None	2020-09-01 00:00:00	2021-09-01 00:00:00	None	US HIVE Case #3744 TO-S-2020-0772 Malicious Email Activity
166.62.77.161	32	dbc	None	2020-09-01 00:00:00	2021-09-01 00:00:00	None	US HIVE Case #3744 TO-S-2020-0772 Malicious Email Activity
166.62.80.109	32	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	US TO-S-2020-0838 Malicious Email Activity
166.62.80.57	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=57,US)
166.62.85.25	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
166.62.92.45	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	US TO-S-2020-0750 Malicious Email Activity
166.62.92.48	32	dbc	None	2020-09-17 00:00:00	2021-09-17 00:00:00	None	US TO-S-2020-0805 Malicious Email Activity
166.88.19.120	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	US TO-S-2020-0750 Malicious Email Activity
167.114.12.243	32	jkc	None	2020-06-26 00:00:00	2021-06-26 00:00:00	None	Case # 3146 - IOC_ CTO 20-172 malicious callback IP (ip=243,CA)
167.114.158.180	32	BMP	None	2020-12-13 00:00:00	2021-03-13 00:00:00	None	Unauthorized Access-Probe / UDP: Host Sweep - TT# 21C00285 (IP=180,NL)
167.114.161.117	32	RW	None	2019-10-30 00:00:00	2021-05-07 00:00:00	None	HTTP: Joomla HTTP Header Unauthenticated Remote Code Execution - TT# 20C00739 (IP=117,US) | updated by dbc Block was inactive. Reactivated on 20200507 with reason CA TO-S-2020-0493 Malware Activity
167.114.163.236	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=236,CA)
167.114.169.17	32	GM	None	2020-03-05 00:00:00	2021-10-29 00:00:00	None	Known Attack Tool User Agent/TTP: Masscan Scanner Traffic Detected - TT# 20C01981 (IP=17,US) | updated by dbc Block was inactive. Reactivated on 20201029 with reason CA Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
167.114.173.2	32	BMP	None	2020-12-22 00:00:00	2021-03-22 00:00:00	None	Unauthorized Access-Probe/UDP: Host Sweep - TT #21C00369 (IP=2,CA)
167.114.173.23	32	BMP	None	2020-12-22 00:00:00	2021-03-22 00:00:00	None	Unauthorized Access-Probe/UDP: Host Sweep - TT #21C00368 (IP=23,CA)
167.114.179.225	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	CA TO-S-2021-1007 Malware Activity
167.114.190.47	32	dbc	None	2020-03-24 00:00:00	2021-03-24 00:00:00	None	CA TO-S-2020-0369 Malicious Email Activity
167.114.213.199	19	CJC	None	2020-12-13 00:00:00	2021-12-13 00:00:00	None	Hive Case # 4481 - FireEye Blog IP related to SunBurst Backdoor (IP=199,CA)
167.114.234.52	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	FR TO-S-2020-0459 Malware Activity
167.131.109.105	32	RWB	None	2019-10-24 00:00:00	2021-12-06 00:00:00	None	FTPP_FTP_RESPONSE_LENGTH_OVERFLOW - sourcefire (IP=105,US) | updated by UA Block was inactive. Reactivated on 20210907 with reason FTPP_FTP_RESPONSE_LENGTH_OVERFLOW (125:6:2) - Sourcefire (IP=105,US)
167.160.184.54	32	BMP	None	2020-12-15 00:00:00	2021-03-15 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=54,US)
167.172.100.153	32	CR	None	2021-05-04 00:00:00	2021-08-03 00:00:00	None	SQL injection - 6hr Web Attacks (IP=153,US)
167.172.100.246	24	RB	None	2021-05-16 00:00:00	2021-08-14 00:00:00	None	Hive Case #5415 (IP=246,DE)
167.172.100.62	32	CR	None	2021-05-04 00:00:00	2021-08-03 00:00:00	None	SQL injection - 6hr Web Attacks (IP=62,US)
167.172.101.50	24	RR	None	2021-05-01 00:00:00	2021-07-30 00:00:00	None	SERVER-WEBAPP NUUO NVRmini upgrade_handle.php command injection attempt - SourceFire (IP=50,DE)
167.172.102.12	24	RB	None	2021-05-01 00:00:00	2021-07-30 00:00:00	None	SQL injection - 6hr web attacks (IP=12,DE)
167.172.104.52	32	dbc	None	2020-06-10 00:00:00	2021-06-10 00:00:00	None	US TO-S-2020-0601 Malicious Reconnaissance Activity
167.172.106.244	32	RR	None	2021-05-01 00:00:00	2021-07-30 00:00:00	None	OS-OTHER Bash CGI environment variable injection attempt - SourceFire (IP=244,US)
167.172.108.149	24	CR	None	2021-05-04 00:00:00	2021-08-03 00:00:00	None	Webshell.Binary.php.FEC2 (IP=149,DE)
167.172.109.126	32	RB	None	2021-05-03 00:00:00	2021-08-01 00:00:00	None	SQL injection - 6hr failed logons (IP=126 US)
167.172.109.187	24	RB	None	2021-05-07 00:00:00	2021-08-05 00:00:00	None	SQL injection - 6hr web attack (IP=187,DE)
167.172.109.44	32	CR	None	2021-05-06 00:00:00	2021-08-06 00:00:00	None	SQL injection (IP=44,US)
167.172.110.145	32	CR	None	2021-05-06 00:00:00	2021-08-06 00:00:00	None	SQL injection (IP=145,US)
167.172.110.54	24	CR	None	2021-05-06 00:00:00	2021-08-06 00:00:00	None	SQL 1 = 1 - possible sql injection attempt - Sourcefire (IP=54,DE)
167.172.111.158	24	RB	None	2021-05-03 00:00:00	2021-08-01 00:00:00	None	SQL injection - 6hr failed logons (IP=158 DE)
167.172.119.181	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	US TO-S-2020-0331 Malicious Email Activity
167.172.121.225	32	dbc	None	2020-08-26 00:00:00	2021-08-26 00:00:00	None	US TO-S-2020-0758 Malicious Email Activity
167.172.127.195	32	RB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr web attacks (IP=195,US)
167.172.128.75	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	US TO-S-2020-0698 Malicious Email Activity
167.172.131.171	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	US TO-S-2020-0493 Malware Activity
167.172.132.5	32	RW	None	2021-03-31 00:00:00	2021-06-30 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=5,US)
167.172.133.249	32	AR	None	2021-07-10 00:00:00	2021-10-08 00:00:00	None	SERVER-WEBAPP D-Link hedwig.cgi directory traversal attempt (1:44454:2) - SourceFire (IP=249,US)
167.172.138.155	32	EE	None	2021-04-19 00:00:00	2021-07-18 00:00:00	None	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - TT# 21C01045 (IP=155,US)
167.172.139.65	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	US TO-S-2020-0493 Malware Activity
167.172.141.237	32	RB	None	2021-03-30 00:00:00	2021-06-28 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr web attacks (IP=237,US)
167.172.143.127	32	BMP	None	2021-03-30 00:00:00	2021-06-28 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - 6hr Web Attacks (IP=127,US)
167.172.146.51	32	EE	None	2021-04-04 00:00:00	2021-07-03 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - Sourcefire (IP=51,US)
167.172.151.196	32	BMP	None	2021-03-13 00:00:00	2021-06-13 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=196,US)
167.172.151.216	32	RW	None	2021-08-10 00:00:00	2021-11-08 00:00:00	None	File /etc/passwd Access Attempt Detect - FE IPS (IP=216,US)
167.172.156.13	32	FT	None	2021-04-24 00:00:00	2021-08-14 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - 6hr web attacks (IP=13,US) | updated by RW Block expiration extended with reason HTTP: ThinkPHP CMS Getshell Vulnerability - web attacks (IP=13,US)
167.172.158.81	32	RR	None	2021-04-07 00:00:00	2021-07-06 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=81,US)
167.172.161.72	24	BMP	None	2021-06-26 00:00:00	2021-09-24 00:00:00	None	Malware Callback Detected - Hive Case 5606 (IP=72,DE)
167.172.165.191	24	RB	None	2021-05-02 00:00:00	2021-07-31 00:00:00	None	SQL injection - 6hr web attacks (IP=191,DE)
167.172.171.213	24	CR	None	2021-04-30 00:00:00	2021-07-30 00:00:00	None	Webshell.Binary.php.FEC2 (IP=213,DE)
167.172.175.37	24	RB	None	2021-03-24 00:00:00	2021-06-22 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - 6hr web attacks (IP=37 DE)
167.172.176.226	32	wmp	None	2021-05-11 00:00:00	2021-08-11 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=226,DE)
167.172.176.53	32	CR	None	2021-05-05 00:00:00	2021-08-05 00:00:00	None	HTTP: SQL Injection - Exploit - 6 hr Web Attacks (IP=53,US)
167.172.177.168	24	GM	None	2021-03-29 00:00:00	2021-06-29 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=168,DE)
167.172.178.141	24	RW	None	2021-05-01 00:00:00	2021-08-01 00:00:00	None	SQL injection - Web attacks (IP=141,DE)
167.172.179.56	32	CR	None	2021-05-04 00:00:00	2021-08-03 00:00:00	None	SQL injection - 6hr Web Attacks (IP=56,US)
167.172.180.136	24	RB	None	2021-05-09 00:00:00	2021-08-07 00:00:00	None	SQL injection - 6hr web attacks (IP=136,DE)
167.172.181.230	32	CR	None	2021-05-04 00:00:00	2021-08-03 00:00:00	None	SQL injection - 6hr Web Attacks (IP=230,US)
167.172.184.216	32	RB	None	2021-05-03 00:00:00	2021-08-01 00:00:00	None	SQL injection - 6hr failed logons (IP=216 US)
167.172.184.216	24	RB	None	2021-05-03 00:00:00	2021-08-01 00:00:00	None	POLICY-OTHER SAP NetWeaver AS LM Configuration Wizard access detected - Sourcefire (IP=216 DE)
167.172.185.180	32	CR	None	2021-05-04 00:00:00	2021-08-03 00:00:00	None	SQL injection - 6hr Web Attacks (IP=180,US)
167.172.187.135	24	CR	None	2021-04-30 00:00:00	2021-07-30 00:00:00	None	HTTP SQL injection_Web Attack Report (IP=135,DE)
167.172.188.21	24	EE	None	2021-03-27 00:00:00	2021-06-25 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=21,DE)
167.172.189.108	32	CR	None	2021-05-04 00:00:00	2021-08-03 00:00:00	None	SQL injection - 6hr Web Attacks (IP=108,US)
167.172.189.223	32	CR	None	2021-05-04 00:00:00	2021-08-03 00:00:00	None	SQL injection - 6hr Web Attacks (IP=223,US)
167.172.191.140	32	CR	None	2021-05-04 00:00:00	2021-08-03 00:00:00	None	SQL injection - 6hr Web Attacks (IP=140,US)
167.172.197.19	32	EE	None	2021-04-12 00:00:00	2021-07-11 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attack (IP=19,US)
167.172.20.59	32	RR	None	2021-03-08 00:00:00	2021-06-06 00:00:00	None	SERVER-WEBAPP Apache Struts remote code execution attempt - SourceFire (IP=59,US)
167.172.219.157	32	RW	None	2020-10-03 00:00:00	2021-08-09 00:00:00	None	Authentication Failed - 6hr Failed Logon (IP=157,US) | updated by RR Block was inactive. Reactivated on 20210511 with reason FTP Login Failed - Failed Logons (IP=157,US)
167.172.224.34	32	DT	None	2021-06-18 00:00:00	2021-09-16 00:00:00	None	SQL injection - Web Attacks (IP=34,US)
167.172.228.110	32	DT	None	2021-06-18 00:00:00	2021-09-17 00:00:00	None	OS-OTHER Bash CGI environment variable injection attempt (1:31978:5) - Source Fire (IP=110,US) | updated by RR Block expiration extended with reason SERVER-WEBAPP vBulletin template rendering arbitrary PHP code execution attempt - SourceFire (IP=110,US)
167.172.228.82	32	BMP	None	2021-06-18 00:00:00	2021-09-16 00:00:00	None	SERVER-WEBAPP JBoss web console access attempt - 6hr Web Attacks (IP=82,US)
167.172.23.126	32	UA	None	2021-08-05 00:00:00	2021-11-03 00:00:00	None	HTTP: SQL Injection - Exploit - 6hr Web Attacks (IP=126,US)
167.172.233.83	32	RW	None	2021-03-31 00:00:00	2021-06-30 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Sourcefire (IP=83,US)
167.172.236.173	32	UA	None	2021-08-05 00:00:00	2021-11-03 00:00:00	None	HTTP SQL Injection Attempt - 6hr Web Attacks (IP=173,US)
167.172.237.17	32	UA	None	2021-08-05 00:00:00	2021-11-03 00:00:00	None	HTTP SQL Injection Attempt - 6hr Web Attacks (IP=17,US)
167.172.239.155	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	US TO-S-2020-0493 Malware Activity
167.172.239.230	32	RW	None	2021-06-01 00:00:00	2021-08-30 00:00:00	None	HTTP SQL Injection Attempt - Web Attacks (IP=230,US)
167.172.241.206	32	BMP	None	2020-12-31 00:00:00	2021-03-31 00:00:00	None	POLICY-OTHER SAP NetWeaver AS LM Configuration Wizard access detected - SourceFire (IP=206,US)
167.172.242.226	32	RR	None	2021-08-18 00:00:00	2021-11-23 00:00:00	None	HTTP Request Brute Force Attack - Failed Logons (IP=226,US) | updated by DT Block expiration extended with reason Pulse Secure SSL VPN CVE-2019-11510 File Disclosure - IPS Events (IP=226,US)
167.172.244.153	32	DT	None	2021-06-18 00:00:00	2021-09-16 00:00:00	None	SERVER-WEBAPP Atlassian Jira makeRequest server side request forgery attempt (1:52406:1) - Source Fire (IP=153,US)
167.172.245.220	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	US TO-S-2020-0493 Malware Activity
167.172.245.242	32	EE	None	2021-04-08 00:00:00	2021-07-07 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attack (IP=242,US)
167.172.246.182	32	wmp	None	2021-01-29 00:00:00	2021-04-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=182,US)
167.172.248.64	32	BMP	None	2021-06-18 00:00:00	2021-09-16 00:00:00	None	SERVER-WEBAPP JBoss JMX console access attempt (1:21516:9) - SourceFire (IP=64,US)
167.172.248.80	32	RW	None	2021-05-31 00:00:00	2021-08-29 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6 hr Failed Logon (IP=80,US)
167.172.26.69	32	DT	None	2021-06-18 00:00:00	2021-09-16 00:00:00	None	SQL injection - Web Attacks (IP=69,US)
167.172.27.229	32	BMP	None	2021-06-18 00:00:00	2021-09-16 00:00:00	None	SERVER-ORACLE Oracle iPlanet Web Server unauthenticated information disclosure attempt (1:54214:1) - SourceFire (IP=229,US)
167.172.31.21	32	BMP	None	2021-06-18 00:00:00	2021-09-16 00:00:00	None	SERVER-WEBAPP NUUO NVRmini upgrade_handle.php command injection attempt - 6hr Web Attacks (IP=21,US)
167.172.34.203	24	ZH	None	2021-07-05 00:00:00	2021-10-03 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire Rpt (IP=203,NL)
167.172.35.175	24	RT	None	2021-05-27 00:00:00	2021-08-25 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire Report (IP=175,NL)
167.172.39.20	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	NL TO-S-2020-0298 Malware Activity
167.172.39.22	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	NL TO-S-2020-0298 Malware Activity
167.172.42.18	32	EE	None	2021-01-08 00:00:00	2021-04-08 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire (IP=18,US)
167.172.44.254	24	RT	None	2021-05-27 00:00:00	2021-08-25 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire Report (IP=254,NL)
167.172.46.71	24	BMP	None	2020-06-29 00:00:00	2021-09-29 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=71,NL)
167.172.48.190	24	GM	None	2021-03-27 00:00:00	2021-09-24 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=190,GB) | updated by ZH Block was inactive. Reactivated on 20210626 with reason SERVER-WEBAPP PHPUnit PHP remote code execution attempt - 6hr Web Attacks (IP=190,GB)
167.172.54.168	24	BMP	None	2020-10-28 00:00:00	2021-01-26 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=168,GB)
167.172.8.174	32	dbc	None	2020-04-08 00:00:00	2021-04-08 00:00:00	None	US TO-S-2020-0419 Malicious Email Activity
167.172.96.167	24	RW	None	2021-05-01 00:00:00	2021-08-01 00:00:00	None	SQL injection - Web attacks (IP=167,DE)
167.172.97.73	24	RW	None	2021-05-01 00:00:00	2021-08-01 00:00:00	None	SQL injection - Web attacks (IP=73,DE)
167.172.98.78	32	CR	None	2021-05-04 00:00:00	2021-08-03 00:00:00	None	SQL injection - 6hr Web Attacks (IP=78,US)
167.179.116.158	24	BB	None	2021-08-01 00:00:00	2021-10-30 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - Web Attacks (IP=158,JP)
167.179.156.0	22	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5629 TO-S-2021-1303 (IP=0,AU)
167.179.67.168	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	JP TO-S-2020-0750 Malicious Email Activity
167.179.84.61	32	DT	None	2021-09-11 00:00:00	2021-12-10 00:00:00	None	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - TT# 21C01821
167.179.84.61	24	KH	None	2021-09-12 00:00:00	2021-12-11 00:00:00	None	Apache Struts 2 ConversionErrorInterceptor OGNL Script Injection - FE IPS (IP=61,JP)
167.21.43.82	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=82,US)
167.248.133.0	24	RR	None	2020-12-30 00:00:00	2021-04-01 00:00:00	None	scanning activity against our CDAP server - - TT# 21C00378 (IP=0,US)
167.248.133.38	32	CR	None	2020-12-29 00:00:00	2021-03-29 00:00:00	None	TO-S-2021-1032 / CobaltStrike C2 callout - TT# 21C00374 (IP=38,US)
167.249.100.0	22	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	BR TO-S-2020-0303 Malicious Email Activity
167.249.40.0	22	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	CO TO-S-2021-0989 Hive Case # 4493 Malware Activity
167.249.43.235	24	RW	None	2021-09-27 00:00:00	2021-12-26 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=235,CO)
167.249.64.0	22	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	BR TO-S-2020-0303 Malicious Email Activity
167.250.140.0	22	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	BR TO-S-2020-0298 Malicious Email Activity
167.250.192.0	22	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	CR TO-S-2020-0303 Malicious Email Activity
167.250.27.254	24	RT	None	2021-06-29 00:00:00	2021-09-27 00:00:00	None	SERVER-WEBAPP Kibana Console for Elasticsearch local file inclusion attempt (1:48815:3) - SourceFire Report (IP=254,BR)
167.250.5.0	24	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	AR TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
167.250.8.0	22	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	BR TO-S-2020-0331 Malicious Web Application Activity
167.57.146.99	24	RR	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=99,UR)
167.57.228.5	24	GM	None	2021-03-29 00:00:00	2021-06-29 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=5,UY)
167.58.92.1	24	GLM	None	2021-04-05 00:00:00	2021-07-04 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=1,UY)
167.60.153.225	24	BMP	None	2021-04-02 00:00:00	2021-07-01 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=225,UY)
167.71.101.129	32	RW	None	2021-05-17 00:00:00	2021-08-15 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=129,US)
167.71.102.228	32	RW	None	2021-04-02 00:00:00	2021-08-12 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=228,US) | updated by RB Block expiration extended with reason HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=228,US)
167.71.103.35	32	RR	None	2021-08-18 00:00:00	2021-11-16 00:00:00	None	SQL injection - Web Attacks (IP=35,US)
167.71.104.35	32	UA	None	2021-08-05 00:00:00	2021-11-03 00:00:00	None	POLICY-OTHER Adobe ColdFusion component browser access attempt - 6hr Web Attacks (IP=35,US)
167.71.106.145	32	RW	None	2021-05-17 00:00:00	2021-08-15 00:00:00	None	HTTP: SQL Injection - Exploit - Web Attacks (IP=145,US)
167.71.108.41	32	RW	None	2021-05-17 00:00:00	2021-08-15 00:00:00	None	HTTP: SQL Injection - Exploit - Web Attacks (IP=41,US)
167.71.109.71	32	BMP	None	2021-06-18 00:00:00	2021-09-16 00:00:00	None	SERVER-WEBAPP D-Link hedwig.cgi directory traversal attempt - 6hr Web Attacks (IP=71,US)
167.71.110.88	32	BMP	None	2021-06-18 00:00:00	2021-09-16 00:00:00	None	SQL injection - 6hr Web Attacks (IP=88,US)
167.71.111.16	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	US TO-S-2020-0493 Malware Activity
167.71.125.162	32	GLM	None	2021-04-05 00:00:00	2021-07-04 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=162,US)
167.71.130.155	32	wmp	None	2021-04-23 00:00:00	2021-07-23 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=155,GB)
167.71.130.56	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	GB TO-S-2020-0493 Malware Activity
167.71.134.251	24	EE	None	2021-04-06 00:00:00	2021-07-05 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) Web Attack (IP=251,GB)
167.71.150.107	32	FT	None	2021-03-30 00:00:00	2021-06-28 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=107,US)
167.71.152.130	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	US TO-S-2020-0298 Malware Activity
167.71.156.25	32	BMP	None	2021-03-30 00:00:00	2021-06-28 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=25,US)
167.71.16.139	32	CR	None	2021-06-24 00:00:00	2021-09-22 00:00:00	None	Command Injection_ABC report (IP=139,US)
167.71.16.190	32	CR	None	2021-06-24 00:00:00	2021-09-22 00:00:00	None	Command Injection_ABC report (IP=190,US)
167.71.16.79	32	CR	None	2021-06-24 00:00:00	2021-09-22 00:00:00	None	Command Injection_ABC report (IP=79,US)
167.71.160.204	32	BMP	None	2021-06-18 00:00:00	2021-09-16 00:00:00	None	Adobe ColdFusion Administrator Access Restriction - 6hr Web Attacks (IP=204,US)
167.71.161.128	32	RR	None	2021-06-13 00:00:00	2021-09-11 00:00:00	None	SQL injection - Web Attacks (IP=128,US)
167.71.161.179	32	RR	None	2021-06-13 00:00:00	2021-09-11 00:00:00	None	SQL injection - Web Attacks (IP=179,US)
167.71.161.250	32	KH	None	2021-06-28 00:00:00	2021-09-26 00:00:00	None	SQL injection - 6hr Web Attacks (IP=250,US)
167.71.163.131	32	KH	None	2021-06-28 00:00:00	2021-09-26 00:00:00	None	SQL injection - 6hr Web Attacks (IP=131,US)
167.71.166.139	32	RW	None	2021-05-17 00:00:00	2021-08-15 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=139,US)
167.71.169.20	32	RW	None	2021-03-10 00:00:00	2021-06-27 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=20,US) | updated by RB Block expiration extended with reason HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=20,US)
167.71.172.212	32	RW	None	2021-05-17 00:00:00	2021-08-15 00:00:00	None	SQL injection - Web Attacks (IP=212,US)
167.71.172.242	32	BMP	None	2021-06-18 00:00:00	2021-09-16 00:00:00	None	SQL injection - 6hr Web Attacks (IP=242,US)
167.71.173.248	32	RW	None	2021-05-17 00:00:00	2021-08-15 00:00:00	None	SQL injection - Web Attacks (IP=248,US)
167.71.173.64	32	RW	None	2021-05-17 00:00:00	2021-08-15 00:00:00	None	HTTP SQL Injection Attempt - Web Attacks (IP=64,US)
167.71.173.72	32	KH	None	2021-06-28 00:00:00	2021-09-26 00:00:00	None	SQL injection - 6hr Web Attacks (IP=72,US)
167.71.173.9	32	KH	None	2021-06-28 00:00:00	2021-09-26 00:00:00	None	SQL injection - 6hr Web Attacks (IP=9,US)
167.71.174.151	32	KH	None	2021-06-28 00:00:00	2021-09-26 00:00:00	None	SQL injection - 6hr Web Attacks (IP=151,US)
167.71.174.152	32	KH	None	2021-06-28 00:00:00	2021-09-26 00:00:00	None	SQL injection - 6hr Web Attacks (IP=152,US)
167.71.174.46	32	RR	None	2021-06-13 00:00:00	2021-09-11 00:00:00	None	SQL injection - Web Attacks (IP=46,US)
167.71.177.108	32	RW	None	2021-08-04 00:00:00	2021-11-02 00:00:00	None	External IP scanning - Fireeye NX (IP=108,US)
167.71.177.122	32	BMP	None	2021-07-04 00:00:00	2021-10-02 00:00:00	None	HTTP: Apache mod_cgi Bash Environment Variable Code Injection - 6hr Web Attacks (IP=122,US)
167.71.178.22	32	KH	None	2021-06-28 00:00:00	2021-09-26 00:00:00	None	SQL injection - 6hr Web Attacks (IP=22,US)
167.71.179.133	32	BMP	None	2021-07-04 00:00:00	2021-10-02 00:00:00	None	Adobe ColdFusion Administrator Access Restriction - 6hr Web Attacks (IP=133,US)
167.71.179.137	32	BMP	None	2021-07-04 00:00:00	2021-10-02 00:00:00	None	SQL injection - 6hr Web Attacks (IP=137,US)
167.71.179.234	32	BMP	None	2021-07-04 00:00:00	2021-10-02 00:00:00	None	SQL injection - 6hr Web Attacks (IP=234,US)
167.71.18.253	32	RR	None	2021-04-23 00:00:00	2021-07-23 00:00:00	None	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - TT# 21C01069 (IP=253,US)
167.71.181.53	32	RB	None	2021-02-22 00:00:00	2021-05-23 00:00:00	None	muieblackcat PHP Vulnerability Scanner - FE IPS Events (IP=53,US)
167.71.182.199	32	BMP	None	2021-07-04 00:00:00	2021-10-02 00:00:00	None	Adobe ColdFusion Administrator Access Restriction - 6hr Web Attacks (IP=199,US)
167.71.183.107	32	BMP	None	2021-07-04 00:00:00	2021-10-02 00:00:00	None	SQL injection - 6hr Web Attacks (IP=107,US)
167.71.185.53	32	DT	None	2021-06-18 00:00:00	2021-09-16 00:00:00	None	SQL injection - Web Attacks (IP=53,US)
167.71.187.43	32	BMP	None	2021-07-04 00:00:00	2021-10-02 00:00:00	None	SQL injection - 6hr Web Attacks (IP=43,US)
167.71.189.48	32	RB	None	2021-03-29 00:00:00	2021-06-27 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr web attacks (IP=48,US)
167.71.189.53	32	AR	None	2021-07-04 00:00:00	2021-10-02 00:00:00	None	SQL injection - 6 Hr Web Attack (IP=53,US)
167.71.19.114	32	RB	None	2021-04-10 00:00:00	2021-07-09 00:00:00	None	Unauthorized Access-Probe/UDP: Host Sweep - TT# 21C00994 (IP=114,US)
167.71.196.214	32	BMP	None	2021-03-30 00:00:00	2021-06-28 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=214,US)
167.71.196.214	24	RB	None	2021-03-30 00:00:00	2021-06-28 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Sourcefire (IP=214,SG)
167.71.2.104	24	KD	None	2021-06-14 00:00:00	2021-09-13 00:00:00	None	SQL injection- Web Attacks (IP=104,NL)
167.71.20.140	32	KD	None	2021-06-14 00:00:00	2021-09-13 00:00:00	None	Adobe ColdFusion Administrator Access Restriction- Web Attacks (IP=140,US)
167.71.20.152	32	KD	None	2021-06-14 00:00:00	2021-09-13 00:00:00	None	Adobe ColdFusion Administrator Access Restriction- Web Attacks (IP=152,US)
167.71.20.234	32	KD	None	2021-06-14 00:00:00	2021-09-13 00:00:00	None	Adobe ColdFusion Administrator Access Restriction- Web Attacks (IP=234,US)
167.71.20.254	32	ZH	None	2021-09-08 00:00:00	2021-12-07 00:00:00	None	SERVER-WEBAPP Atlassian Confluence OGNL injection remote code execution attempt - Sourcefire Rpt (IP=254,US)
167.71.225.24	32	srm	None	2021-05-11 00:00:00	2021-08-09 00:00:00	None	Firepower Suspicious Scan Activity (IP=24,IN)
167.71.227.93	24	RB	None	2021-03-29 00:00:00	2021-06-27 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr web attacks (IP=93,IN)
167.71.230.104	32	srm	None	2021-04-27 00:00:00	2021-07-26 00:00:00	None	Firepower Suspicious Scan Activity (IP=104,IN)
167.71.230.90	32	srm	None	2021-04-27 00:00:00	2021-07-26 00:00:00	None	Firepower Suspicious Scan Activity (IP=90,IN)
167.71.231.182	32	AR	None	2021-08-29 00:00:00	2021-11-27 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) TT# 21C01640 (IP=182,US)
167.71.237.106	24	RW	None	2021-03-10 00:00:00	2021-06-27 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=106,IN) | updated by RB Block expiration extended with reason HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=106,IN)
167.71.238.203	32	srm	None	2021-04-28 00:00:00	2021-07-27 00:00:00	None	Firepower Suspicious Scan Activity (IP=203,IN)
167.71.24.159	32	CR	None	2021-06-24 00:00:00	2021-09-22 00:00:00	None	Command Injection_ABC report (IP=159,US)
167.71.240.74	32	BMP	None	2021-06-18 00:00:00	2021-09-16 00:00:00	None	SERVER-WEBAPP NUUO NVRmini upgrade_handle.php command injection attempt - 6hr Web Attacks (IP=74,US)
167.71.240.75	32	UA	None	2021-08-05 00:00:00	2021-11-03 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - 6hr Web Attacks (IP=75,US)
167.71.241.213	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	US TO-S-2020-0493 Malware Activity
167.71.243.93	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	US TO-S-2020-0303 Malicious Web Application Activity
167.71.244.22	32	RR	None	2021-08-18 00:00:00	2021-11-22 00:00:00	None	SQL injection - Web Attacks (IP=22,US) | updated by RR Block expiration extended with reason SQL injection - Web Attacks (IP=22, US)
167.71.246.241	32	UA	None	2021-08-05 00:00:00	2021-11-03 00:00:00	None	SQL union select - possible sql injection attempt - POST parameter (1:15874:14) - Sourcefire (IP=241,US)
167.71.248.105	32	RB	None	2021-03-24 00:00:00	2021-06-22 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - 6hr web attacks (IP=105 US)
167.71.248.136	32	ZH	None	2021-06-24 00:00:00	2021-09-22 00:00:00	None	HTTP SQL Injection Attempt - 6hr web attacks (IP=136,US)
167.71.253.225	32	BMP	None	2021-06-18 00:00:00	2021-09-16 00:00:00	None	SQL injection - 6hr Web Attacks (IP=225,US)
167.71.254.107	32	RB	None	2021-03-24 00:00:00	2021-06-22 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr web attack (IP=107,US)
167.71.254.22	32	RR	None	2021-08-18 00:00:00	2021-11-16 00:00:00	None	SQL injection - Web Attacks (IP=22,US)
167.71.254.71	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	US TO-S-2020-0303 Malicious Web Application Activity
167.71.26.207	32	RW	None	2021-04-24 00:00:00	2021-07-24 00:00:00	None	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - TT# 21C01068 (IP=207,US)
167.71.26.213	32	RR	None	2021-04-23 00:00:00	2021-07-23 00:00:00	None	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - TT# 21C01066 (IP=213,US)
167.71.26.218	32	RR	None	2021-04-23 00:00:00	2021-07-23 00:00:00	None	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - TT# 21C01065 (IP=218,US)
167.71.26.221	32	RR	None	2021-04-23 00:00:00	2021-07-23 00:00:00	None	HTTP: Apache Struts2 XML Deserialization Remote Code Execution (CVE-2017-9805) - TT# 21C01067 (IP=221,US)
167.71.30.251	32	DT	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=251,US)
167.71.32.135	24	RW	None	2021-05-17 00:00:00	2021-08-15 00:00:00	None	SQL injection - Web Attacks (IP=135,DE)
167.71.33.16	32	wmp	None	2021-05-03 00:00:00	2021-08-03 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=16,DE)
167.71.33.16	24	RB	None	2021-05-03 00:00:00	2021-08-01 00:00:00	None	SQL injection - 6hr failed logons (IP=16 DE)
167.71.33.4	24	RW	None	2021-05-17 00:00:00	2021-08-15 00:00:00	None	SQL injection - Web Attacks (IP=4,DE)
167.71.34.29	24	RW	None	2021-05-17 00:00:00	2021-08-15 00:00:00	None	SQL injection - Web Attacks (IP=29,DE)
167.71.35.175	24	CR	None	2021-05-04 00:00:00	2021-08-03 00:00:00	None	SQL injection - 6hr Web Attacks (IP=175,DE)
167.71.36.166	24	RW	None	2021-05-17 00:00:00	2021-08-15 00:00:00	None	SQL injection - Web Attacks (IP=166,DE)
167.71.37.115	24	BMP	None	2021-05-12 00:00:00	2021-08-10 00:00:00	None	SQL injection - 6hr Web Attacks (IP=115,DE)
167.71.37.85	24	RR	None	2021-05-13 00:00:00	2021-08-11 00:00:00	None	SERVER-WEBAPP Java XML deserialization remote code execution attempt - Web Attacks (IP=85,DE)
167.71.37.85	24	RR	None	2021-05-13 00:00:00	2021-08-11 00:00:00	None	SERVER-WEBAPP Java XML deserialization remote code execution attempt - Web Attacks (IP=85,DE) SERVER-WEBAPP Java XML deserialization remote code execution attempt - Web Attacks (IP=85,DE)
167.71.38.182	24	RW	None	2021-05-17 00:00:00	2021-08-15 00:00:00	None	SQL injection - Web Attacks (IP=182,DE)
167.71.38.226	32	wmp	None	2021-05-03 00:00:00	2021-08-03 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=226,DE)
167.71.38.226	24	RB	None	2021-05-03 00:00:00	2021-08-01 00:00:00	None	SQL injection - 6hr failed logons (IP=226 DE)
167.71.38.90	32	wmp	None	2021-05-03 00:00:00	2021-08-03 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=90,DE)
167.71.39.182	24	RR	None	2021-03-29 00:00:00	2021-06-28 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=182,DE) | updated by RB Block expiration extended with reason SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Sourcefire (IP=182,DE)
167.71.40.170	24	RW	None	2021-05-17 00:00:00	2021-08-15 00:00:00	None	SQL injection - Web Attacks (IP=170,DE)
167.71.40.69	24	DT	None	2021-03-25 00:00:00	2021-06-23 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=69,DE)
167.71.41.130	24	RB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=130,DE)
167.71.42.1	24	RW	None	2021-05-17 00:00:00	2021-08-15 00:00:00	None	SQL injection - Web Attacks (IP=1,DE)
167.71.42.141	32	wmp	None	2021-05-03 00:00:00	2021-08-03 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=141,DE)
167.71.42.141	24	RB	None	2021-05-03 00:00:00	2021-08-01 00:00:00	None	SQL injection - 6hr failed logons (IP=141 DE)
167.71.43.28	32	wmp	None	2021-05-03 00:00:00	2021-08-03 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=28,DE)
167.71.43.28	24	RB	None	2021-05-03 00:00:00	2021-08-01 00:00:00	None	SQL injection - 6hr failed logons (IP=28 DE)
167.71.44.217	32	wmp	None	2021-05-03 00:00:00	2021-08-03 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=217,DE)
167.71.44.217	24	RB	None	2021-05-03 00:00:00	2021-08-01 00:00:00	None	SQL injection - 6hr failed logons (IP=217 DE)
167.71.44.53	24	RW	None	2021-05-17 00:00:00	2021-08-15 00:00:00	None	SQL injection - Web Attacks (IP=53,DE)
167.71.45.14	24	BMP	None	2021-05-12 00:00:00	2021-08-10 00:00:00	None	SQL injection - 6hr Web Attacks (IP=14,DE)
167.71.46.202	32	wmp	None	2021-05-03 00:00:00	2021-08-03 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=202,DE)
167.71.46.202	24	RB	None	2021-05-03 00:00:00	2021-08-01 00:00:00	None	SQL injection - 6hr failed logons (IP=202 DE)
167.71.46.9	24	RW	None	2021-05-17 00:00:00	2021-08-15 00:00:00	None	SQL injection - Web Attacks (IP=9,DE)
167.71.47.16	24	RW	None	2021-05-17 00:00:00	2021-08-15 00:00:00	None	SQL injection - Web Attacks (IP=16,DE)
167.71.49.134	24	RB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr web attacks (IP=134,DE)
167.71.5.187	24	RB	None	2021-04-01 00:00:00	2021-06-30 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Sourcefire (IP=187,NL)
167.71.50.129	24	RW	None	2021-05-16 00:00:00	2021-08-30 00:00:00	None	SQL injection - Web Attacks (IP=129,DE) | updated by ZH Block expiration extended with reason SQL HTTP URI blind injection attempt - Web Attack Report (IP=129,DE)
167.71.51.109	32	wmp	None	2021-05-05 00:00:00	2021-08-05 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=109,DE)
167.71.52.94	32	wmp	None	2021-05-05 00:00:00	2021-08-05 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=94,DE)
167.71.53.23	24	RW	None	2021-05-01 00:00:00	2021-08-01 00:00:00	None	SQL injection - Web attacks (IP=23,DE)
167.71.54.185	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	DE Hive Case 4237 TO-S-2021-0910 Malicious Reconnaissance Activity
167.71.56.245	24	RB	None	2021-05-02 00:00:00	2021-07-31 00:00:00	None	SQL injection - 6hr web attacks (IP=245,DE)
167.71.57.228	32	wmp	None	2021-05-05 00:00:00	2021-08-05 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=228,DE)
167.71.57.231	32	wmp	None	2021-05-06 00:00:00	2021-08-06 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=231,DE)
167.71.58.17	24	KH	None	2021-07-30 00:00:00	2021-10-28 00:00:00	None	SERVER-APACHE Apache Tomcat mod_jk access control bypass attempt (1:48382:1) - Sourcefire (IP=17,DE)
167.71.62.229	24	RB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr failed logons (IP=229,DE)
167.71.63.118	32	wmp	None	2021-05-03 00:00:00	2021-08-03 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=118,DE)
167.71.63.118	24	RB	None	2021-05-03 00:00:00	2021-08-01 00:00:00	None	HTTP SQL Injection Attempt - 6hr failed logons (IP=118 DE)
167.71.64.192	24	GM	None	2020-12-25 00:00:00	2021-03-25 00:00:00	None	FTP Login Failed - Failed Logons (IP=192,NL)
167.71.65.217	24	RB	None	2021-04-27 00:00:00	2021-07-26 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=217,NL)
167.71.69.172	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	NL Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
167.71.69.220	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	NL TO-S-2020-0298 Malicious Email Activity
167.71.70.235	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	NL TO-S-2020-0331 Malware Activity
167.71.71.186	24	RT	None	2021-05-27 00:00:00	2021-08-25 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire Report (IP=186,NL)
167.71.80.171	32	BMP	None	2021-07-04 00:00:00	2021-10-02 00:00:00	None	SQL injection - 6hr Web Attacks (IP=171,US)
167.71.81.200	32	BMP	None	2021-06-23 00:00:00	2021-09-21 00:00:00	None	AR RCC-CONUS HTTP_GET_Psble_F5TMUI_RCE_RC130840 - TT# 21C01356 (IP=200,US)
167.71.85.160	32	RW	None	2021-08-04 00:00:00	2021-11-02 00:00:00	None	External IP scanning - Fireeye NX (IP=160,US)
167.71.87.135	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	US TO-S-2020-0493 Malware Activity
167.71.88.31	32	RT	None	2021-06-18 00:00:00	2021-09-16 00:00:00	None	SQL injection - 6HR Web Attacks (IP=31,US)
167.71.90.202	32	GLM	None	2021-04-05 00:00:00	2021-08-14 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=202,US) | updated by RB Block expiration extended with reason SERVER-WEBAPP PHPUnit PHP remote code execution attempt - 6hr web attacks (IP=202,US)
167.71.91.219	32	wmp	None	2021-01-29 00:00:00	2021-04-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=219,US)
167.71.92.90	32	BMP	None	2021-03-13 00:00:00	2021-06-13 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=90,US)
167.71.95.181	32	BMP	None	2021-07-04 00:00:00	2021-10-02 00:00:00	None	SQL injection - 6hr Web Attacks (IP=181,US)
167.86.109.221	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	DE TO-S-2020-0331 Malicious Web Application Activity
167.86.111.54	32	KF	None	2019-06-09 00:00:00	2021-02-14 00:00:00	None	Signature: Unauthorized Access-Probe - TT# 19C02260 (IP=54,US) | updated by dbc Block was inactive. Reactivated on 20200214 with reason DE TO-S-2020-0298 Malicious Email Activity
167.86.114.167	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	DE Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
167.86.118.41	32	wmp	None	2021-06-15 00:00:00	2021-09-15 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=41,DE)
167.86.120.43	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	US TO-S-2020-0303 Malicious Email Activity
167.86.123.163	32	wmp	None	2020-09-16 00:00:00	2021-10-29 00:00:00	None	HIVE Case #3909 COLS-NA-TIP-20-0296 (IP=163,DE) | updated by dbc Block expiration extended with reason DE Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
167.86.66.101	32	NAB	None	2020-11-12 00:00:00	2021-11-19 00:00:00	None	HIVE Case #4296 COLS-NA-TIP-20-0347 (IP=101,DE) | updated by dbc Block expiration extended with reason DE TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
167.86.73.234	24	DT	None	2021-03-30 00:00:00	2021-06-28 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=234,DE)
167.86.74.178	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	DE Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
167.86.75.216	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=216,DE)
167.86.75.58	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	DE TO-S-2020-0303 Malicious Email Activity
167.86.75.65	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	DE TO-S-2020-0303 Malicious Email Activity
167.86.82.48	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	DE TO-S-2020-0698 Malicious Email Activity
167.86.90.214	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	DE TO-S-2021-0876 Hive Case 4166 Malware Activity
167.86.91.181	24	GM	None	2021-03-11 00:00:00	2021-06-11 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=181,DE)
167.86.95.138	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	DE Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
167.86.98.215	32	wmp	None	2020-09-16 00:00:00	2021-10-29 00:00:00	None	HIVE Case #3909 COLS-NA-TIP-20-0296 (IP=215,DE) | updated by dbc Block expiration extended with reason DE Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
167.86.99.229	32	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5629 TO-S-2021-1303 (IP=229,DE)
167.88.3.132	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	US TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
167.89.118.83	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	US TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
167.99.106.172	32	BMP	None	2021-03-23 00:00:00	2021-08-14 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=172,US) | updated by RB Block expiration extended with reason HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=172,US) | updated by RW Block expiration
167.99.111.51	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	US TO-S-2020-0298 Malware Activity
167.99.113.159	32	wmp	None	2021-05-07 00:00:00	2021-08-07 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=159,US)
167.99.113.167	32	wmp	None	2021-05-07 00:00:00	2021-08-07 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=167,US)
167.99.113.186	32	wmp	None	2021-05-07 00:00:00	2021-08-07 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=186,US)
167.99.113.189	32	RW	None	2021-05-07 00:00:00	2021-08-07 00:00:00	None	SQL injection - Web attacks (IP=189,US)
167.99.113.254	32	DT	None	2021-08-20 00:00:00	2021-11-18 00:00:00	None	HTTP Request Brute Force Attack - Failed Logons (IP=254,US)
167.99.114.105	32	RR	None	2021-05-11 00:00:00	2021-08-09 00:00:00	None	SQL injection - Web Attacks (IP=105,US)
167.99.114.31	32	RR	None	2021-05-11 00:00:00	2021-08-09 00:00:00	None	SQL injection - Web Attacks (IP=31,US)
167.99.114.60	32	BMP	None	2021-05-10 00:00:00	2021-08-08 00:00:00	None	HTTP SQL Injection Attempt - 6hr Web Attacks (IP=60,US)
167.99.114.70	32	wmp	None	2021-05-07 00:00:00	2021-08-07 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=70,US)
167.99.114.82	32	RR	None	2021-05-11 00:00:00	2021-08-09 00:00:00	None	SQL injection - Web Attacks (IP=82,US)
167.99.114.96	32	RR	None	2021-05-11 00:00:00	2021-08-09 00:00:00	None	SQL injection - Web Attacks (IP=96,US)
167.99.116.128	32	ZH	None	2021-06-18 00:00:00	2021-09-16 00:00:00	None	SQL Injection - 6hr Web Attacks (IP=128,US)
167.99.117.138	32	BMP	None	2021-06-23 00:00:00	2021-09-21 00:00:00	None	SQL injection - 6hr Web Attacks (IP=138,US)
167.99.117.20	32	ZH	None	2021-09-08 00:00:00	2021-12-07 00:00:00	None	SQL injection - 6hr Web Attacks (IP=20,US)
167.99.119.216	32	CR	None	2021-05-11 00:00:00	2021-08-11 00:00:00	None	SQL injection - Web Attacks Report (IP=216,US)
167.99.12.242	32	RW	None	2021-04-29 00:00:00	2021-07-29 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web attacks (IP=242,US)
167.99.120.152	32	CR	None	2021-05-06 00:00:00	2021-08-06 00:00:00	None	SQL union select - possible sql injection attempt - GET parameter - Sourcefire (IP=152,US)
167.99.120.154	32	CR	None	2021-05-06 00:00:00	2021-08-06 00:00:00	None	SQL generic sql insert injection attempt - POST parameter - Sourcefire (IP=154,US)
167.99.120.158	32	wmp	None	2021-05-06 00:00:00	2021-08-06 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=158,US)
167.99.120.159	32	CR	None	2021-05-06 00:00:00	2021-08-06 00:00:00	None	SQL generic sql insert injection attempt - POST parameter - Sourcefire (IP=159,US)
167.99.120.162	32	CR	None	2021-05-06 00:00:00	2021-08-06 00:00:00	None	SQL use of sleep function in HTTP header - likely SQL injection attempt - Sourcefire (IP=162,US)
167.99.120.168	32	CR	None	2021-05-06 00:00:00	2021-08-06 00:00:00	None	SQL union select - possible sql injection attempt - GET parameter - Sourcefire (IP=168,US)
167.99.120.169	32	CR	None	2021-05-06 00:00:00	2021-08-06 00:00:00	None	SQL generic sql insert injection attempt - POST parameter - Sourcefire (IP=169,US)
167.99.120.171	32	wmp	None	2021-05-06 00:00:00	2021-08-06 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=171,US)
167.99.120.174	32	CR	None	2021-05-06 00:00:00	2021-08-06 00:00:00	None	SQL use of concat function with select - likely SQL injection - Sourcefire (IP=174,US)
167.99.121.168	32	ZH	None	2021-08-26 00:00:00	2021-11-24 00:00:00	None	SQL injection - 6 hr Web Attacks (IP=168,US)
167.99.122.212	32	CR	None	2021-05-04 00:00:00	2021-08-04 00:00:00	None	HTTP SQL Injection Attempt_6 hr web attacks (IP=212,US)
167.99.123.138	32	BMP	None	2021-05-12 00:00:00	2021-08-10 00:00:00	None	SQL injection - 6hr Web Attacks (IP=138,US)
167.99.123.157	32	BMP	None	2021-05-12 00:00:00	2021-08-10 00:00:00	None	SQL injection - 6hr Web Attacks (IP=157,US)
167.99.127.174	32	RR	None	2021-05-11 00:00:00	2021-08-09 00:00:00	None	SQL injection - Web Attacks (IP=174,US)
167.99.128.35	24	RW	None	2021-05-15 00:00:00	2021-08-13 00:00:00	None	HTTP: SQL Injection - Exploit - Web Attacks (IP=35,DE)
167.99.129.42	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	DE TO-S-2020-0331 Malicious Email Activity
167.99.130.208	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	DE Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
167.99.131.160	24	RW	None	2021-05-15 00:00:00	2021-08-13 00:00:00	None	SQL injection - Web Attacks (IP=160,DE)
167.99.132.148	24	EE	None	2021-04-02 00:00:00	2021-12-01 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=148,DE) | updated by RR Block expiration extended with reason HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=148,DE) | updated by ZH Block expiration extended with reason HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) TT# 21C01739 (IP=148,DE)
167.99.133.28	32	wmp	None	2021-06-29 00:00:00	2021-09-29 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=28,DE)
167.99.134.111	24	RR	None	2021-07-15 00:00:00	2021-10-13 00:00:00	None	vBulletin SQL Injection Vulnerability - Web Attacks (IP=111,DE)
167.99.136.144	24	RB	None	2021-05-02 00:00:00	2021-07-31 00:00:00	None	SQL injection - 6hr web attacks (IP=144,DE)
167.99.138.171	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=171,DE)
167.99.138.176	24	CR	None	2021-04-30 00:00:00	2021-07-30 00:00:00	None	HTTP SQL injection_Web Attack Report (IP=176,DE)
167.99.139.143	24	RW	None	2021-05-15 00:00:00	2021-08-13 00:00:00	None	SQL injection - Web Attacks (IP=143,DE)
167.99.141.53	24	EE	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attack (IP=53,DE)
167.99.142.70	24	RW	None	2021-05-15 00:00:00	2021-08-13 00:00:00	None	SQL injection - Web Attacks (IP=70,DE)
167.99.143.128	24	RR	None	2021-06-06 00:00:00	2021-09-04 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=128,DE) | updated by RR Block expiration extended with reason HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=128,DE) HTTP: PHPUnit Remote Cod
167.99.143.128	24	RR	None	2021-06-05 00:00:00	2021-09-04 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=128,DE) | updated by RR Block expiration extended with reason HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=128,DE) HTTP: PHPUnit Remote Cod
167.99.145.102	32	GM	None	2020-10-08 00:00:00	2021-01-08 00:00:00	None	SSLv2 Client Hello Request Detected - FE CMS/IPS alerts (IP=102,US)
167.99.145.244	32	KH	None	2021-08-03 00:00:00	2021-11-01 00:00:00	None	HTTP: SQL Injection - Exploit II - Web Attacks (IP=244,US)
167.99.145.76	32	GM	None	2021-03-11 00:00:00	2021-06-11 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=76,US)
167.99.145.76	32	GM	None	2021-03-11 00:00:00	2021-06-11 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=76,US)
167.99.145.76	32	GM	None	2021-03-11 00:00:00	2021-06-11 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=76,US)
167.99.148.249	32	RR	None	2021-03-09 00:00:00	2021-06-07 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=249,US)
167.99.15.224	32	RB	None	2021-02-17 00:00:00	2021-05-17 00:00:00	None	Nuclei Vulnerability Scanner - IPS Events (IP=224,US) | updated by wmp Block expiration extended with reason FireEye IPS Nuclei Vulnerability Scanner (IP=224,US) FireEye IPS Nuclei Vulnerability Scanner (IP=224,US)
167.99.15.224	32	wmp	None	2021-02-17 00:00:00	2021-05-17 00:00:00	None	Nuclei Vulnerability Scanner - IPS Events (IP=224,US) | updated by wmp Block expiration extended with reason FireEye IPS Nuclei Vulnerability Scanner (IP=224,US) FireEye IPS Nuclei Vulnerability Scanner (IP=224,US)
167.99.150.188	32	ZH	None	2021-06-18 00:00:00	2021-09-16 00:00:00	None	SQL Injection - 6hr Web Attacks (IP=188,US)
167.99.151.105	32	RR	None	2021-09-23 00:00:00	2021-12-22 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 21C01936(IP=105,US)
167.99.152.167	32	RB	None	2021-02-17 00:00:00	2021-05-17 00:00:00	None	Nuclei Vulnerability Scanner - IPS Events (IP=167,US) | updated by wmp Block expiration extended with reason Imperva Distributed Nuclei Scanner (IP=167,US) Imperva Distributed Nuclei Scanner (IP=167,US)
167.99.152.167	32	wmp	None	2021-02-17 00:00:00	2021-05-17 00:00:00	None	Nuclei Vulnerability Scanner - IPS Events (IP=167,US) | updated by wmp Block expiration extended with reason Imperva Distributed Nuclei Scanner (IP=167,US) Imperva Distributed Nuclei Scanner (IP=167,US)
167.99.152.47	32	UA	None	2021-08-15 00:00:00	2021-11-13 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr web attacks (IP=47,US)
167.99.152.47	32	UA	None	2021-08-15 00:00:00	2021-11-13 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr web attacks (IP=47,US)
167.99.152.56	32	AR	None	2021-06-09 00:00:00	2021-09-07 00:00:00	None	SERVER-WEBAPP Netgear passwordrecovered.cgi insecure admin password disclosure attempt (1:41504:3) - SourceFire Report (IP=56,US)
167.99.156.157	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
167.99.159.175	32	AR	None	2021-06-09 00:00:00	2021-09-07 00:00:00	None	SERVER-WEBAPP WordPress get_post authentication bypass attempt (1:41495:2) - SourceFire Report (IP=175,US)
167.99.171.6	32	RB	None	2021-01-09 00:00:00	2021-04-11 00:00:00	None	Suspicious Scan Activity - Hive Case #4744 (IP=6,US) | updated by BMP Block expiration extended with reason Backdoor.TROCHILUS - Hive Case 4744 (IP=6,US)
167.99.180.119	32	srm	None	2021-04-28 00:00:00	2021-07-27 00:00:00	None	Firepower Suspicious Scan Activity (IP=119,CA)
167.99.181.158	24	KH	None	2021-09-22 00:00:00	2021-12-21 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - 6 hr Web Attacks (IP=158,CA)
167.99.184.149	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	CA Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
167.99.185.216	24	FT	None	2021-03-20 00:00:00	2021-06-18 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=216,CA)
167.99.187.122	32	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	CA TO-S-2020-0838 Malicious Web Application Activity
167.99.188.80	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	CA TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
167.99.190.197	32	RB	None	2021-05-22 00:00:00	2021-12-05 00:00:00	None	FTP Login Failed - 6hr failed logins (IP=197,CA) | updated by SW Block was inactive. Reactivated on 20210906 with reason ReputationDV Malware Event TT# 21C01756 (IP=197,US) ReputationDV Malware Event TT# 21C01756 (IP=197,US)
167.99.190.197	32	SW	None	2021-09-06 00:00:00	2021-12-05 00:00:00	None	FTP Login Failed - 6hr failed logins (IP=197,CA) | updated by SW Block was inactive. Reactivated on 20210906 with reason ReputationDV Malware Event TT# 21C01756 (IP=197,US) ReputationDV Malware Event TT# 21C01756 (IP=197,US)
167.99.192.24	32	RR	None	2021-09-30 00:00:00	2021-12-31 00:00:00	None	Possible Cross-site Scripting Attack - IPS Events (IP=24,US)
167.99.192.24	24	RW	None	2021-09-30 00:00:00	2021-12-29 00:00:00	None	SERVER-WEBAPP Oracle Business Intelligence directory traversal attempt - Web Attacks (IP=24,GB)
167.99.194.156	24	KH	None	2021-10-01 00:00:00	2021-12-30 00:00:00	None	POLICY-OTHER Adobe ColdFusion admin interface access attempt (1:25975:3) - Sourcefire (IP=156,GB)
167.99.194.156	24	KH	None	2021-10-01 00:00:00	2021-12-30 00:00:00	None	Suspicious Telerik UI Request - FE IPS (IP=156,GB)
167.99.212.33	32	wmp	None	2021-05-27 00:00:00	2021-08-27 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=33,NL)
167.99.214.4	24	DT	None	2021-03-30 00:00:00	2021-06-28 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=4,NL)
167.99.215.170	24	RR	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=170,NL)
167.99.224.251	32	GM	None	2021-03-24 00:00:00	2021-06-24 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=251,US)
167.99.224.55	32	KD	None	2021-08-03 00:00:00	2021-11-01 00:00:00	None	SQL 1 = 1 - possible sql injection attempt (1:19439:10) - Sourcefire (IP=55,US)
167.99.224.8	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	TCP: SYN Host Sweep (IP=8,US)
167.99.228.118	32	BB	None	2021-09-02 00:00:00	2021-12-01 00:00:00	None	Command Injection - ABC Report(IP=118,US)
167.99.229.217	32	KH	None	2021-08-03 00:00:00	2021-11-01 00:00:00	None	SQL 1 = 0 - possible sql injection attempt - Web Attacks (IP=217,US)
167.99.231.147	32	ZH	None	2021-06-12 00:00:00	2021-09-10 00:00:00	None	SERVER-WEBAPP SolarWinds Orion authentication bypass attempt (1:56916:1) - Sourcefire Rpt (IP=147,US)
167.99.235.221	32	SW	None	2021-07-22 00:00:00	2021-10-20 00:00:00	None	SQL injection - WebAttacks (IP=221, US)
167.99.236.136	32	RR	None	2021-07-23 00:00:00	2021-10-21 00:00:00	None	MULTIPLE UNRECOGNIZED TECHNIQUES; FORWARD TO DEV TEAM - Automated Block (IP=136,US)
167.99.236.216	32	WR	None	2021-06-27 00:00:00	2021-09-25 00:00:00	None	SQL union select - possible sql injection attempt - POST parameter - 6hr Web Attacks (IP=216,US)
167.99.236.246	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	US TO-S-2020-0331 Malware Activity
167.99.236.95	32	BMP	None	2021-09-03 00:00:00	2021-12-02 00:00:00	None	SERVER-WEBAPP PHPMailer command injection remote code execution attempt (1:45917:1) - SourceFire (IP=95,US)
167.99.237.245	32	UA	None	2021-08-15 00:00:00	2021-11-22 00:00:00	None	SQL injection - 6hr web attacks (IP=245,US) | updated by RR Block expiration extended with reason SQL injection - Web Attacks (IP=245, US)
167.99.240.165	24	RW	None	2021-03-31 00:00:00	2021-06-30 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Sourcefire (IP=165,DE)
167.99.243.144	24	CR	None	2021-04-30 00:00:00	2021-07-30 00:00:00	None	HTTP SQL injection_Web Attack Report (IP=144,DE)
167.99.247.243	24	RB	None	2021-05-02 00:00:00	2021-07-31 00:00:00	None	SQL injection - 6hr web attacks (IP=243,DE)
167.99.249.78	24	RW	None	2021-05-15 00:00:00	2021-08-13 00:00:00	None	SQL injection - Web Attacks (IP=78,DE)
167.99.251.239	32	wmp	None	2021-05-11 00:00:00	2021-08-11 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=239,DE)
167.99.252.6	32	CR	None	2021-05-05 00:00:00	2021-08-05 00:00:00	None	SQL union select - possible sql injection attempt - GET parameter - FirePower report (IP=6,US)
167.99.252.6	32	wmp	None	2021-05-05 00:00:00	2021-08-05 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=6,DE)
167.99.254.194	24	RB	None	2021-05-02 00:00:00	2021-07-31 00:00:00	None	SQL injection - 6hr web attacks (IP=194,DE)
167.99.32.233	24	RB	None	2021-01-09 00:00:00	2021-04-11 00:00:00	None	Suspicious Scan Activity - Hive Case #4744 (IP=233,NL) | updated by BMP Block expiration extended with reason Backdoor.TROCHILUS - Hive Case 4744 (IP=233,NL)
167.99.39.234	32	BMP	None	2021-05-03 00:00:00	2021-08-01 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - SourceFire (IP=234,US)
167.99.40.21	32	RR	None	2020-03-06 00:00:00	2021-10-29 00:00:00	None	Known Attack Tool User Agent/ HTTP: Masscan Scanner Traffic Detected - TT# 20C01994 (IP=21,US) | updated by dbc Block was inactive. Reactivated on 20201029 with reason NL Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
167.99.44.214	32	CR	None	2021-05-04 00:00:00	2021-08-04 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt_Sourcefire (IP=214,US)
167.99.45.153	24	EE	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attack (IP=153,NL)
167.99.5.25	32	GM	None	2021-03-27 00:00:00	2021-06-25 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=25,US)
167.99.50.70	32	BMP	None	2021-05-10 00:00:00	2021-08-08 00:00:00	None	Malware Object Download - FireEye Web (IP=70,US)
167.99.53.240	32	ZH	None	2021-08-26 00:00:00	2021-11-24 00:00:00	None	SQL injection - 6 hr Web Attacks (IP=240,US)
167.99.53.53	32	BMP	None	2021-05-05 00:00:00	2021-08-03 00:00:00	None	OS-OTHER Bash CGI environment variable injection attempt (1:31978:5) - SourceFire (IP=53,US)
167.99.56.138	32	NAB	None	2020-11-09 00:00:00	2021-11-19 00:00:00	None	HIVE Case #4283 COLS-NA-TIP-20-0346 (IP=138,US) | updated by dbc Block expiration extended with reason US TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
167.99.63.161	32	RW	None	2021-05-17 00:00:00	2021-08-15 00:00:00	None	HTTP SQL Injection Attempt - Web Attacks (IP=161,US)
167.99.64.63	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=63,SG)
167.99.65.240	24	RB	None	2021-05-14 00:00:00	2021-08-12 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - 6hr web attacks (IP=240,SG)
167.99.68.11	32	srm	None	2021-03-30 00:00:00	2021-06-30 00:00:00	None	Firepower Suspicious Scan Activity (IP=11,SG)
167.99.69.180	32	srm	None	2021-05-04 00:00:00	2021-08-02 00:00:00	None	Firepower Suspicious Scan Activity (IP=180,SG)
167.99.69.63	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	SG TO-S-2020-0459 Malware Activity
167.99.7.67	32	RR	None	2021-03-11 00:00:00	2021-06-09 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=67,US)
167.99.70.115	24	RR	None	2021-03-11 00:00:00	2021-06-09 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=115,SG)
167.99.74.4	32	srm	None	2021-04-27 00:00:00	2021-07-26 00:00:00	None	Firepower Suspicious Scan Activity (IP=4,SG)
167.99.82.231	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	MX TO-S-2020-0303 Malicious Email Activity
167.99.82.84	24	EE	None	2021-03-28 00:00:00	2021-06-26 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks(IP=84,GB)
168.0.120.0	22	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	BR TO-S-2020-0298 Malicious Email Activity
168.0.152.0	22	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	BR TO-S-2020-0331 Malicious Web Application Activity
168.0.196.0	22	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	BR TO-S-2020-0298 Malicious Email Activity
168.0.38.79	24	BMP	None	2021-06-17 00:00:00	2021-09-15 00:00:00	None	SQL injection - 6hr Web Attacks (IP=79,BR)
168.0.38.79	32	wmp	None	2021-06-17 00:00:00	2021-09-17 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=79,BR)
168.0.96.0	22	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	BR TO-S-2021-0876 Hive Case 4166 Malware Activity
168.119.16.147	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	DE Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
168.121.137.0	24	TLM	None	2021-07-29 00:00:00	2021-10-27 00:00:00	None	HIVE Case #5884 TO-S-2021-1435 (IP=0,BR)
168.121.40.0	22	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	BR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
168.121.68.0	22	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	BR TO-S-2020-0303 Malicious Email Activity
168.128.148.202	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	ZA TO-S-2020-0459 Malware Activity
168.128.148.202	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	ZA TO-S-2020-0459 Malware Activity
168.128.80.0	21	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,ZA)
168.138.12.252	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=252,AU)
168.138.128.237	32	BMP	None	2021-03-30 00:00:00	2021-06-28 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=237,US)
168.138.135.66	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	BR TO-S-2021-0876 Hive Case 4166 Malicious Web Application Activity
168.138.200.30	24	DT	None	2021-02-25 00:00:00	2021-05-25 00:00:00	None	SERVER-WEBAPP JBoss JMX console access attempt - Web Attacks (IP=30,JP)
168.149.143.112	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=112,US)
168.167.30.140	32	BMP	None	2020-10-11 00:00:00	2021-01-11 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759)- TT# 21C00090 (IP=140,BW)
168.181.120.0	22	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	HN TO-S-2020-0298 Malicious Email Activity
168.194.36.189	24	KD	None	2021-08-03 00:00:00	2021-11-01 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt (1:19559:13) - Sourcefire (IP=189,BR)
168.194.72.0	24	jkc	None	2021-04-21 00:00:00	2021-10-21 00:00:00	None	Case # 5273 IOC_TO-S-2021-1233 Malicious callback IP
168.195.140.0	22	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	BR TO-S-2020-0298 Malicious Email Activity
168.195.147.87	24	RR	None	2021-05-05 00:00:00	2021-08-03 00:00:00	None	Adobe ColdFusion Administrator Access Restriction - Web Attacks (IP=87,BR)
168.195.224.0	22	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	PY Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
168.197.16.0	22	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	BR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
168.205.152.0	22	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	BR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
168.205.223.254	32	srm	None	2021-01-28 00:00:00	2021-04-28 00:00:00	None	Firepower Suspicious Scan Activity (IP=254,BR)
168.205.244.0	22	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	BR TO-S-2020-0331 Malicious Web Application Activity
168.205.32.0	22	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	BR TO-S-2020-0298 Malicious Email Activity
168.205.36.0	22	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	BR TO-S-2020-0303 Malicious Email Activity
168.205.48.0	22	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	BR TO-S-2021-0876 Hive Case 4166 Malicious Web Application Activity
168.211.73.212	32	dbc	None	2020-06-10 00:00:00	2021-06-10 00:00:00	None	PK TO-S-2020-0601 Malware Activity
168.215.229.34	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=34,US)
168.227.132.0	22	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	BR TO-S-2020-0331 Malicious Web Application Activity
168.227.97.138	24	RR	None	2021-05-20 00:00:00	2021-08-18 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - SourceFire (IP=138,AR)
168.228.4.0	22	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	BR TO-S-2020-0303 Malicious Email Activity
168.228.88.0	22	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	BR TO-S-2020-0303 Malicious Email Activity
168.232.152.0	22	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	BR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
168.232.156.0	22	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	BR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
168.235.67.138	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malware Activity
168.58.229.10	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	ZM TO-S-2021-0949 Hive Case 4363 Malicious Email Activity
168.61.173.185	32	RW	None	2020-04-29 00:00:00	2021-09-29 00:00:00	None	Known Attack Tool User Agent V2 / 20086 HTTP Muieblackcat Security Scanner - TT# 20C02575 (IP=185,US) | updated by BMP Block was inactive. Reactivated on 20200629 with reason Known Attack Tool User Agent V2 / 20086: HTTP: Muieblackcat Security Scanner -
168.61.213.232	32	BMP	None	2021-06-25 00:00:00	2021-09-23 00:00:00	None	SQL injection - 6hr Web Attacks (IP=232,US)
168.61.219.225	32	BMP	None	2021-06-01 00:00:00	2021-08-30 00:00:00	None	Adobe ColdFusion Administrator Access Restriction - 6hr Web Attacks (IP=225,US)
168.61.75.31	32	ZH	None	2021-08-28 00:00:00	2021-11-26 00:00:00	None	Attempted Access - Inbound Brute Force TT# 21C01627 (IP=31,US)
168.62.165.90	32	EE	None	2021-02-19 00:00:00	2021-05-19 00:00:00	None	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script - TT: 21C00521 (IP=90,US)
168.62.199.19	32	SW	None	2021-08-11 00:00:00	2021-11-09 00:00:00	None	Attempted Access - Inbound Brute Force - TT# 21C01547 (IP=19, US)
168.62.221.203	32	AR	None	2021-09-08 00:00:00	2021-12-07 00:00:00	None	Attempted Access - Inbound Brute Force - TT# 21C01775 (IP=203,US)
168.90.104.0	22	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	BR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
168.90.204.207	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=207,BR)
168.90.208.0	22	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	BR TO-S-2020-0298 Malicious Email Activity
168.90.32.0	22	jkc	None	2021-04-21 00:00:00	2021-10-21 00:00:00	None	Case # 5273 IOC_TO-S-2021-1233 Malicious callback IP
168.90.76.0	22	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	BR TO-S-2020-0331 Malicious Web Application Activity
169.1.139.156	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	ZA TO-S-2020-0331 Malicious Web Application Activity
169.1.24.166	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	ZA TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
169.149.248.36	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	IN TO-S-2020-0535 Malicious Email Activity
169.197.108.166	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	NL Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
169.197.108.171	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	NL Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
169.197.108.187	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	NL Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
169.197.108.188	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	NL Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
169.197.108.189	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	NL Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
169.197.108.194	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	NL Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
169.197.108.196	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	NL Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
169.197.108.197	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	NL Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
169.197.108.203	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	NL Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
169.197.108.204	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	NL Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
169.197.108.206	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	NL Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
169.198.203.250	32	dbc	None	2020-05-22 00:00:00	2021-05-27 00:00:00	None	Unafilliated TO-S-2020-0559 Malicious Email Activity | updated by dbc Block expiration extended with reason Unafilliated TO-S-2020-0559.01 Malicious Email Activity
169.231.15.64	32	BMP	None	2021-02-23 00:00:00	2021-05-24 00:00:00	None	SERVER-WEBAPP Ulterius web server directory traversal attempt - 6hr Web Attacks (IP=64,US)
169.239.104.195	24	BMP	None	2021-04-29 00:00:00	2021-07-29 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - 6hr Web Attacks (IP=195,MZ)
169.239.220.0	22	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	ZA TO-S-2020-0298 Malicious Email Activity
169.239.92.0	22	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	LY Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
169.255.77.0	24	TLM	None	2021-07-29 00:00:00	2021-10-27 00:00:00	None	HIVE Case #5884 TO-S-2021-1435 (IP=0,ZA)
169.46.89.149	32	NAB	None	2020-10-30 00:00:00	2021-01-28 00:00:00	None	HIVE Case #4238 COLS-NA-TIP-20-0344 (IP=149,US)
169.46.89.154	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	US Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
169.47.124.25	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	US Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
169.51.60.221	24	EE	None	2021-04-20 00:00:00	2021-12-28 00:00:00	None	HIVE Case #6266 IOC_CVE-2021-22005 (IP=221,undefined) | updated by EE Block was inactive. Reactivated on 20210929 with reason HIVE Case #6266 IOC_CVE-2021-22005 (IP=221,undefined)
169.55.132.212	24	RR	None	2020-11-15 00:00:00	2021-02-13 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt - SourceFire (IP=212,CA)
169.60.157.23	32	NAB	None	2021-04-15 00:00:00	2021-07-14 00:00:00	None	HIVE Case #NA FP Security (IP=23,US)
169.62.254.79	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	US TO-S-2020-0750 Malicious Email Activity
169.62.27.183	32	NAB	None	2020-10-30 00:00:00	2021-01-28 00:00:00	None	HIVE Case #4235 COLS-NA-TIP-20-0338 (IP=183,US)
17.164.1.35	32	dbc	None	2020-05-22 00:00:00	2021-05-27 00:00:00	None	Unafilliated TO-S-2020-0559 Malicious Email Activity | updated by dbc Block expiration extended with reason Unafilliated TO-S-2020-0559.01 Malicious Email Activity
170.0.128.0	22	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	BR TO-S-2020-0331 Malicious Web Application Activity
170.0.48.0	22	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	BR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
170.10.161.83	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	US Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
170.10.162.88	32	dbc	None	2020-09-23 00:00:00	2021-09-23 00:00:00	None	US TO-S-2020-0826 Hive Case 3950 Malicious Email Activity
170.10.164.194	32	TLM	None	2021-07-29 00:00:00	2021-10-27 00:00:00	None	HIVE Case #5884 TO-S-2021-1435 (IP=194,US)
170.106.105.176	32	TLM	None	2021-07-29 00:00:00	2021-10-27 00:00:00	None	HIVE Case #5884 TO-S-2021-1435 (IP=176,US)
170.106.114.114	32	UA	None	2021-09-29 00:00:00	2021-12-28 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=114,US)
170.106.151.59	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	SG TO-S-2021-1007 Malicious Email Activity
170.106.202.113	24	BMP	None	2021-07-19 00:00:00	2021-10-17 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire (IP=113,SG)
170.106.203.12	32	ZH	None	2021-07-13 00:00:00	2021-10-11 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire Rpt (IP=12,US)
170.106.33.143	32	BMP	None	2021-08-15 00:00:00	2021-11-13 00:00:00	None	SERVER-WEBAPP Java XML deserialization remote code execution attempt (1:44315:3) - SoureFire (IP=143,US)
170.106.33.33	32	RR	None	2021-08-18 00:00:00	2021-11-16 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - SourceFire (IP=33,US)
170.106.34.79	32	UA	None	2021-08-16 00:00:00	2021-11-14 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt (1:19559:13) - Sourcefire (IP=79,US)
170.106.35.155	32	DT	None	2021-09-11 00:00:00	2021-12-10 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Source Fire (IP=155,US)
170.106.35.2	32	DT	None	2021-07-01 00:00:00	2021-09-30 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Source Fire (IP=2,US) | updated by AR Block expiration extended with reason INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFir
170.106.36.152	32	ZH	None	2021-06-18 00:00:00	2021-09-16 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire Rpt (IP=152,US)
170.106.36.178	32	RT	None	2021-06-23 00:00:00	2021-09-21 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire Report (IP=178,US)
170.106.36.196	32	BMP	None	2021-06-12 00:00:00	2021-09-10 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire (IP=196,US)
170.106.36.196	32	BMP	None	2021-06-12 00:00:00	2021-09-10 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire (IP=196,US)
170.106.36.200	32	BMP	None	2021-06-25 00:00:00	2021-09-23 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire (IP=200,US)
170.106.36.218	32	WR	None	2021-06-26 00:00:00	2021-09-24 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire (IP=218,US)
170.106.36.227	32	UA	None	2021-05-18 00:00:00	2021-08-16 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=227,US)
170.106.36.26	32	dbc	None	2019-12-17 00:00:00	2021-09-21 00:00:00	None	SG TO-S-2020-0187 Malware Activity | updated by BMP Block was inactive. Reactivated on 20210623 with reason INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire (IP=26,US) INDICATOR-SCAN DNS version.bind string
170.106.36.26	32	BMP	None	2021-06-23 00:00:00	2021-09-21 00:00:00	None	SG TO-S-2020-0187 Malware Activity | updated by BMP Block was inactive. Reactivated on 20210623 with reason INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire (IP=26,US) INDICATOR-SCAN DNS version.bind string
170.106.36.63	32	AR	None	2021-07-04 00:00:00	2021-10-02 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire (IP=63,US)
170.106.36.64	32	PS	None	2021-06-03 00:00:00	2021-09-01 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - SourceFire (1:42785:4) (IP=64,US)
170.106.36.64	32	PS	None	2021-06-03 00:00:00	2021-09-01 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - SourceFire (1:42785:4) (IP=64,US)
170.106.36.87	32	RT	None	2021-06-18 00:00:00	2021-09-16 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire Report (IP=87,US)
170.106.36.97	32	PS	None	2021-05-26 00:00:00	2021-08-24 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (1:42785:4) (IP=97,US)
170.106.36.97	32	PS	None	2021-05-26 00:00:00	2021-08-24 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (1:42785:4) (IP=97,US)
170.106.37.110	32	SW	None	2021-05-20 00:00:00	2021-08-19 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt SourceFire (IP=110,US)
170.106.37.136	32	RT	None	2021-06-18 00:00:00	2021-09-16 00:00:00	None	Malicious Activity - TT# 21C01336 (IP=136,US)
170.106.37.186	32	CR	None	2021-05-30 00:00:00	2021-08-28 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=186,US)
170.106.37.186	32	CR	None	2021-05-30 00:00:00	2021-08-28 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=186,US)
170.106.37.222	32	BMP	None	2021-06-26 00:00:00	2021-09-24 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire (IP=222,US)
170.106.37.224	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	US TO-S-2020-0750 Malicious Email Activity
170.106.37.231	32	AR	None	2021-06-22 00:00:00	2021-09-20 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire Report(IP=231,US)
170.106.37.237	32	BMP	None	2021-07-19 00:00:00	2021-10-17 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire (IP=237,US)
170.106.37.251	32	ZH	None	2021-06-24 00:00:00	2021-09-22 00:00:00	None	SG TO-S-2020-0187 Malware Activity | updated by ZH Block was inactive. Reactivated on 20210624 with reason INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire Rpt (IP=251,US) INDICATOR-SCAN DNS version.bind st
170.106.37.251	32	dbc	None	2019-12-17 00:00:00	2021-09-22 00:00:00	None	SG TO-S-2020-0187 Malware Activity | updated by ZH Block was inactive. Reactivated on 20210624 with reason INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire Rpt (IP=251,US) INDICATOR-SCAN DNS version.bind st
170.106.37.4	32	RT	None	2021-07-14 00:00:00	2021-10-12 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire Report (IP=4,US)
170.106.37.63	24	EE	None	2021-01-09 00:00:00	2021-04-09 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire (IP=63,SG)
170.106.37.63	32	RT	None	2021-06-04 00:00:00	2021-09-02 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire Report (IP=63,US)
170.106.38.117	32	AR	None	2021-06-30 00:00:00	2021-09-28 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire (IP=117,US)
170.106.38.178	32	SW	None	2021-05-26 00:00:00	2021-08-24 00:00:00	None	INDICATOR-SCAN DNS version.bind
170.106.38.178	32	SW	None	2021-05-26 00:00:00	2021-08-24 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - SourceFire (IP=178,US)
170.106.38.178	32	PS	None	2021-05-27 00:00:00	2021-08-25 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - SourceFire (1:42785:4) (IP=178,US)
170.106.38.205	32	CR	None	2021-05-13 00:00:00	2021-08-11 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=205,US)
170.106.38.23	32	ZH	None	2021-06-28 00:00:00	2021-09-26 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire Rpt (IP=23,US)
170.106.38.54	32	RT	None	2021-09-19 00:00:00	2021-12-18 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire Report (IP=54,US)
170.106.38.8	32	BMP	None	2021-06-12 00:00:00	2021-09-10 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire (IP=8,US)
170.106.38.8	32	BMP	None	2021-06-12 00:00:00	2021-09-10 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire (IP=8,US)
170.106.38.97	32	RT	None	2021-06-04 00:00:00	2021-09-02 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire Report (IP=97,US)
170.106.39.104	32	RR	None	2021-08-18 00:00:00	2021-11-16 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - SourceFire (IP=104,US)
170.106.39.73	32	BMP	None	2021-08-14 00:00:00	2021-11-12 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire (IP=73,US)
170.106.40.12	32	DT	None	2021-06-24 00:00:00	2021-09-22 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Source Fire (IP=12,US)
170.106.40.46	32	DT	None	2021-06-28 00:00:00	2021-09-26 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Source Fire (IP=46,US)
170.106.40.80	32	AR	None	2021-07-06 00:00:00	2021-10-04 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire (IP=80,US)
170.106.50.110	32	UA	None	2021-08-09 00:00:00	2021-11-07 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire (IP=110,US)
170.106.50.211	32	DT	None	2021-08-04 00:00:00	2021-11-02 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Source Fire (IP=211,US)
170.106.52.127	32	KH	None	2021-08-16 00:00:00	2021-11-14 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire (IP=127,US)
170.106.52.129	32	BMP	None	2021-06-26 00:00:00	2021-09-24 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire (IP=129,US)
170.106.52.142	32	UA	None	2021-08-14 00:00:00	2021-11-12 00:00:00	None	SERVER-WEBAPP Sonatype Nexus Repository Manager remote code execution attempt (1:50533:1) - SourceFire Report (IP=142,US)
170.106.52.150	32	UA	None	2021-08-13 00:00:00	2021-11-11 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire - (IP=150,US)
170.106.52.175	32	RT	None	2021-07-14 00:00:00	2021-10-12 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire Report (IP=175,US)
170.106.65.53	32	DT	None	2021-06-28 00:00:00	2021-09-26 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Source Fire (IP=53,US)
170.106.66.204	32	BMP	None	2021-08-08 00:00:00	2021-11-06 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire (IP=204,US)
170.106.66.220	32	KH	None	2021-08-03 00:00:00	2021-11-01 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire (IP=220,US)
170.106.67.19	32	RT	None	2021-06-08 00:00:00	2021-09-06 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire Report (IP=19,US)
170.106.67.30	32	RT	None	2021-09-03 00:00:00	2021-12-02 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SOURCEFIRE REPORT (IP=30,US)
170.106.67.37	32	RW	None	2021-06-25 00:00:00	2021-09-23 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire (IP=37,US)
170.106.67.55	32	RT	None	2021-06-08 00:00:00	2021-09-06 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire Report (IP=55,US)
170.106.7.228	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	US TO-S-2020-0493 Malware Activity
170.106.72.214	32	ZH	None	2021-06-24 00:00:00	2021-09-22 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire Rpt (IP=214,US)
170.106.72.214	24	CR	None	2019-06-14 00:00:00	2021-08-27 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt- SourceFire (IP=214,SG) | updated by RB with reason INDICATOR-SCAN DNS version.bind string information disclosure attempt_Sourcefire (IP=214,US) | 2020-01-03 | 2019-09-14 | updated
170.106.75.120	32	RT	None	2021-08-11 00:00:00	2021-11-09 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire Report (IP=120,US)
170.106.75.140	32	DT	None	2021-06-24 00:00:00	2021-09-22 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Source Fire (IP=140,US)
170.106.75.215	32	KH	None	2021-08-03 00:00:00	2021-11-01 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire (IP=215,US)
170.106.76.105	32	BMP	None	2021-06-04 00:00:00	2021-09-02 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire (IP=105,US)
170.106.76.152	32	RW	None	2019-10-11 00:00:00	2021-09-13 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=152,US) | updated by KD Block was inactive. Reactivated on 20210614 with reason INDICATOR-SCAN DNSversion.bindstring information disclosure attempt(1:42785:4) - Sourc
170.106.76.152	32	KD	None	2021-06-14 00:00:00	2021-09-13 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=152,US) | updated by KD Block was inactive. Reactivated on 20210614 with reason INDICATOR-SCAN DNSversion.bindstring information disclosure attempt(1:42785:4) - Sourc
170.106.76.163	32	GM	None	2019-10-21 00:00:00	2021-08-30 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=163,US) | updated by ZH Block was inactive. Reactivated on 20210601 with reason INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - S
170.106.76.163	32	ZH	None	2021-06-01 00:00:00	2021-08-30 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=163,US) | updated by ZH Block was inactive. Reactivated on 20210601 with reason INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - S
170.106.76.194	32	AR	None	2021-06-30 00:00:00	2021-09-28 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=194,US) | updated by AR Block was inactive. Reactivated on 20210630 with reason INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - So
170.106.76.194	32	RW	None	2019-10-11 00:00:00	2021-09-28 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=194,US) | updated by AR Block was inactive. Reactivated on 20210630 with reason INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - So
170.106.76.219	32	ZH	None	2021-07-13 00:00:00	2021-10-11 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=219,US) | updated by ZH Block was inactive. Reactivated on 20210713 with reason INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire Rpt (IP=219,US) INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire Rpt (IP=219,US)
170.106.76.219	32	RW	None	2019-10-11 00:00:00	2021-10-11 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=219,US) | updated by ZH Block was inactive. Reactivated on 20210713 with reason INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire Rpt (IP=219,US) INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire Rpt (IP=219,US)
170.106.76.22	32	RT	None	2021-05-20 00:00:00	2021-08-19 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire (IP=22,US)
170.106.76.27	32	BMP	None	2021-07-03 00:00:00	2021-10-01 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire (IP=27,US)
170.106.76.4	32	AR	None	2021-05-25 00:00:00	2021-08-23 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=4,US) | updated by AR Block was inactive. Reactivated on 20210525 with reason INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4)- Sour
170.106.76.4	32	GM	None	2019-10-17 00:00:00	2021-08-23 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=4,US) | updated by AR Block was inactive. Reactivated on 20210525 with reason INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4)- Sour
170.106.76.81	32	RT	None	2021-06-08 00:00:00	2021-09-06 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire Report (IP=81,US)
170.106.80.142	32	RB	None	2019-10-13 00:00:00	2021-08-25 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt_Sourcefire (IP=142 US) | updated by RT Block was inactive. Reactivated on 20210527 with reason INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire Report
170.106.80.142	32	RT	None	2021-05-27 00:00:00	2021-08-25 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt_Sourcefire (IP=142 US) | updated by RT Block was inactive. Reactivated on 20210527 with reason INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire Report
170.106.80.27	32	RT	None	2021-07-10 00:00:00	2021-10-08 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire Report (IP=27,US)
170.106.80.27	32	RT	None	2021-07-10 00:00:00	2021-10-08 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire Report (IP=27,US)
170.106.80.86	32	AR	None	2021-06-22 00:00:00	2021-09-20 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire Report (IP=86,US)
170.106.81.217	32	ZH	None	2021-06-01 00:00:00	2021-08-30 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire Report (IP=217,US)
170.106.81.217	32	ZH	None	2021-06-01 00:00:00	2021-08-30 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire Report (IP=217,US) INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire Report (IP=217,US)
170.106.81.221	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
170.106.81.231	24	BMP	None	2021-05-29 00:00:00	2021-08-27 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire (IP=231,CN)
170.106.81.235	32	RT	None	2021-09-19 00:00:00	2021-12-18 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire Report (IP=235,US)
170.106.81.25	32	RB	None	2019-10-13 00:00:00	2021-08-16 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt_Sourcefire (IP=25 US) | updated by ZH Block was inactive. Reactivated on 20210518 with reason INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Source
170.106.81.25	32	ZH	None	2021-05-18 00:00:00	2021-08-16 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt_Sourcefire (IP=25 US) | updated by ZH Block was inactive. Reactivated on 20210518 with reason INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Source
170.106.83.17	32	BMP	None	2021-08-15 00:00:00	2021-11-13 00:00:00	None	SERVER-WEBAPP Java XML deserialization remote code execution attempt (1:44315:3) - SoureFire (IP=17,US)
170.106.84.100	32	RB	None	2019-06-24 00:00:00	2021-09-14 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt_Sourcefire (IP=100,US) | updated by RB with reason INDICATOR-SCAN DNS version.bind string information disclosure attempt_Sourcefire (IP=100,US) | 2020-01-03 | 2019-09-22 | updated
170.106.84.58	32	RW	None	2019-10-15 00:00:00	2021-08-30 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt- Sourcefire (IP=58,US) | updated by BMP Block was inactive. Reactivated on 20210601 with reason INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sou
170.106.84.83	32	RB	None	2019-06-20 00:00:00	2021-10-10 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt_Sourcefire (IP=83,US) | updated by CR with reason INDICATOR-SCAN DNS version.bind string information disclosure attempt_Sourcefire (IP=83,SG) | updated by DT Block was inactive. Reactivated on 20210712 with reason INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Source Fire (IP=83,US)
170.130.187.10	32	EE	None	2021-01-22 00:00:00	2021-08-30 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire (IP=10,US) | updated by CR Block was inactive. Reactivated on 20210511 with reason INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sou
170.130.187.14	32	EE	None	2021-02-06 00:00:00	2021-05-06 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire (IP=14,US)
170.130.187.18	24	BMP	None	2021-02-13 00:00:00	2021-08-12 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire (IP=18,US) | updated by BMP Block was inactive. Reactivated on 20210514 with reason INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:4
170.130.187.2	32	EE	None	2021-01-26 00:00:00	2021-04-26 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire (IP=187,US)
170.130.187.22	32	EE	None	2021-02-07 00:00:00	2021-05-07 00:00:00	None	INDICATOR-SCAN DNS version.bind string (1:42785:4) - SourceFire (IP=22,US)
170.130.187.38	32	RW	None	2020-01-18 00:00:00	2021-04-22 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=38,US) | updated by RW Block expiration extended with reason Authentication Failed - 6hr Failed Logon(IP=38,US) | updated by EE Block was inactive. Reactivated on 20210121 with reason INDICATOR-SCAN DNS vers
170.130.187.42	32	RW	None	2021-01-21 00:00:00	2021-04-21 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=42,US)
170.130.187.58	32	CR	None	2021-05-13 00:00:00	2021-08-11 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=58,US)
170.130.187.6	32	ZH	None	2021-06-01 00:00:00	2021-08-30 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire Report (IP=6,US)
170.178.190.0	24	dbc	None	2020-09-17 00:00:00	2021-09-17 00:00:00	None	CN TO-S-2020-0805 Malicious Email Activity
170.178.223.226	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=226,US)
170.210.46.3	24	EE	None	2021-04-02 00:00:00	2021-07-01 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=3,AR)
170.210.46.9	32	srm	None	2021-03-30 00:00:00	2021-06-30 00:00:00	None	Firepower Suspicious Scan Activity (IP=9,AR)
170.238.36.0	22	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	BR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
170.238.36.20	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	CH Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
170.239.228.0	22	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	BR TO-S-2020-0303 Malicious Email Activity
170.239.255.191	24	RW	None	2021-04-23 00:00:00	2021-07-23 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6 hr failed logons (IP=191,BR)
170.239.85.129	24	BMP	None	2021-06-01 00:00:00	2021-08-30 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=129,CL)
170.244.104.0	22	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	BR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
170.244.220.0	22	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	BR TO-S-2020-0298 Malicious Email Activity
170.244.220.115	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	BR TO-S-2020-0298 Malicious Email Activity
170.244.76.199	32	srm	None	2021-01-28 00:00:00	2021-04-28 00:00:00	None	Firepower Suspicious Scan Activity (IP=199,BR)
170.245.12.0	22	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	BR TO-S-2020-0298 Malicious Email Activity
170.245.124.0	22	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	BR TO-S-2020-0298 Malicious Email Activity
170.245.128.0	22	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	BR TO-S-2020-0298 Malicious Email Activity
170.245.156.0	23	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	BR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
170.245.172.0	22	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	BR TO-S-2020-0303 Malicious Email Activity
170.245.175.177	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	BR TO-S-2020-0303 Malicious Email Activity
170.245.59.144	32	wmp	None	2021-06-29 00:00:00	2021-09-29 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=144,HN)
170.247.112.0	22	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	BR TO-S-2020-0303 Malicious Email Activity
170.247.28.0	22	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	BR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
170.247.4.0	22	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	BR TO-S-2020-0303 Malicious Email Activity
170.247.60.0	22	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5637 TO-S-2021-1321 (IP=0,BR)
170.249.192.186	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
170.249.195.178	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	US TO-S-2020-0698 Malicious Email Activity
170.254.188.0	22	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	BR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
170.254.192.0	22	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	BR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
170.254.236.0	22	NAB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HIVE Case #5136 TO-S-21-1197 TO-S-21-1197.01 (IP=0,BR)
170.33.8.8	32	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5629 TO-S-2021-1303 (IP=8,SG)
170.39.212.216	32	dbc	None	2020-09-17 00:00:00	2021-09-17 00:00:00	None	US TO-S-2020-0805 Malicious Email Activity
170.39.76.40	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
170.75.162.226	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	CA Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
170.78.160.0	22	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	BR TO-S-2020-0331 Malicious Web Application Activity
170.78.176.0	22	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	BR TO-S-2020-0303 Malicious Email Activity
170.78.220.0	22	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	AR TO-S-2020-0303 Malicious Email Activity
170.78.74.0	24	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,AR)
170.80.188.0	23	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,BR)
170.80.56.0	22	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	BR TO-S-2020-0298 Malicious Email Activity
170.81.48.0	22	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	BR TO-S-2021-0876 Hive Case 4166 Malware Activity
170.81.92.0	22	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	BR TO-S-2020-0331 Malicious Web Application Activity
170.82.20.0	22	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	BR TO-S-2020-0298 Malicious Email Activity
170.82.4.0	22	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	BR TO-S-2020-0298 Malicious Email Activity
170.84.208.0	22	kmw	None	2020-01-02 00:00:00	2021-01-02 00:00:00	None	CL TO-S-2020-0228 Malicious Email Activity
170.84.76.0	22	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	BR TO-S-2020-0331 Malicious Web Application Activity
170.84.92.0	22	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	BR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
171.100.12.0	24	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	TH TO-S-2021-0941 Hive Case 4361 Malware Activity
171.100.18.131	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	TH TO-S-2020-0298 Malicious Email Activity
171.100.239.60	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	TH Hive Case 4237 TO-S-2021-0910 Malicious Web Application Activity
171.103.140.0	22	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	TH TO-S-2020-0315 Malicious Web Application Activity
171.103.172.0	22	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	TH Hive Case 4187 TO-S-2021-0898 Malware Activity
171.103.32.0	22	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	TH TO-S-2020-0298 Malicious Email Activity
171.103.38.182	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	TH TO-S-2020-0331 Malicious Web Application Activity
171.103.52.0	22	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,TH)
171.104.126.196	32	wmp	None	2021-01-29 00:00:00	2021-04-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=196,CN)
171.111.47.16	24	ZH	None	2021-06-27 00:00:00	2021-09-25 00:00:00	None	SERVER-WEBAPP Linksys E-series HNAP TheMoon remote code execution attempt - 6hr Web Attacks (IP=16,CN)
171.118.18.184	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=184,CN)
171.118.71.165	32	wmp	None	2021-01-29 00:00:00	2021-04-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=165,CN)
171.123.154.101	24	KH	None	2021-09-22 00:00:00	2021-12-21 00:00:00	None	Generic URI Injection wget Attempt - Sourcefire (IP=101,CN)
171.212.162.109	32	srm	None	2021-03-30 00:00:00	2021-06-30 00:00:00	None	Firepower Suspicious Scan Activity (IP=109,CN)
171.212.4.245	24	FT	None	2020-10-04 00:00:00	2021-01-04 00:00:00	None	SERVER-WEBAPP F5 BIG-IP Traffic Management User Interface remote code execution attempt - SourceFire (IP=245,CN)
171.22.137.23	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=23,US)
171.22.76.19	32	RW	None	2021-07-05 00:00:00	2021-10-03 00:00:00	None	POLICY-OTHER PHP uri tag injection attempt (1:23111:14) - Sourcefire (IP=19,US)
171.22.76.24	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	US TO-S-2021-1007 Malware Activity
171.22.76.8	32	BMP	None	2021-06-23 00:00:00	2021-09-21 00:00:00	None	CVE-2019-19781 Citrix NetScaler ADC and NetScaler Gateway - Hive Case 5680 (IP=8,US)
171.22.76.82	32	ZH	None	2021-06-27 00:00:00	2021-09-25 00:00:00	None	SQL injection - 6hr Web Attacks (IP=82,US)
171.224.178.101	24	RB	None	2021-02-06 00:00:00	2021-05-07 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt -6hr failed logons (IP=101,VN)
171.224.180.58	24	AR	None	2021-08-29 00:00:00	2021-11-27 00:00:00	None	SERVER-WEBAPP JBoss web console access attempt (1:24342:4) - SourceFire Report (IP=58,VN)
171.225.203.194	24	KD	None	2021-06-16 00:00:00	2021-09-15 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt (1:19559:13) - Source fire (IP=194,VN)
171.225.203.194	24	KD	None	2021-06-16 00:00:00	2021-09-15 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt (1:19559:13)- Source fire (IP=194,VN)
171.225.203.194	24	KD	None	2021-06-16 00:00:00	2021-09-14 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6hr Failed Logons (IP=194,VN)
171.225.253.110	24	RW	None	2021-04-09 00:00:00	2021-07-09 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - Sourcefire (IP=110,VN)
171.225.255.88	24	AR	None	2021-09-11 00:00:00	2021-12-10 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6Hr Failed Logons (IP=88,VN)
171.229.7.20	24	RR	None	2021-05-30 00:00:00	2021-08-28 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt ) - SourceFire (IP=20,VN)
171.233.143.179	24	RT	None	2021-05-27 00:00:00	2021-08-25 00:00:00	None	POLICY-OTHER PHP uri tag injection attempt - Sourcefire Report (IP=179,VN)
171.236.69.214	24	RR	None	2021-05-19 00:00:00	2021-08-17 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - SourceFire (IP=214,VN)
171.237.155.46	24	RW	None	2021-07-17 00:00:00	2021-10-15 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt (1:19559:13) - Sourcefire (IP=46,VN)
171.239.129.57	24	DT	None	2021-06-18 00:00:00	2021-09-16 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (1:42857:3) - Source Fire (IP=57,VN)
171.239.133.112	24	RR	None	2021-03-08 00:00:00	2021-06-06 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - Web Attacks (IP=112,VN)
171.241.109.52	24	EE	None	2021-03-10 00:00:00	2021-06-10 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt (1:19559:13) - SourceFire (IP=52,VN)
171.244.143.48	32	NAB	None	2020-10-30 00:00:00	2021-01-28 00:00:00	None	HIVE Case #4238 COLS-NA-TIP-20-0344 (IP=48,VN)
171.247.103.38	32	RR	None	2021-09-17 00:00:00	2021-12-16 00:00:00	None	Attempted Access - Inbound Brute Force/SSH: SSH Login Bruteforce Detected - IR# 21C01878 (IP=38,VN)
171.247.103.38	32	RR	None	2021-09-17 00:00:00	2021-12-16 00:00:00	None	Attempted Access - Inbound Brute Force/SSH: SSH Login Bruteforce Detected - IR# 21C01878 (IP=38,VN)
171.249.180.120	24	GM	None	2020-10-24 00:00:00	2021-01-24 00:00:00	None	OS-OTHER Bash CGI environment variable injection attempt - Web Attacks (IP=120,VN)
171.25.164.0	22	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	RU Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
171.251.235.229	24	FT	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6hr failed logons (IP=229,VN)
171.251.26.14	24	BB	None	2021-07-30 00:00:00	2021-10-30 00:00:00	None	Attempted Access - Inbound Brute Force - TT# 21C01497 (IP=14,VN)
171.252.154.50	24	UA	None	2021-07-11 00:00:00	2021-10-09 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt (1:19559:13) - Sourcefire (IP=50,VN)
171.252.155.228	24	RW	None	2021-04-10 00:00:00	2021-07-10 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - Sourcefire (IP=228,VN)
171.255.75.89	24	EE	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - Failed Logon (IP=89,VN)
171.33.253.201	24	BB	None	2021-08-02 00:00:00	2021-10-31 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt (1:19559:13) - SourceFire (IP=201,RU)
171.34.112.170	32	srm	None	2021-04-20 00:00:00	2021-07-19 00:00:00	None	Firepower Suspicious Scan Activity (IP=170,CN)
171.35.174.198	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=198,CN)
171.4.162.16	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=16,TH)
171.4.217.54	24	CR	None	2021-05-13 00:00:00	2021-08-11 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - Sourcefire (IP=54,TH)
171.4.230.151	32	TLM	None	2021-06-10 00:00:00	2021-12-10 00:00:00	None	HIVE CASE #5606 TO-S-2021-1338
171.4.92.220	24	RR	None	2021-05-23 00:00:00	2021-08-21 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - SourceFire (IP=220,TH)
171.48.74.236	24	JKC	None	2020-04-13 00:00:00	2021-04-13 00:00:00	None	CTR-20-0629 MALWARE CAMPAIGN HIVE CASE #2512 (IP=263, IN)
171.48.74.236	32	dbc	None	2020-06-10 00:00:00	2021-06-10 00:00:00	None	IN TO-S-2020-0601 Malware Activity
171.5.223.155	24	CR	None	2021-05-11 00:00:00	2021-08-11 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt_Sourcefire (IP=155,TH)
171.50.162.69	24	FT	None	2021-04-10 00:00:00	2021-07-09 00:00:00	None	SQL generic sql with comments injection attempt - GET parameter (1:16431:6) - SourceFire (IP=69,IN)
171.6.245.115	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=115,TH)
171.67.70.80	32	RR	None	2019-06-21 00:00:00	2021-02-14 00:00:00	None	Unauthorized Access-Probe - TT# 19C02363 (IP=80,US) | updated by dbc Block was inactive. Reactivated on 20200214 with reason US TO-S-2020-0298 Malicious Email Activity
171.7.251.106	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=106,TH)
171.76.178.66	24	JKC	None	2020-04-13 00:00:00	2021-04-13 00:00:00	None	CTR-20-0629 MALWARE CAMPAIGN HIVE CASE #2512 (IP=66, IN)
171.76.178.66	32	dbc	None	2020-06-10 00:00:00	2021-06-10 00:00:00	None	IN TO-S-2020-0601 Malware Activity
171.88.42.166	24	AR	None	2021-07-12 00:00:00	2021-10-10 00:00:00	None	SSH User Authentication Brute Force Attempt - 6 Hr Failed Logon (IP=166,CN)
171.88.42.166	24	ABC	None	2021-07-12 00:00:00	2021-10-10 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt (IP=166,CN)
171.88.8.37	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=37,CN)
171.88.8.37	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=37,CN)
171.96.204.138	24	FT	None	2021-04-25 00:00:00	2021-07-25 00:00:00	None	No Authentication Required - 6hr FAILED lOGONS (IP=138,TH)
171.97.169.240	24	RW	None	2021-04-28 00:00:00	2021-07-28 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6 hr failed logons (IP=240,TH)
172.103.37.254	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=254,US)
172.104.100.99	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	JP TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
172.104.11.83	32	RB	None	2021-05-14 00:00:00	2021-08-12 00:00:00	None	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - TT# 21C01170 (IP=83,US)
172.104.122.160	24	RR	None	2021-03-09 00:00:00	2021-06-07 00:00:00	None	SERVER-WEBAPP NUUO NVRmini upgrade_handle.php command injection attempt - Web Attacks (IP=160,JP)
172.104.13.141	32	CR	None	2021-05-06 00:00:00	2021-08-04 00:00:00	None	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - 21C01128 (IP=141,US)
172.104.136.65	32	RB	None	2021-02-17 00:00:00	2021-05-16 00:00:00	None	Nmap Scanner Traffic Detected - IPS Events (IP=65,DE)
172.104.139.66	32	wmp	None	2021-06-15 00:00:00	2021-09-15 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=66,DE)
172.104.139.66	24	EE	None	2021-01-08 00:00:00	2021-04-08 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire (IP=66,DE)
172.104.143.45	24	UA	None	2021-07-10 00:00:00	2021-10-08 00:00:00	None	SQL injection - Web Attacks (IP=45,DE)
172.104.145.182	24	RT	None	2021-05-27 00:00:00	2021-08-25 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire Report (IP=182,DE)
172.104.147.96	32	wmp	None	2021-03-11 00:00:00	2021-06-11 00:00:00	None	ArcSight High Attacker (IP=96,DE)
172.104.15.73	32	RT	None	2021-05-27 00:00:00	2021-08-25 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire Report (IP=73,US)
172.104.155.193	24	RT	None	2021-05-27 00:00:00	2021-08-25 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire Report (IP=193,DE)
172.104.157.23	32	srm	None	2021-04-28 00:00:00	2021-07-27 00:00:00	None	Firepower Suspicious Scan Activity (IP=23,DE)
172.104.157.41	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	DE TO-S-2021-1007 Malicious Email Activity
172.104.161.109	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	SG TO-S-2020-0459 Malware Activity
172.104.169.32	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	SG TO-S-2021-0876 Hive Case 4166 Malware Activity
172.104.174.197	32	srm	None	2021-04-28 00:00:00	2021-07-27 00:00:00	None	Firepower Suspicious Scan Activity (IP=197,SG)
172.104.174.197	32	srm	None	2021-04-28 00:00:00	2021-07-27 00:00:00	None	Firepower Suspicious Scan Activity (IP=197,SG)
172.104.178.71	24	ZH	None	2021-07-03 00:00:00	2021-10-02 00:00:00	None	HTTP SQL Injection Attempt - 6hr Web Attacks (IP=71,SG) | updated by BMP Block expiration extended with reason Command Injection - ArcSight (IP=71,SG)
172.104.182.11	24	RT	None	2021-05-27 00:00:00	2021-08-25 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire Report (IP=11,SG)
172.104.187.254	24	RW	None	2021-03-31 00:00:00	2021-06-30 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Sourcefire (IP=254,SG)
172.104.19.152	32	BMP	None	2021-02-02 00:00:00	2021-05-02 00:00:00	None	SQL injection - 6hr Web Attacks (IP=152,US)
172.104.19.180	32	RT	None	2021-09-01 00:00:00	2021-11-30 00:00:00	None	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - TT# 21C01722 (IP=180,US)
172.104.19.96	32	RT	None	2021-09-01 00:00:00	2021-11-30 00:00:00	None	Multiple IP Block/HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - TT# 21C01731 (IP=96,US)
172.104.20.176	32	BMP	None	2021-08-07 00:00:00	2021-11-05 00:00:00	None	SERVER-WEBAPP Apache Struts remote code execution attempt (1:47649:1) - SourceFire (IP=176,US)
172.104.20.75	32	BMP	None	2021-08-07 00:00:00	2021-11-05 00:00:00	None	HTTP: SQL Injection - Exploit - 6hr Web Attacks (IP=75,US)
172.104.208.241	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	US TO-S-2020-0750 Malware Activity
172.104.209.115	32	RW	None	2021-03-06 00:00:00	2021-06-06 00:00:00	None	HTTP: SQL Injection - Exploit - 6hr web attacks (IP=115,US)
172.104.209.55	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	US TO-S-2020-0750 Malware Activity
172.104.21.112	32	BMP	None	2021-08-23 00:00:00	2021-11-21 00:00:00	None	SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1272 attack attempt - 6hr Web Attacks (IP=112,US)
172.104.210.184	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	US TO-S-2020-0750 Malware Activity
172.104.210.193	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	US TO-S-2020-0750 Malware Activity
172.104.210.229	32	ZH	None	2021-07-20 00:00:00	2021-10-18 00:00:00	None	SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1272 attack attempt - 6hr Web Attacks (IP=229,US)
172.104.210.233	32	BMP	None	2021-08-23 00:00:00	2021-11-21 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - 6hr Web Attacks (IP=233,US)
172.104.210.59	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	US TO-S-2020-0298 Malware Activity
172.104.211.117	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	US TO-S-2020-0750 Malware Activity
172.104.211.160	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	US TO-S-2020-0750 Malware Activity
172.104.212.184	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	US TO-S-2020-0750 Malware Activity
172.104.212.202	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	US TO-S-2020-0750 Malware Activity
172.104.212.4	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	US TO-S-2020-0750 Malware Activity
172.104.213.65	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	US TO-S-2020-0750 Malware Activity
172.104.213.71	32	wmp	None	2020-09-16 00:00:00	2021-10-21 00:00:00	None	HIVE Case #3904 COLS-NA-TIP-20-0292 (IP=71,US) | updated by dbc Block expiration extended with reason US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
172.104.214.114	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	US TO-S-2020-0298 Malware Activity
172.104.214.199	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	US TO-S-2020-0750 Malware Activity
172.104.215.170	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	US TO-S-2020-0750 Malware Activity
172.104.216.43	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	US TO-S-2020-0750 Malware Activity
172.104.218.146	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	US TO-S-2020-0750 Malware Activity
172.104.218.166	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	US TO-S-2020-0750 Malware Activity
172.104.219.210	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	US TO-S-2020-0750 Malware Activity
172.104.22.146	32	RB	None	2021-01-10 00:00:00	2021-04-11 00:00:00	None	Suspicious Scan Activity - Hive Case #4744 (IP=146,US) | updated by BMP Block expiration extended with reason Backdoor.TROCHILUS - Hive Case 4744 (IP=146,US)
172.104.227.229	24	UA	None	2021-07-10 00:00:00	2021-10-08 00:00:00	None	SQL injection - Web Attacks (IP=229,DE)
172.104.230.50	24	FT	None	2021-03-14 00:00:00	2021-06-14 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=50,DE)
172.104.239.164	24	ZH	None	2021-07-05 00:00:00	2021-10-03 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire Rpt (IP=164,DE)
172.104.241.24	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	DE TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
172.104.242.173	32	RW	None	2019-11-04 00:00:00	2021-02-14 00:00:00	None	Generic ArcSight scan attempt (IP=173,US) | updated by dbc Block was inactive. Reactivated on 20200214 with reason DE TO-S-2020-0298 Malicious Email Activity
172.104.245.214	24	RW	None	2020-11-30 00:00:00	2021-03-02 00:00:00	None	SERVER-WEBAPP JBoss admin-console access - Sourcefire (IP=214,IN)
172.104.26.132	32	BMP	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=132,US)
172.104.27.219	32	DT	None	2021-09-06 00:00:00	2021-12-05 00:00:00	None	SERVER-WEBAPP Atlassian Confluence OGNL injection remote code execution attempt (1:58094:1) - Source Fire (IP=219,US)
172.104.27.232	32	DT	None	2021-09-06 00:00:00	2021-12-05 00:00:00	None	SERVER-WEBAPP Atlassian Confluence OGNL injection remote code execution attempt (1:58094:1) - Source Fire (IP=232,US)
172.104.29.67	32	RR	None	2021-06-05 00:00:00	2021-09-03 00:00:00	None	SERVER-WEBAPP Ruby on Rails render file directory traversal attempt - Web Attacks (IP=67,US)
172.104.34.53	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	SG TO-S-2020-0459 Malware Activity
172.104.45.127	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	SG Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
172.104.47.30	24	FT	None	2021-03-15 00:00:00	2021-06-15 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=30,SG)
172.104.49.38	32	BMP	None	2021-04-27 00:00:00	2021-07-26 00:00:00	None	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - TT# 21C01093 (IP=38,US)
172.104.53.107	24	RW	None	2020-12-27 00:00:00	2021-03-27 00:00:00	None	Authentication Failure - 6 hr failed logons (IP=107,SG)
172.104.53.107	32	wmp	None	2021-05-13 00:00:00	2021-08-13 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=107,SG)
172.104.6.146	32	RR	None	2021-05-19 00:00:00	2021-08-17 00:00:00	None	SERVER-WEBAPP Klog Server authenticate.php user command injection attempt - SourceFire (IP=146,US)
172.104.6.146	24	RR	None	2021-05-20 00:00:00	2021-08-18 00:00:00	None	Joomla
172.104.8.237	32	BMP	None	2021-06-04 00:00:00	2021-09-03 00:00:00	None	HTTP: Apache Struts2 XML Deserialization Remote Code Execution (CVE-2017-9805) - TT# 21C01261 (IP=237,US) | updated by RR Block expiration extended with reason SERVER-WEBAPP Apache Unomi OGNL MVEL2 remote command execution attempt - Web Attacks (IP=237,
172.104.9.235	32	RW	None	2021-03-06 00:00:00	2021-06-06 00:00:00	None	HTTP: Adobe ColdFusion Directory Traversal Information Disclosure Vulnerability - 6hr web attacks (IP=11,HK)
172.104.90.179	32	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	JP TO-S-2020-0315 Malware Activity
172.104.91.16	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	JP Hive Case 4187 TO-S-2021-0898 Malicious Web Application Activity
172.105.101.98	32	wmp	None	2021-05-27 00:00:00	2021-08-27 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=98,CA)
172.105.106.62	24	BMP	None	2021-01-11 00:00:00	2021-04-11 00:00:00	None	Backdoor.TROCHILUS - Hive Case 4744 (IP=62,CA)
172.105.11.111	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	CA Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
172.105.110.231	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	CA TO-S-2021-1007 Malicious Email Activity
172.105.111.151	32	srm	None	2021-04-28 00:00:00	2021-07-27 00:00:00	None	Firepower Suspicious Scan Activity (IP=151,CA)
172.105.117.26	32	BMP	None	2020-05-10 00:00:00	2021-09-15 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=26,US) | updated by wmp Block was inactive. Reactivated on 20210615 with reason ArcSight ESM High Attacker Suspicious Scan Activity (IP=26,SG)
172.105.123.10	32	dbc	None	2020-06-08 00:00:00	2021-06-08 00:00:00	None	SG TO-S-2020-0592 Malicious Email Activity
172.105.13.75	24	EE	None	2021-04-12 00:00:00	2021-07-11 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire (IP=75,CA)
172.105.147.12	32	DT	None	2020-10-08 00:00:00	2021-01-08 00:00:00	None	Unauthorized Access-Probe/UDP: Host Sweep - IR# 21C00066 (IP=12,US)
172.105.147.13	24	BMP	None	2021-05-14 00:00:00	2021-08-12 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire (IP=13,US)
172.105.147.15	32	GM	None	2021-02-13 00:00:00	2021-05-13 00:00:00	None	Unauthorized Access-Probe - TT # 21C00497 (IP=15,US)
172.105.147.44	32	GM	None	2020-10-08 00:00:00	2021-01-08 00:00:00	None	Unauthorized Access-Probe/UDP: Host Sweep - IR # 21C00059 (IP=44,US)
172.105.147.45	32	RB	None	2020-10-27 00:00:00	2021-01-25 00:00:00	None	Unauthorized Access-Probe / UDP: Host Sweep - TT# 21C00183 (IP=45,US)
172.105.147.50	32	BMP	None	2021-05-05 00:00:00	2021-08-03 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire (IP=50,US)
172.105.147.53	32	GM	None	2020-10-02 00:00:00	2021-01-02 00:00:00	None	Unauthorized Access-Probe - TT # 21C00012 (IP=53,US)
172.105.147.58	32	CR	None	2021-05-13 00:00:00	2021-08-11 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=58,US)
172.105.147.60	32	RB	None	2020-10-27 00:00:00	2021-01-25 00:00:00	None	Unauthorized Access-Probe / UDP: Host Sweep - TT# 21C00186 (IP=60,US)
172.105.147.63	24	RR	None	2021-01-08 00:00:00	2021-04-08 00:00:00	None	SSLv2 Client Hello Request Detected - IPS Events (IP=63,US)
172.105.15.33	32	srm	None	2021-04-28 00:00:00	2021-07-27 00:00:00	None	Firepower Suspicious Scan Activity (IP=33,CA)
172.105.157.180	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	US TO-S-2020-0535 Malicious Email Activity
172.105.16.137	24	EE	None	2021-04-12 00:00:00	2021-07-11 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire (IP=137,CA)
172.105.172.122	32	wmp	None	2021-04-29 00:00:00	2021-07-29 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=122,AU)
172.105.18.72	32	NAB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HIVE Case #5136 TO-S-21-1197 TO-S-21-1197.01 (IP=72,CA)
172.105.192.79	24	BB	None	2021-07-06 00:00:00	2021-10-04 00:00:00	None	INDICATOR-OBFUSCATION known suspicious decryption routine - SourceFire (IP=79,JP)
172.105.207.193	24	RW	None	2020-10-20 00:00:00	2021-01-20 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Sourcefire (IP=193,JP)
172.105.207.92	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	US TO-S-2020-0750 Malicious Email Activity
172.105.22.59	24	RB	None	2021-01-10 00:00:00	2021-04-11 00:00:00	None	Suspicious Scan Activity - Hive Case #4744 (IP=59,CA) | updated by BMP Block expiration extended with reason Backdoor.TROCHILUS - Hive Case 4744 (IP=59,CA)
172.105.24.105	32	wmp	None	2021-06-29 00:00:00	2021-09-29 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=105,CA)
172.105.249.157	32	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5637 TO-S-2021-1321 (IP=157,DE)
172.105.26.142	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	CA Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
172.105.28.83	24	EE	None	2021-04-19 00:00:00	2021-07-19 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire (IP=83,CA) | updated by RW Block expiration extended with reason INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=83,CA)
172.105.28.83	24	RW	None	2021-04-19 00:00:00	2021-07-19 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire (IP=83,CA) | updated by RW Block expiration extended with reason INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=83,CA)
172.105.3.178	32	srm	None	2021-04-28 00:00:00	2021-07-27 00:00:00	None	Firepower Suspicious Scan Activity (IP=178,CA)
172.105.38.242	32	wmp	None	2021-04-15 00:00:00	2021-07-15 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=242,IN)
172.105.38.242	24	EE	None	2021-04-15 00:00:00	2021-07-14 00:00:00	None	Adobe ColdFusion Administrator Access Restriction - Web Attack (IP=242,IN)
172.105.40.13	24	EE	None	2021-04-12 00:00:00	2021-07-11 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire (IP=13,IN)
172.105.50.196	24	BMP	None	2021-01-13 00:00:00	2021-04-13 00:00:00	None	CitrixNetScalerGateway - Hive Case 4769 (IP=196,IN)
172.105.52.207	24	EE	None	2021-04-12 00:00:00	2021-07-11 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire (IP=207,IN)
172.105.56.45	24	RW	None	2021-03-31 00:00:00	2021-06-30 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability - 6hr web attacks (IP=45,IN)
172.105.62.245	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=245,IN)
172.105.64.188	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	NL TO-S-2020-0298 Malware Activity
172.105.64.71	24	KD	None	2021-07-20 00:00:00	2021-10-18 00:00:00	None	SERVER-WEBAPP Adobe Experience Manager server side request forgery attempt- WebAttacks (IP=71, DE)
172.105.65.157	24	EE	None	2021-04-12 00:00:00	2021-07-11 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire (IP=157,DE)
172.105.67.207	32	BMP	None	2020-10-30 00:00:00	2021-09-15 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=207,US) | updated by wmp Block was inactive. Reactivated on 20210615 with reason ArcSight ESM High Attacker Suspicious Scan Activity (IP=207,DE)
172.105.69.78	32	RR	None	2021-01-06 00:00:00	2021-04-06 00:00:00	None	File /etc/passwd Access Attempt Detect (IP=78,US)
172.105.73.207	24	RT	None	2021-05-27 00:00:00	2021-08-25 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire Report (IP=207,DE)
172.105.74.239	32	srm	None	2021-04-28 00:00:00	2021-07-27 00:00:00	None	Firepower Suspicious Scan Activity (IP=239,DE)
172.105.77.150	32	wmp	None	2021-03-11 00:00:00	2021-06-11 00:00:00	None	ArcSight High Attacker (IP=150,DE)
172.105.78.244	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	DE TO-S-2021-0876 Hive Case 4166 Malware Activity
172.105.79.202	24	KD	None	2021-07-20 00:00:00	2021-10-18 00:00:00	None	SERVER-WEBAPP Adobe Experience Manager server side request forgery attempt (1:53688:1)- Source Fire (202,DE)
172.105.8.133	24	FT	None	2020-11-04 00:00:00	2021-02-04 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=133,CN)
172.105.81.146	32	srm	None	2021-04-28 00:00:00	2021-07-27 00:00:00	None	Firepower Suspicious Scan Activity (IP=146,DE)
172.105.81.81	32	wmp	None	2021-04-30 00:00:00	2021-07-30 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=81,DE)
172.105.85.90	32	srm	None	2021-04-28 00:00:00	2021-07-27 00:00:00	None	Firepower Suspicious Scan Activity (IP=90,DE)
172.105.86.119	32	dbc	None	2020-05-13 00:00:00	2021-05-13 00:00:00	None	Unaffiliated TO-S-2020-0503 Malicious Email Activity
172.105.89.161	32	wmp	None	2021-06-14 00:00:00	2021-09-14 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=161,DE)
172.105.90.222	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	NL TO-S-2020-0298 Malware Activity
172.105.91.113	32	CW	None	2019-09-28 00:00:00	2021-10-29 00:00:00	None	Unauthorized Access Attempt-TT# 19C03492 (IP=13,DE) | updated by dbc Block was inactive. Reactivated on 20201029 with reason DE Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
172.105.93.221	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	DE TO-S-2021-1007 Malware Activity
172.105.96.211	24	EE	None	2021-04-12 00:00:00	2021-07-11 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire (IP=211,CA)
172.105.97.26	24	RW	None	2020-10-20 00:00:00	2021-01-20 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=26,AU)
172.105.99.215	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	CA Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
172.107.246.118	32	RW	None	2021-08-17 00:00:00	2021-11-15 00:00:00	None	SQL injection - Web Attacks (IP=118,US)
172.107.246.52	24	BB	None	2021-08-17 00:00:00	2021-11-15 00:00:00	None	SQL injection - Web Attacks (IP=52,CN)
172.107.246.52	32	RW	None	2021-08-17 00:00:00	2021-11-15 00:00:00	None	SQL injection - Web Attacks (IP=52,US)
172.110.18.127	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
172.114.7.198	32	BB	None	2021-07-30 00:00:00	2021-10-28 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - ABC Report (IP=198,US)
172.120.111.182	32	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5629 TO-S-2021-1303 (IP=182,US)
172.168.17.101	24	DT	None	2020-11-25 00:00:00	2021-02-25 00:00:00	None	TO-S-2021-0966/Cobalt Strike - IR# 21C00260 (IP=101,US)
172.197.69.126	24	RB	None	2021-03-11 00:00:00	2021-06-09 00:00:00	None	SSH User Authentication Brute Force Attempt - 6hr failed logons (IP=126,AU)
172.222.235.55	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=55,US)
172.245.156.127	32	NAB	None	2020-10-30 00:00:00	2021-01-28 00:00:00	None	HIVE Case #4238 COLS-NA-TIP-20-0344 (IP=127,US)
172.245.158.13	32	NAB	None	2020-10-28 00:00:00	2021-11-03 00:00:00	None	HIVE Case #4192 COLS-NA-TIP-20-0322 (IP=13,US) | updated by dbc Block expiration extended with reason US Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
172.245.162.122	32	TLM	None	2021-06-10 00:00:00	2021-12-10 00:00:00	None	HIVE CASE #5606 TO-S-2021-1338
172.245.168.183	32	CR	None	2021-05-05 00:00:00	2021-08-05 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - FirePower report (IP=183,US)
172.245.184.101	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=101,US)
172.245.226.20	32	BMP	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=20,US)
172.245.8.131	32	EE	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire (IP=131,US)
172.245.88.209	32	wmp	None	2021-03-09 00:00:00	2021-06-09 00:00:00	None	Firepower Suspicious Scan Activity (IP=209,US)
172.247.109.0	24	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	CN TO-S-2020-0303 Malicious Email Activity
172.247.109.146	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	CN TO-S-2020-0303 Malicious Email Activity
172.247.109.176	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	US TO-S-2020-0298 Malicious Email Activity
172.247.55.244	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	US TO-S-2020-0303 Malicious Email Activity
172.247.55.51	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	US TO-S-2020-0298 Malicious Email Activity
172.56.41.9	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=9,US)
172.58.110.175	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=175,US)
172.58.137.228	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=228,US)
172.58.175.82	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=82,US)
172.58.200.181	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=181,US)
172.58.236.246	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=246,US)
172.58.27.101	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=101,US)
172.58.28.146	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=146,US)
172.58.30.232	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=232,US)
172.58.47.60	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=60,US)
172.58.60.5	24	ZH	None	2021-08-21 00:00:00	2021-11-19 00:00:00	None	HTTP: Multiple Techniques from various IPs in this range across multiple reports (IP=5,US)
172.58.63.105	32	ZH	None	2021-08-21 00:00:00	2021-11-19 00:00:00	None	HTTP: Adobe ColdFusion Directory Traversal Information Disclosure Vulnerability - 6hr Web Attacks (IP=105,US)
172.58.79.225	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=225,US)
172.58.92.87	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=87,US)
172.64.32.144	32	BMP	None	2021-03-31 00:00:00	2021-06-30 00:00:00	None	WannaCry Malware DNS Request - Hive Case 5170 (IP=144,US)
172.64.33.77	32	BMP	None	2021-03-31 00:00:00	2021-06-30 00:00:00	None	WannaCry Malware DNS Request - Hive Case 5169 (IP=77,US)
172.67.134.127	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	US Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
172.67.136.69	32	NAB	None	2021-03-03 00:00:00	2021-06-01 00:00:00	None	HIVE Case #NA FP Security (IP=69,US)
172.67.151.47	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	US Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
172.67.171.65	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	US Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
172.67.180.96	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	US Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
172.67.189.54	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=54,US)
172.67.192.186	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=186,US)
172.67.198.119	32	wmp	None	2020-08-03 00:00:00	2021-09-29 00:00:00	None	HIVE Case #3444 COLS-NA-TIP-20-0242 (IP=119,US) | updated by dbc Block expiration extended with reason US TO-S-2020-0838 Malicious Email Activity
172.67.199.253	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	US Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
172.67.206.76	32	NAB	None	2021-05-11 00:00:00	2021-11-11 00:00:00	None	HIVE Case #5422 DARKSIDE Ransomware (IP=76,US)
172.67.213.200	32	wmp	None	2020-06-19 00:00:00	2021-08-24 00:00:00	None	HIVE Case #3038 CTO-20-168 (IP=200,US) | updated by dbc Block expiration extended with reason US TO-S-2020-0750 Malicious Email Activity
172.67.215.130	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	US Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
172.67.219.138	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	US Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
172.81.116.101	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	US TO-S-2020-0698 Malicious Email Activity
172.81.116.115	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
172.81.118.175	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=175,US)
172.81.212.86	24	FT	None	2020-10-04 00:00:00	2021-01-04 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=86,CN)
172.81.248.122	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=122,CN)
172.81.248.61	24	RB	None	2021-03-29 00:00:00	2021-06-27 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=61,CN)
172.81.99.16	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=16,JP)
172.82.152.59	32	wmp	None	2021-03-09 00:00:00	2021-06-09 00:00:00	None	Firepower Suspicious Scan Activity (IP=59,US)
172.86.64.19	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	US TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
172.86.70.111	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	US TO-S-2020-0750 Malicious Email Activity
172.86.75.84	32	dbc	None	2020-08-26 00:00:00	2021-08-26 00:00:00	None	NL TO-S-2020-0758 Malicious Web Application Activity
172.88.107.146	32	GM	None	2021-02-24 00:00:00	2021-06-24 00:00:00	None	SERVER-WEBAPP LifeRay arbitrary Java object deserialization attempt - Web Attacks (IP=146,US)
172.89.24.151	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=151,US)
172.93.104.250	32	wmp	None	2020-09-04 00:00:00	2021-10-08 00:00:00	None	HIVE Case #3755 COLS-NA-TIP-20-0278 (IP=250,US) | updated by dbc Block expiration extended with reason HIVE Case #4064 TO-S-2020-0859 (IP=250,US)
172.93.110.131	32	dbc	None	2020-09-23 00:00:00	2021-09-23 00:00:00	None	US TO-S-2020-0826 Hive Case 3950 Malicious Email Activity
172.93.120.61	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
172.93.121.21	32	TLM	None	2021-06-17 00:00:00	2021-12-17 00:00:00	None	HIVE Case #5644 TO-S-2021-1352 (IP=21,US)
172.93.123.7	32	dbc	None	2019-08-15 00:00:00	2021-11-06 00:00:00	None	US TO-S-2019-0890.01 Malicious Email Activity | updated by NAB Block was inactive. Reactivated on 20210506 with reason HIVE Case #5404 TO-S-21-1270 COLS-NA-TIP-21-0144 (IP=7,US)
172.93.194.61	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
172.93.220.159	24	GL	None	2020-10-09 00:00:00	2021-01-07 00:00:00	None	HIVE Case #4099 CTO 2020-282 (IP=159,JP)
172.93.49.125	32	RR	None	2021-01-06 00:00:00	2021-04-06 00:00:00	None	Nuclei Vulnerability Scanner - IPS Events (IP=125,US)
172.95.161.71	32	KH	None	2021-08-27 00:00:00	2021-11-25 00:00:00	None	Repeated command execution attempts - multiple reports (IP=71,US)
172.96.190.154	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	CA TO-S-2021-0876 Hive Case 4166 Malware Activity
172.96.238.154	32	dbc	None	2020-06-10 00:00:00	2021-06-10 00:00:00	None	US TO-S-2020-0601 Malicious Web Application Activity
172.97.102.189	32	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	US TO-S-2020-0315 Malicious Email Activity
172.97.71.177	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	US TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
172.98.195.166	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
172.98.64.135	32	RW	None	2020-12-05 00:00:00	2021-03-05 00:00:00	None	SERVER-WEBAPP ZyXEL P660HN ADSL Router viewlog.asp command injection attempt - 6hr Failed Logon (IP=135,US)
172.98.64.135	24	GM	None	2020-11-28 00:00:00	2021-02-28 00:00:00	None	SERVER-WEBAPP ZyXEL P660HN ADSL Router viewlog.asp command injection attempt - Web Attacks (IP=135,CA)
172.98.64.139	32	KF	None	2020-01-25 00:00:00	2021-05-07 00:00:00	None	HTTP: Blind SQL Injection - Timing (IP=139,US) | updated by dbc Block was inactive. Reactivated on 20200507 with reason US TO-S-2020-0493 Malware Activity
172.98.82.163	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	CA TO-S-2021-1007 Malware Activity
172.98.93.228	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	US TO-S-2021-1007 Malware Activity
173.10.113.221	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=221,US)
173.10.71.57	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=57,US)
173.10.9.189	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=189,US)
173.12.182.201	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=201,US)
173.13.9.125	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=125,US)
173.160.22.249	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=249,US)
173.161.109.122	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=122,US)
173.170.72.118	32	BMP	None	2021-06-08 00:00:00	2021-09-06 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6hr Failed Logons (IP=118,US)
173.175.111.128	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=128,US)
173.196.138.184	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=184,US)
173.199.136.116	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
173.199.184.24	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	US TO-S-2020-0698 Malicious Email Activity
173.199.232.240	32	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5629 TO-S-2021-1303 (IP=240,US)
173.199.232.240	32	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5629 TO-S-2021-1303 (IP=240,US)
173.201.144.128	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
173.201.146.1	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=1,US)
173.201.253.84	32	TLM	None	2021-07-29 00:00:00	2021-10-27 00:00:00	None	HIVE Case #5884 TO-S-2021-1435 (IP=84,US)
173.205.125.124	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	US Hive Case 4237 TO-S-2021-0910 Malware Activity
173.208.179.82	32	NAB	None	2021-03-04 00:00:00	2021-06-02 00:00:00	None	HIVE Case #NA FP Security (IP=82,US)
173.208.198.3	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	US TO-S-2021-1007 Malicious Email Activity
173.208.251.196	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	TCP: SYN Host Sweep (IP=196,US)
173.209.51.245	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	CA TO-S-2021-1007 Malicious Email Activity
173.212.193.254	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	DE TO-S-2020-0698 Malicious Email Activity
173.212.199.225	24	EE	None	2021-03-12 00:00:00	2021-06-10 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=225,DE)
173.212.203.15	24	BB	None	2021-07-30 00:00:00	2021-10-28 00:00:00	None	SERVER-WEBAPP JBoss web console access attempt - SourceFire (IP=15,DE)
173.212.203.15	24	KH	None	2021-07-30 00:00:00	2021-10-28 00:00:00	None	SERVER-WEBAPP Klog Server authenticate.php user command injection attempt - Web Attacks (IP=15,DE)
173.212.207.133	32	dbc	None	2020-09-17 00:00:00	2021-09-17 00:00:00	None	DE TO-S-2020-0805 Malicious activity
173.212.209.67	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	DE TO-S-2020-0493 Malware Activity
173.212.218.126	32	GM	None	2020-03-07 00:00:00	2021-10-29 00:00:00	None	Known Attack Tool User Agent / HTTP: Masscan Scanner Traffic Detected - TT# 20C02036 (IP=126,US) | updated by dbc Block was inactive. Reactivated on 20201029 with reason DE Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
173.212.221.154	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	DE Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
173.212.223.48	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	DE TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
173.212.223.48	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	DE TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
173.212.223.48	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	DE TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
173.212.225.214	32	GM	None	2019-01-03 06:00:00	2021-10-29 00:00:00	None	Known Attack Tool User Agent 19C00770 (IP=214,US) | updated by KF with reason Generic ArcSight scan attempt (IP=214,DE) | updated by dbc Block was inactive. Reactivated on 20201029 with reason DE Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Ac
173.212.232.62	32	wmp	None	2021-03-09 00:00:00	2021-06-09 00:00:00	None	ArcSight ESM High Attacker (IP=62,DE)
173.212.241.131	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	DE Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
173.212.245.73	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	DE TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
173.212.247.35	24	EE	None	2021-03-27 00:00:00	2021-06-25 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=35,DE)
173.212.250.236	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	DE Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
173.213.87.160	32	BMP	None	2020-10-07 00:00:00	2021-01-07 00:00:00	None	HTTP: SQL Injection - Exploit - 6hr Web Attacks (IP-160,US)
173.213.87.38	32	GM	None	2021-01-06 00:00:00	2021-04-06 00:00:00	None	SERVER-WEBAPP JBoss web console access attempt - Web Attacks (IP=38,US)
173.214.177.186	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
173.214.187.110	32	kmw	None	2020-01-02 00:00:00	2021-01-02 00:00:00	None	US TO-S-2020-0228 Malicious Email Activity
173.216.240.56	32	srm	None	2021-08-16 00:00:00	2021-11-14 00:00:00	None	HIVE Case #NA Forcepoint NA Forcepoint (IP=56,US)
173.22.143.235	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=235,US)
173.225.104.68	32	NAB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HIVE Case #5136 TO-S-21-1197 TO-S-21-1197.01 (IP=68,US)
173.225.110.178	32	BMP	None	2021-09-15 00:00:00	2021-12-14 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - WebAttacks (IP=178,US)
173.225.110.178	32	UA	None	2021-09-15 00:00:00	2021-12-14 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Sourcefire (IP=178,US)
173.225.21.34	32	wmp	None	2020-08-03 00:00:00	2021-09-29 00:00:00	None	HIVE Case #3444 COLS-NA-TIP-20-0242 (IP=34,US) | updated by dbc Block expiration extended with reason US TO-S-2020-0838 Malicious Email Activity
173.230.141.80	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=80,US)
173.230.227.162	32	wmp	None	2020-09-22 00:00:00	2021-10-29 00:00:00	None	HIVE Case #3941 TO-S-2020-0821 COLS-NA-TIP-20-0298 (IP=162,US) | updated by dbc Block expiration extended with reason US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
173.231.192.43	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	US TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
173.231.196.57	32	TLM	None	2021-06-10 00:00:00	2021-12-10 00:00:00	None	HIVE CASE #5606 TO-S-2021-1338
173.231.197.108	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=108,US)
173.231.197.236	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
173.231.203.209	32	TLM	None	2021-06-17 00:00:00	2021-12-17 00:00:00	None	HIVE Case #5644 TO-S-2021-1352 (IP=209,US)
173.231.203.50	32	NAB	None	2021-04-05 00:00:00	2021-07-04 00:00:00	None	HIVE Case #5201 TO-S-21-1209 (IP=50,US)
173.231.204.54	32	BMP	None	2021-05-05 00:00:00	2021-08-03 00:00:00	None	BROWSER-FIREFOX Mozilla Firefox IDB use-after-free attempt (1:24572:9) - SourceFire (IP=54,US)
173.231.205.70	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
173.231.206.212	32	dbc	None	2020-09-23 00:00:00	2021-09-23 00:00:00	None	US TO-S-2020-0826 Hive Case 3950 Malicious Email Activity
173.231.212.4	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=4,US)
173.231.214.43	32	dbc	None	2020-03-24 00:00:00	2021-03-24 00:00:00	None	US TO-S-2020-0369 Malicious Email Activity
173.231.223.23	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	US TO-S-2020-0750 Malicious Email Activity
173.231.224.10	32	dbc	None	2020-05-22 00:00:00	2021-05-27 00:00:00	None	Unafilliated TO-S-2020-0559 Malicious Email Activity | updated by dbc Block expiration extended with reason Unafilliated TO-S-2020-0559.01 Malicious Email Activity
173.231.244.141	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	US TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
173.231.244.168	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	US TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
173.231.63.87	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	US TO-S-2021-1007 Malware Activity
173.232.146.83	32	JKC	None	2020-06-11 00:00:00	2021-06-11 00:00:00	None	Malicious IP Hive Case 2987 COLS-NA TIP 20-0165 CTO 20-156 (ip=83, US)
173.234.155.126	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=126,US)
173.235.63.130	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=130,US)
173.236.144.82	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	US TO-S-2020-0493 Malware Activity
173.236.152.125	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	Unaffiliated TO-S-2020-0535 Malware Activity
173.236.154.110	32	TLM	None	2021-06-17 00:00:00	2021-12-17 00:00:00	None	HIVE Case #5644 TO-S-2021-1352 (IP=110,US)
173.236.154.47	32	wmp	None	2020-09-15 00:00:00	2021-10-08 00:00:00	None	HIVE Case #3853 TO-S-2020-0804 COLS-NA-TIP-20-0291 (IP=47,US) | updated by dbc Block expiration extended with reason HIVE Case #4064 TO-S-2020-0859 (IP=47,US)
173.236.155.241	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	US Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
173.236.169.165	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=165,US)
173.236.181.205	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	US TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
173.236.185.145	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
173.236.188.100	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=100,US)
173.236.197.34	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	US TO-S-2020-0493 Malware Activity
173.236.225.59	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
173.236.241.162	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	US TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
173.236.242.192	32	RW	None	2021-08-10 00:00:00	2021-11-08 00:00:00	None	INDICATOR-COMPROMISE Microsoft Windows Terminal server RDP over non-standard port attempt - TT# 20C02828 (IP=192,US) | updated by RW Block was inactive. Reactivated on 20210810 with reason Nmap Scanner Traffic Detected - FE IPS (IP=192,US) Nmap Scanner Traffic Detected - FE IPS (IP=192,US)
173.236.242.192	32	BMP	None	2020-05-18 00:00:00	2021-11-08 00:00:00	None	INDICATOR-COMPROMISE Microsoft Windows Terminal server RDP over non-standard port attempt - TT# 20C02828 (IP=192,US) | updated by RW Block was inactive. Reactivated on 20210810 with reason Nmap Scanner Traffic Detected - FE IPS (IP=192,US) Nmap Scanner Traffic Detected - FE IPS (IP=192,US)
173.236.246.243	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	US TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
173.237.169.84	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=84,US)
173.237.190.21	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	US TO-S-2021-0949 Hive Case 4363 Malicious Email Activity
173.237.190.55	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	US TO-S-2021-1007 Malicious Email Activity
173.239.168.34	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	CA TO-S-2020-0298 Malicious Email Activity
173.239.197.108	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	US TO-S-2020-0493 Malware Activity
173.239.197.181	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	US TO-S-2020-0698 Malware Activity
173.239.232.141	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	US TO-S-2020-0493 Malware Activity
173.239.5.6	32	NAB	None	2020-10-28 00:00:00	2021-01-26 00:00:00	None	HIVE Case #4192 COLS-NA-TIP-20-0322 (IP=6,US)
173.242.139.177	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	US TO-S-2020-0493 Malware Activity
173.242.96.51	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	US TO-S-2021-1007 Malware Activity
173.244.36.38	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
173.244.36.42	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
173.247.240.222	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
173.247.242.103	32	dbc	None	2020-03-24 00:00:00	2021-03-24 00:00:00	None	US TO-S-2020-0369 Malicious Email Activity
173.247.243.245	32	dbc	None	2020-03-24 00:00:00	2021-03-24 00:00:00	None	US TO-S-2020-0369 Malicious Email Activity
173.247.246.8	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	US TO-S-2020-0698 Malicious Email Activity
173.247.252.137	32	TLM	None	2021-06-10 00:00:00	2021-12-10 00:00:00	None	HIVE CASE #5606 TO-S-2021-1338
173.247.252.17	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	US TO-S-2021-1007 Malicious Email Activity
173.249.0.21	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	DE TO-S-2020-0331 Malicious Web Application Activity
173.249.11.134	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	DE Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
173.249.11.134	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	DE Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
173.249.11.134	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	DE Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
173.249.12.173	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	DE TO-S-2020-0303 Malicious Web Application Activity
173.249.15.135	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	US TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
173.249.16.129	32	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	DE TO-S-2020-0315 Malicious Web Application Activity
173.249.2.213	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	DE Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
173.249.24.131	24	KD	None	2021-09-05 00:00:00	2021-12-04 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt- Web Attacks (IP=131,DE)
173.249.26.66	24	EE	None	2021-03-12 00:00:00	2021-06-10 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=66,DE)
173.249.28.101	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	DE TO-S-2020-0331 Malicious Email Activity
173.249.3.46	24	BMP	None	2021-04-02 00:00:00	2021-07-01 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=46,DE)
173.249.30.78	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	DE TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
173.249.31.29	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	DE Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
173.249.32.85	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	DE Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
173.249.34.254	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	DE Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
173.249.37.213	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	DE Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
173.249.4.240	32	wmp	None	2020-08-20 00:00:00	2021-10-08 00:00:00	None	HIVE Case #3601 COLS-NA-TIP-20-0260 (IP=240,DE) | updated by dbc Block expiration extended with reason HIVE Case #4064 TO-S-2020-0859 (IP=240,DE)
173.249.45.143	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	DE Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
173.249.46.215	24	KH	None	2021-07-19 00:00:00	2021-10-17 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - 6 hr Web Attacks (IP=215,DE)
173.249.49.237	32	JKC	None	2020-06-11 00:00:00	2021-06-11 00:00:00	None	Malicious IP Hive Case 2987 COLS-NA TIP 20-0165 CTO 20-156 (ip=237, US)
173.249.49.68	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	DE TO-S-2020-0298 Malicious Email Activity
173.249.5.248	32	wmp	None	2020-08-20 00:00:00	2021-10-08 00:00:00	None	HIVE Case #3601 COLS-NA-TIP-20-0260 (IP=248,DE) | updated by dbc Block expiration extended with reason HIVE Case #4064 TO-S-2020-0859 (IP=248,DE)
173.249.51.194	32	CW	None	2020-02-01 00:00:00	2021-10-29 00:00:00	None	Immediate Inbound Network Block - TT# 20C01571 (IP=94,DE) | updated by KF Block expiration extended with reason Known Attack Tool User Agent - TT# 20C02251 (IP=194,US) | updated by dbc Block was inactive. Reactivated on 20201029 with reason DE Hive C
173.249.53.59	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	DE TO-S-2020-0535 Malware Activity
173.249.55.26	32	NAB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HIVE Case #5136 TO-S-21-1197 TO-S-21-1197.01 (IP=26,DE)
173.249.57.206	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	DE TO-S-2020-0303 Malicious Email Activity
173.249.60.159	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	DE Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
173.249.63.33	32	NAB	None	2021-04-05 00:00:00	2021-07-04 00:00:00	None	HIVE Case #5201 TO-S-21-1209 (IP=33,DE)
173.254.109.132	32	dbc	None	2020-03-24 00:00:00	2021-03-24 00:00:00	None	US TO-S-2020-0369 Malicious Email Activity
173.254.124.251	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
173.254.124.86	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
173.254.28.118	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
173.254.28.171	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	US TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
173.254.28.213	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=213,US)
173.254.28.25	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
173.254.28.69	32	NAB	None	2021-01-08 00:00:00	2021-04-08 00:00:00	None	HIVE Case #NA FP Security (IP=69,US)
173.254.28.82	32	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	US TO-S-2020-0838 Malicious Email Activity
173.254.41.31	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	US TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
173.254.61.152	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	US TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
173.254.75.31	32	dbc	None	2020-03-24 00:00:00	2021-03-24 00:00:00	None	US TO-S-2020-0369 Malicious Email Activity
173.254.92.128	32	dbc	None	2020-09-17 00:00:00	2021-09-17 00:00:00	None	US TO-S-2020-0805 Malicious Email Activity
173.255.128.163	32	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	US TO-S-2020-0838 Malicious Email Activity
173.255.210.181	32	WR	None	2021-06-26 00:00:00	2021-10-09 00:00:00	None	SQL injection - 6HR Web Attack (IP=181,US) | updated by AR Block expiration extended with reason SQL injection - 6 Hr Web Attacks (IP=181,US) SQL injection - 6 Hr Web Attacks (IP=181,US)
173.255.210.181	32	AR	None	2021-07-11 00:00:00	2021-10-09 00:00:00	None	SQL injection - 6HR Web Attack (IP=181,US) | updated by AR Block expiration extended with reason SQL injection - 6 Hr Web Attacks (IP=181,US) SQL injection - 6 Hr Web Attacks (IP=181,US)
173.255.215.198	32	RT	None	2021-05-27 00:00:00	2021-08-25 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire Report (IP=198,US)
173.255.226.114	32	AR	None	2021-08-29 00:00:00	2021-11-27 00:00:00	None	SERVER-OTHER HP Integrated Lights-Out HTTP headers processing buffer overflow attempt (1:45682:2) – SourceFire Report (IP=114,US)
173.255.226.156	32	AR	None	2021-08-29 00:00:00	2021-11-27 00:00:00	None	SERVER-WEBAPP Fortigate SSL VPN cross site scripting attempt - 6hr Web Attack (IP=156,US)
173.255.226.51	32	AR	None	2021-08-29 00:00:00	2021-11-27 00:00:00	None	HTTP: Apache Struts 2 remote code execution vulnerability(CVE-2016-4438) - TT# 21C01666 (IP=51,US)
173.255.226.63	32	AR	None	2021-08-28 00:00:00	2021-11-26 00:00:00	None	UDS-ColdFusion_logintowizard_RC7261 TT# 21C01636 (IP=63,US)
173.255.226.90	32	AR	None	2021-08-28 00:00:00	2021-11-26 00:00:00	None	UDS-ColdFusion_logintowizard_RC7261 TT# 21C01638 (IP=90,US)
173.255.229.10	32	DT	None	2021-09-01 00:00:00	2021-11-30 00:00:00	None	SQL injection - Web Attacks (IP=10,US)
173.255.229.162	32	AR	None	2021-08-29 00:00:00	2021-11-27 00:00:00	None	UDS-ColdFusion_logintowizard_RC7261 TT# 21C01641 (IP=162,US)
173.255.229.27	32	AR	None	2021-08-29 00:00:00	2021-11-27 00:00:00	None	UDS-ColdFusion_logintowizard_RC7261 TT# 21C01652 (IP=27,US)
173.255.232.218	32	RR	None	2021-07-23 00:00:00	2021-10-21 00:00:00	None	Adobe ColdFusion Administrator Access Restriction - Web Attacks (IP=218,US)
173.255.235.16	32	CR	None	2021-05-06 00:00:00	2021-08-04 00:00:00	None	SQL injection - 6 hr web attack (IP=16,US)
173.255.236.109	32	ZH	None	2021-07-24 00:00:00	2021-10-22 00:00:00	None	SQL injection - 6hr Web Attacks (IP=109,US)
173.255.236.191	32	RT	None	2021-09-01 00:00:00	2021-11-30 00:00:00	None	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - TT# 21C01725 (IP=191,US)
173.255.236.212	32	RT	None	2021-09-01 00:00:00	2021-11-30 00:00:00	None	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - TT# 21C01727 (IP=212,US)
173.255.236.239	32	RW	None	2021-09-01 00:00:00	2021-11-30 00:00:00	None	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - TT# 21C01717 (IP=239,US)
173.255.249.78	32	CR	None	2021-04-28 00:00:00	2021-07-28 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attemp - Sourcefire (IP=78,US)
173.255.249.78	32	CR	None	2021-04-28 00:00:00	2021-07-28 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attemp - Sourcefire (IP=78,US)
173.45.124.227	32	NAB	None	2021-07-28 00:00:00	2021-10-26 00:00:00	None	HIVE Case #NA FP Security (IP=227,US)
173.45.167.155	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	US TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
173.45.79.12	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	US TO-S-2020-0331 Malware Activity
173.54.67.87	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=87,US)
173.62.217.22	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malware Activity
173.63.140.138	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=138,US)
173.79.248.49	32	JKC	None	2021-08-27 00:00:00	2021-11-25 00:00:00	None	HIVE Case #NA PA web attacks (IP=49,US)
173.82.112.113	32	TLM	None	2021-06-17 00:00:00	2021-12-17 00:00:00	None	HIVE Case #5644 TO-S-2021-1352 (IP=113,US)
173.82.114.235	32	TLM	None	2021-06-17 00:00:00	2021-12-17 00:00:00	None	HIVE Case #5644 TO-S-2021-1352 (IP=235,US)
173.82.115.103	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
173.82.115.87	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	US TO-S-2020-0750 Malicious Email Activity
173.82.131.78	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
173.82.139.188	32	EE	None	2021-04-04 00:00:00	2021-07-03 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability Web Attack (IP=188,US)
173.82.206.123	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	US Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
173.82.207.195	32	TLM	None	2021-06-10 00:00:00	2021-12-10 00:00:00	None	HIVE CASE #5606 TO-S-2021-1338
173.82.208.75	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	US TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
173.82.219.214	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
173.82.234.66	32	NAB	None	2020-10-30 00:00:00	2021-01-28 00:00:00	None	HIVE Case #4238 COLS-NA-TIP-20-0344 (IP=66,US)
173.82.234.67	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
173.82.243.161	32	dbc	None	2020-09-23 00:00:00	2021-09-23 00:00:00	None	US TO-S-2020-0826 Hive Case 3950 Malicious Email Activity
173.82.243.245	32	NAB	None	2020-10-30 00:00:00	2021-01-28 00:00:00	None	HIVE Case #4238 COLS-NA-TIP-20-0344 (IP=245,US)
173.82.82.232	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	US Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
173.82.83.72	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	US Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
173.82.83.94	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
173.85.194.46	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=46,US)
173.92.181.169	32	GM	None	2021-01-06 00:00:00	2021-04-06 00:00:00	None	HTTP SQL Injection Attempt - Web Attacks (IP=169,US)
173.94.215.84	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malware Activity
174.100.27.229	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malware Activity
174.102.48.180	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malware Activity
174.106.21.38	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=38,US)
174.108.249.2	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=2,US)
174.127.110.91	32	dbc	None	2020-09-17 00:00:00	2021-09-17 00:00:00	None	US TO-S-2020-0805 Malicious Email Activity
174.127.99.167	32	kmw	None	2020-01-02 00:00:00	2021-01-02 00:00:00	None	NL TO-S-2020-0228 Malware Activity
174.129.149.29	32	ZH	None	2021-08-19 00:00:00	2021-11-17 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire Rpt (IP=29,US)
174.129.92.114	32	ZH	None	2021-08-19 00:00:00	2021-11-17 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - Sourcefire Rpt (IP=114,US)
174.136.12.132	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
174.136.12.155	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
174.136.12.168	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
174.136.12.169	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
174.136.29.209	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=209,US)
174.136.57.14	32	NAB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HIVE Case #5136 TO-S-21-1197 TO-S-21-1197.01 (IP=14,US)
174.136.57.185	32	wmp	None	2020-08-26 00:00:00	2021-10-29 00:00:00	None	HIVE Case #3650 COLS-NA-TIP-20-0271 (IP=185,US) | updated by wmp Block expiration extended with reason HIVE Case #3723 COLS-NA-TIP-20-0275 (IP=185,US) | updated by dbc Block expiration extended with reason US Hive Case 4187 TO-S-2021-0898 Malicious Em
174.136.57.194	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
174.136.57.250	32	NAB	None	2020-10-30 00:00:00	2021-11-03 00:00:00	None	HIVE Case #4238 COLS-NA-TIP-20-0344 (IP=250,US) | updated by dbc Block expiration extended with reason US Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
174.137.65.18	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malware Activity
174.138.10.241	24	DT	None	2021-03-30 00:00:00	2021-06-28 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=241,NL)
174.138.116.26	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	US Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
174.138.12.1	24	BMP	None	2021-05-06 00:00:00	2021-08-04 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=1,NL)
174.138.12.229	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	srm Firepwer Suspicious Scan Activity (IP=229,NL)
174.138.13.87	32	srm	None	2021-04-27 00:00:00	2021-07-26 00:00:00	None	Firepower Suspicious Scan Activity (IP=87,NL)
174.138.14.220	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	NL TO-S-2020-0459 Malware Activity
174.138.17.246	24	RT	None	2021-07-07 00:00:00	2021-10-05 00:00:00	None	SERVER-WEBAPP Oracle-BI convert servlet XML external entity injection attempt (1:50773:1) - SourceFire Report (IP=246,SG)
174.138.184.34	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	US TO-S-2021-1007 Malicious Email Activity
174.138.186.11	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	US TO-S-2020-0750 Malicious Email Activity
174.138.2.140	32	wmp	None	2021-04-30 00:00:00	2021-07-30 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=140,NL)
174.138.22.123	24	RB	None	2021-01-09 00:00:00	2021-04-11 00:00:00	None	Suspicious Scan Activity - Hive Case #4744 (IP=123,SG) | updated by BMP Block expiration extended with reason Backdoor.TROCHILUS - Hive Case 4744 (IP=123,SG)
174.138.23.83	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	SG TO-S-2020-0298 Malicious Email Activity
174.138.3.192	32	wmp	None	2021-02-09 00:00:00	2021-05-09 00:00:00	None	Imperva Suspicious Scan Activity (IP=192,NL)
174.138.30.94	32	srm	None	2021-03-30 00:00:00	2021-06-30 00:00:00	None	Firepower Suspicious Scan Activity (IP=94,SG)
174.138.38.169	32	GM	None	2020-10-08 00:00:00	2021-01-08 00:00:00	None	SERVER-WEBAPP Cisco ASA directory traversal attempt - Web Attacks (IP=169,US)
174.138.38.204	32	RR	None	2021-03-09 00:00:00	2021-06-07 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=204,US)
174.138.4.57	24	BMP	None	2021-01-11 00:00:00	2021-04-11 00:00:00	None	Backdoor.TROCHILUS - Hive Case 4744 (IP=57,NL)
174.138.4.57	24	RB	None	2021-01-09 00:00:00	2021-04-09 00:00:00	None	Suspicious Scan Activity - Hive Case #4744 (IP=57,NL)
174.138.40.108	24	DT	None	2021-04-16 00:00:00	2021-07-15 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=50,NL)
174.138.41.91	32	BMP	None	2021-06-23 00:00:00	2021-09-21 00:00:00	None	SQL injection - 6hr Web Attacks (IP=91,US)
174.138.43.112	32	RB	None	2021-01-10 00:00:00	2021-04-10 00:00:00	None	Suspicious Scan Activity - Hive Case #4744 (IP=112,US)
174.138.47.225	32	DT	None	2021-08-31 00:00:00	2021-11-29 00:00:00	None	SQL injection - Web Attacks (IP=225,US)
174.138.55.215	32	RW	None	2021-05-07 00:00:00	2021-08-07 00:00:00	None	SQL injection - Web attacks (IP=215,US)
174.138.59.73	32	BMP	None	2021-06-23 00:00:00	2021-09-21 00:00:00	None	SQL injection - 6hr Web Attacks (IP=73,US)
174.138.62.253	32	BMP	None	2021-04-01 00:00:00	2021-06-30 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=253,US)
174.138.7.207	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	NL Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
174.139.22.14	32	RT	None	2021-05-25 00:00:00	2021-08-23 00:00:00	None	HTTP: SQL Injection Attempt Detected - 6hr Web Attacks(IP=14,US)
174.141.232.178	32	TLM	None	2021-06-17 00:00:00	2021-12-17 00:00:00	None	HIVE Case #5644 TO-S-2021-1352 (IP=178,US)
174.142.80.46	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	CA TO-S-2020-0535 Malicious Email Activity
174.16.66.244	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	US TO-S-2020-0303 Malicious Email Activity
174.192.202.114	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=114,US)
174.192.203.10	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=10,US)
174.192.84.225	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=225,US)
174.193.204.74	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=74,US)
174.193.22.117	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=117,US)
174.194.128.243	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=243,US)
174.194.132.181	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=181,US)
174.194.132.183	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=183,US)
174.194.18.111	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=111,US)
174.195.199.168	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=168,US)
174.195.199.197	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=197,US)
174.196.16.74	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=74,US)
174.196.195.226	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=226,US)
174.196.203.250	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=250,US)
174.197.11.15	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=15,US)
174.197.19.101	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=101,US)
174.197.6.37	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=37,US)
174.197.68.205	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=205,US)
174.198.166.81	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=81,US)
174.198.174.230	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=230,US)
174.198.197.193	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=193,US)
174.20.108.127	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=127,US)
174.20.139.206	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=206,US)
174.202.235.161	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=161,US)
174.202.40.135	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=135,US)
174.202.74.18	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=18,US)
174.203.128.42	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=42,US)
174.203.130.218	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=218,US)
174.203.37.143	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=143,US)
174.203.44.88	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=88,US)
174.203.71.95	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=95,US)
174.204.208.87	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=87,US)
174.204.35.246	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=246,US)
174.204.69.4	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=4,US)
174.204.75.164	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=164,US)
174.204.76.114	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=114,US)
174.206.105.137	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=137,US)
174.206.32.133	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=133,US)
174.206.66.147	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=147,US)
174.206.96.168	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=168,US)
174.207.192.189	32	UA	None	2021-06-22 00:00:00	2021-09-22 00:00:00	None	SERVER-OTHER Cisco IOS invalid IKE fragment length memory corruption or exhaustion attempt (IP=189,US)
174.219.0.97	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=97,US)
174.221.0.101	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=101,US)
174.221.133.227	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=227,US)
174.221.139.129	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=129,US)
174.222.1.45	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=45,US)
174.222.142.243	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=243,US)
174.222.145.232	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=232,US)
174.223.136.2	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=2,US)
174.223.3.129	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	MULTIPLE UNRECOGNIZED TECHNIQUES; FORWARD TO DEV TEAM (IP=129,US)
174.227.0.95	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=95,US)
174.227.131.116	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=116,US)
174.227.133.219	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=219,US)
174.227.135.47	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=47,US)
174.227.137.105	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=105,US)
174.227.141.149	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=149,US)
174.227.147.62	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=62,US)
174.227.151.214	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=214,US)
174.227.21.13	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=13,US)
174.227.25.242	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=242,US)
174.227.3.205	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=205,US)
174.227.4.124	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=124,US)
174.228.146.65	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=65,US)
174.228.46.200	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=200,US)
174.231.130.86	32	dbc	None	2020-06-08 00:00:00	2021-06-08 00:00:00	None	US TO-S-2020-0592 Malware Activity
174.233.138.252	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=252,US)
174.233.139.6	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=6,US)
174.233.155.240	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=240,US)
174.233.34.247	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=247,US)
174.233.8.84	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=84,US)
174.234.1.165	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=165,US)
174.234.132.71	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=71,US)
174.234.136.71	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=71,US)
174.234.17.160	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=160,US)
174.236.139.218	32	UA	None	2021-06-22 00:00:00	2021-09-22 00:00:00	None	SERVER-OTHER Cisco IOS invalid IKE fragment length memory corruption or exhaustion attempt (IP=218,US)
174.236.141.195	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=195,US)
174.236.5.246	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=246,US)
174.236.7.85	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=85,US)
174.236.9.247	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=247,US)
174.237.129.77	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=77,US)
174.237.9.113	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=113,US)
174.237.9.18	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=18,US)
174.237.9.227	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=227,US)
174.238.139.1	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=1,US)
174.238.144.60	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=60,US)
174.243.115.76	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=76,US)
174.243.212.231	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=231,US)
174.244.243.64	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=64,US)
174.244.246.22	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=22,US)
174.246.203.36	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=36,US)
174.246.48.40	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=40,US)
174.246.51.234	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=234,US)
174.246.64.64	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=64,US)
174.246.98.134	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=134,US)
174.247.11.204	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=204,US)
174.247.19.238	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=238,US)
174.248.146.160	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=160,US)
174.248.162.114	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=114,US)
174.28.74.167	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=167,US)
174.32.160.47	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=47,US)
174.61.54.239	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	US TO-S-2020-0303 Malicious Email Activity
174.72.172.213	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=213,US)
174.78.134.73	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=73,US)
174.79.198.232	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=232,US)
174.83.107.97	32	dbc	None	2020-06-10 00:00:00	2021-06-10 00:00:00	None	US TO-S-2020-0601 Malicious Reconnaissance Activity
174.85.10.99	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	US TO-S-2020-0535 Malware Activity
174.92.56.91	24	RT	None	2021-10-02 00:00:00	2021-12-31 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - SSH SCAN (IP=91,CA)
174.92.56.91	24	RT	None	2021-10-02 00:00:00	2021-12-31 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6HR Failed Logons (IP=91,CA)
174.95.197.153	24	DT	None	2021-07-26 00:00:00	2021-10-24 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - SourceFire (IP=153,CA)
175.10.10.245	24	SW	None	2021-06-01 00:00:00	2021-08-30 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Web Attacks(IP=245,CN)
175.10.13.252	24	KH	None	2021-09-22 00:00:00	2021-12-21 00:00:00	None	Generic URI Injection wget Attempt - Sourcefire (IP=252,CN)
175.10.243.83	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=83,CN)
175.10.25.162	24	EE	None	2021-04-07 00:00:00	2021-07-06 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - Sourcefire (IP=162,CN )
175.10.25.30	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	HIVE Case #Firepower Firepower (IP=30,CN)
175.100.20.32	24	BMP	None	2021-01-19 00:00:00	2021-04-19 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6hr Failed Logons (IP=32,KH)
175.101.106.175	24	AR	None	2021-06-09 00:00:00	2021-09-07 00:00:00	None	SERVER-WEBAPP vBulletin template rendering arbitrary PHP code execution attempt (1:54768:2) - SourceFire Report (IP=175,IN)
175.101.67.175	24	BMP	None	2021-05-21 00:00:00	2021-09-04 00:00:00	None	Webshell.Binary.php.FEC2 - FireEye CMS (IP=175,IN) | updated by RR Block expiration extended with reason SERVER-WEBAPP JBoss web console access attempt - SourceFire (IP=175,IN) | updated by RR Block expiration extended with reason SERVER-WEBAPP Cisco
175.101.82.149	24	FT	None	2021-04-25 00:00:00	2021-07-25 00:00:00	None	No Authentication Required - 6hr FAILED lOGONS (IP=109,IN)
175.102.133.137	24	RB	None	2020-11-22 00:00:00	2021-02-22 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Sourcefire (IP=137,CN)
175.103.46.82	24	RR	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=82,ID)
175.106.8.0	21	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	ID TO-S-2020-0298 Malicious Email Activity
175.107.0.0	22	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,PK)
175.107.20.0	24	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	PK Hive Case 4237 TO-S-2021-0915 Correction to TO-S-2021-0910 Malware Activity
175.11.193.124	32	srm	None	2021-05-17 00:00:00	2021-08-15 00:00:00	None	Firepower Suspicious Scan Activity (IP=124,CN)
175.111.128.0	22	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	IN TO-S-2020-0331 Malicious Web Application Activity
175.111.180.0	22	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	IN TO-S-2020-0331 Malicious Web Application Activity
175.124.141.187	24	RB	None	2021-03-29 00:00:00	2021-06-27 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr web attacks (IP=187,KR)
175.126.146.152	24	FT	None	2021-03-30 00:00:00	2021-06-28 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=152,KR)
175.126.38.230	24	BMP	None	2021-04-02 00:00:00	2021-07-01 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=230,KR)
175.136.17.197	24	EE	None	2021-02-07 00:00:00	2021-05-08 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6 HR Failed Logons (IP=197,MY)
175.138.81.138	32	jkc	None	2020-06-26 00:00:00	2021-06-26 00:00:00	None	Case # 3146 - IOC_ CTO 20-172 malicious callback IP (ip=138,MY)
175.138.84.29	24	KD	None	2021-08-24 00:00:00	2021-11-22 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt (1:19559:13) - SourceFire (IP=29,MY)
175.139.163.219	24	RW	None	2021-01-17 00:00:00	2021-04-17 00:00:00	None	Authentication Failure - 6 hr failed logons (IP=219,MY)
175.144.122.197	32	RB	None	2020-10-20 00:00:00	2021-01-18 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 21C00161 (IP=197,US)
175.144.196.53	24	RR	None	2021-05-22 00:00:00	2021-08-20 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - SourceFire (IP=53,MY)
175.144.30.46	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	MY TO-S-2020-0298 Malicious Email Activity
175.145.200.29	24	GM	None	2020-12-27 00:00:00	2021-03-27 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - Failed Logons (IP=29,MY)
175.150.183.63	32	wmp	None	2021-02-03 00:00:00	2021-05-03 00:00:00	None	Firepower Suspicious Scan Activity (IP=63,CN)
175.152.198.160	24	KD	None	2021-06-03 00:00:00	2021-09-03 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (1:42857:3)- Source Fire (IP=160,CN)
175.155.53.248	24	KD	None	2021-06-03 00:00:00	2021-09-03 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (1:42857:3) - Source Fire (IP=248,CN)
175.158.200.179	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	PH Hive Case 4187 TO-S-2021-0898 Malware Activity
175.158.37.116	24	AR	None	2021-07-02 00:00:00	2021-09-30 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6 Hr Failed Logons (IP=116,ID)
175.168.239.78	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firep0wer Suspicious Scan Activity (IP=78,CN)
175.169.13.182	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=182,CN)
175.169.2.135	24	UA	None	2021-05-31 00:00:00	2021-08-29 00:00:00	None	SERVER-WEBAPP MVPower - Exploit - Web Attacks (IP=135,CN)
175.170.64.187	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=187,CN)
175.172.31.129	32	wmp	None	2021-05-27 00:00:00	2021-08-27 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=129,CN)
175.176.161.130	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	HIVE Case #Firepower Firepower (IP=130,ID)
175.176.224.0	19	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	HK TO-S-2021-0876 Hive Case 4166 Malware Activity
175.180.225.44	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=44,TW)
175.183.16.139	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=139,TW)
175.193.198.170	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	KR TO-S-2020-0331 Malware Activity
175.193.213.221	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	KR TO-S-2020-0331 Malicious Web Application Activity
175.194.156.151	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	KR TO-S-2020-0298 Malicious Email Activity
175.198.43.38	32	UA	None	2021-08-30 00:00:00	2021-11-28 00:00:00	None	PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 21C01679 (IP=38,KR)
175.199.232.14	24	WR	None	2021-06-23 00:00:00	2021-09-21 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (1:42857:3) - Sourcefire Report (IP=14,KR)
175.203.120.9	24	DT	None	2021-06-24 00:00:00	2021-09-22 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=9,KR)
175.205.109.96	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	KR TO-S-2020-0331 Malicious Web Application Activity
175.205.114.114	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	KR TO-S-2020-0331 Malicious Web Application Activity
175.209.61.253	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	KR TO-S-2020-0303 Malicious Email Activity
175.214.158.238	24	KD	None	2021-06-07 00:00:00	2021-09-06 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt- Web Attacks (IP=238,KR)
175.223.33.63	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	KR TO-S-2020-0331 Malware Activity
175.24.0.121	24	BMP	None	2020-12-13 00:00:00	2021-03-13 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - 6hr Web Attacks (IP=121,CN)
175.24.116.33	24	FT	None	2020-11-06 00:00:00	2021-02-05 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - 6hr Web Attacks (IP=33,CN)
175.24.117.72	32	srm	None	2021-04-07 00:00:00	2021-07-07 00:00:00	None	Firepower Suspicious Scan Activity (IP=72,CN)
175.24.132.148	24	RB	None	2020-11-16 00:00:00	2021-02-14 00:00:00	None	Hello Peppa Scan - IPS Events (IP=148,CN)
175.24.147.249	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=249,CN)
175.24.152.252	24	RR	None	2021-03-22 00:00:00	2021-06-20 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=252,CN)
175.24.18.63	24	FT	None	2020-10-04 00:00:00	2021-01-04 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt (1:51395:1) - SourceFire (IP=63,CN)
175.24.190.21	24	GM	None	2020-11-05 00:00:00	2021-02-05 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Web Attacks (IP=21,CN)
175.24.22.202	24	RR	None	2021-03-29 00:00:00	2021-06-27 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt -SourceFire (IP=202,CN)
175.24.232.217	24	RT	None	2021-07-30 00:00:00	2021-10-28 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6 HR WebAttack (IP=217,CN)
175.24.54.223	24	RR	None	2020-11-03 00:00:00	2021-02-01 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Web Attcks (IP=223,CN)
175.24.62.141	24	DT	None	2021-02-10 00:00:00	2021-05-10 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=141,CN)
175.24.69.171	24	ZH	None	2021-06-27 00:00:00	2021-09-25 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - 6hr Web Attacks (IP=171,CN)
175.24.93.7	24	RR	None	2021-05-30 00:00:00	2021-08-28 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=7,CN)
175.27.136.121	24	RB	None	2021-05-02 00:00:00	2021-07-31 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Sourcefire (IP=121,CN)
175.28.12.0	22	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	MY TO-S-2020-0459 Malware Activity
175.29.176.0	20	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	BD TO-S-2021-0876 Hive Case 4166 Malware Activity
175.34.172.19	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	AU TO-S-2020-0493 Malware Activity
175.34.245.73	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	AU TO-S-2020-0298 Malicious Email Activity
175.45.125.213	32	wmp	None	2020-09-15 00:00:00	2021-10-21 00:00:00	None	HIVE Case #3853 TO-S-2020-0804 COLS-NA-TIP-20-0291 (IP=213,AU) | updated by dbc Block expiration extended with reason AU TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
175.45.184.0	21	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	ID TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
175.6.115.25	24	EE	None	2021-03-28 00:00:00	2021-06-26 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks(IP=25,CN)
175.6.27.40	24	EE	None	2021-01-09 00:00:00	2021-04-09 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6 HR Web Attack (IP=40,CN)
175.6.27.40	24	RB	None	2021-01-10 00:00:00	2021-04-10 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Sourcefire (IP=40,CN)
175.7.184.33	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=33,CN)
175.7.220.126	24	EE	None	2021-01-10 00:00:00	2021-04-10 00:00:00	None	SERVER-WEBAPP LifeRay arbitrary Java object deserialization attempt (1:56800:1) - SourceFire (IP=128,CN)
176.104.107.0	24	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,RS)
176.104.128.0	19	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	RU Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
176.107.23.166	24	BMP	None	2021-04-17 00:00:00	2021-07-17 00:00:00	None	SERVER-WEBAPP Tomato router web interface bruteforce scan attempt - 6hr Web Attacks (IP=166,SK)
176.108.124.200	24	RW	None	2021-03-07 00:00:00	2021-06-07 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6 hr failed logons (IP=200,UK)
176.108.152.0	21	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	CY TO-S-2020-0303 Malicious Email Activity
176.110.129.12	32	ZH	None	2021-07-22 00:00:00	2021-10-20 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6hr Failed Logons (IP=12,RU)
176.111.173.123	24	AR	None	2021-09-23 00:00:00	2021-12-22 00:00:00	None	HTTP: Apache Struts 2 Remote Code Execution (CVE-2017-5638) - TT# 21C01925 (IP=123,EE)
176.111.173.252	24	CR	None	2021-05-19 00:00:00	2021-09-07 00:00:00	None	Adobe ColdFusion Administrator Access Restriction - Web Attacks (IP=252,GB) | updated by RR Block expiration extended with reason SERVER-WEBAPP Cisco Data Center Network Manager authentication bypass attempt - SourceFire (IP=252,PO) | updated by KD Bl
176.111.174.0	24	NAB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HIVE Case #5136 TO-S-21-1197 TO-S-21-1197.01 (IP=0,RU)
176.111.60.0	22	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	GB TO-S-2021-0876 Hive Case 4166 Malware Activity
176.112.160.0	20	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	RU Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
176.113.115.10	32	wmp	None	2021-06-15 00:00:00	2021-09-15 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=10,RU)
176.113.115.89	32	RR	None	2020-10-20 00:00:00	2021-01-18 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - TT# 21C00160 (IP=89,RU)
176.113.125.254	24	RR	None	2021-01-05 00:00:00	2021-04-05 00:00:00	None	FTP Login Failed - Failed Logons (IP=254,RU)
176.113.160.0	20	wmp	None	2020-09-01 00:00:00	2021-10-29 00:00:00	None	HIVE Case #3708 TO-S-2020-0766 (IP=0,UA) | updated by dbc Block expiration extended with reason UA Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
176.113.74.45	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	CA TO-S-2020-0459 Malware Activity
176.115.136.0	21	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5637 TO-S-2021-1321 (IP=0,RU)
176.115.14.57	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	PL TO-S-2020-0298 Malicious Email Activity
176.115.32.0	19	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	RU Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
176.115.56.27	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	RU TO-S-2020-0331 Malicious Web Application Activity
176.117.8.0	21	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=0,RU)
176.118.100.224	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	SK TO-S-2020-0303 Malicious Email Activity
176.119.140.0	22	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	RU Hive Case 4237 TO-S-2021-0910 Malware Activity
176.119.24.0	21	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	UA TO-S-2021-1007 Malware Activity
176.12.96.0	21	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	RU TO-S-2020-0298 Malicious Email Activity
176.121.9.0	24	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	UA Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
176.123.0.0	21	dbc	None	2020-06-10 00:00:00	2021-06-10 00:00:00	None	MD TO-S-2020-0601 Malicious Reconnaissance Activity
176.123.228.187	24	RW	None	2021-02-09 00:00:00	2021-05-09 00:00:00	None	Authentication Failure - 6 hr failed logons (IP=187,KG)
176.123.60.152	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	PL TO-S-2020-0303 Malicious Email Activity
176.129.85.128	24	RW	None	2021-06-17 00:00:00	2021-09-15 00:00:00	None	SERVER-OTHER Hashicorp Consul services API remote code execution attempt - SourceFire (IP=128,FR)
176.140.198.203	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	FR TO-S-2020-0331 Malicious Web Application Activity
176.145.70.10	24	FT	None	2021-03-30 00:00:00	2021-06-28 00:00:00	None	SQL injection - Web Attacks (IP=10,FR)
176.149.213.20	24	BMP	None	2021-08-13 00:00:00	2021-11-11 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - 6hr Web Attacks (IP=20,FR)
176.153.38.92	24	ZH	None	2021-09-14 00:00:00	2021-12-13 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - 6hr web attacks (IP=92,FR)
176.155.197.153	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	FR TO-S-2020-0298 Malicious Email Activity
176.156.14.94	24	EE	None	2020-11-27 00:00:00	2021-02-27 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - Web Attacks (IP=94,FR)
176.168.181.237	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	FR TO-S-2020-0459 Malware Activity
176.17.21.107	24	EE	None	2021-03-22 00:00:00	2021-06-20 00:00:00	None	HTTP: SQL Injection - Exploit II - Web Attack (IP=107,SA)
176.175.138.164	24	AR	None	2021-06-14 00:00:00	2021-09-12 00:00:00	None	SERVER-WEBAPP Terramaster TOS command injection attempt - 6HR WEB ATTACK (IP=164,FR)
176.19.208.87	24	EE	None	2021-01-31 00:00:00	2021-04-30 00:00:00	None	SQL injection - 6 HR Web Attack (IP=87,SA)
176.19.227.44	24	RW	None	2021-03-10 00:00:00	2021-06-10 00:00:00	None	SQL injection - 6hr web attacks (IP=44,SA)
176.193.108.143	24	RB	None	2021-04-08 00:00:00	2021-07-07 00:00:00	None	FTP Login Failed - 6hr failed logons (IP=143,RU)
176.196.243.70	32	srm	None	2021-01-29 00:00:00	2021-04-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=70,RU)
176.207.4.172	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	IT TO-S-2020-0331 Malicious Web Application Activity
176.216.236.151	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	TR TO-S-2020-0298 Malicious Email Activity
176.218.123.176	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	TR TO-S-2020-0303 Malicious Email Activity
176.218.188.76	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	TR TO-S-2020-0298 Malicious Email Activity
176.218.207.243	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	TR TO-S-2020-0331 Malicious Web Application Activity
176.221.0.0	21	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	RU Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
176.221.220.14	32	srm	None	2021-01-29 00:00:00	2021-04-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=14,GE)
176.221.220.216	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=216,GE)
176.221.240.238	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	GE Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
176.221.242.18	32	srm	None	2021-01-29 00:00:00	2021-04-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=18,GE)
176.221.242.206	32	srm	None	2021-01-29 00:00:00	2021-04-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=206,GE)
176.221.36.10	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	PT TO-S-2020-0459 Malware Activity
176.223.120.0	21	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	RO TO-S-2020-0535 Malware Activity
176.223.128.0	20	dbc	None	2020-06-08 00:00:00	2021-06-08 00:00:00	None	LT TO-S-2020-0592 Malicious Email Activity
176.223.165.206	32	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	DE TO-S-2020-0315 Malware Activity
176.223.96.0	22	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	RO TO-S-2020-0303 Malicious Email Activity
176.224.176.18	24	RW	None	2021-03-07 00:00:00	2021-06-07 00:00:00	None	HTTP: SQL Injection - Exploit II - 6hr web attacks (IP=18,SA)
176.225.119.27	24	EE	None	2021-03-15 00:00:00	2021-06-24 00:00:00	None	SQL injection - Web Attack (IP=27,SA) | updated by BMP Block expiration extended with reason SQL injection - 6hr Web Attacks (IP=27,SA)
176.27.32.212	24	BMP	None	2021-02-02 00:00:00	2021-05-02 00:00:00	None	SQL injection - 6hr Web Attacks (IP=212,GB)
176.28.64.0	21	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	RU TO-S-2020-0303 Malicious Email Activity
176.31.46.240	24	EE	None	2020-12-23 00:00:00	2021-03-23 00:00:00	None	SSH2 Failed Login Attempt - 6 HR FAILED LOGONS (IP=240,FR)
176.32.151.180	32	srm	None	2021-03-30 00:00:00	2021-06-30 00:00:00	None	Firepower Suspicious Scan Activity (IP=180,RU)
176.32.34.0	24	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	RU TO-S-2020-0322 Malware Activity
176.32.8.0	21	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	UA TO-S-2020-0298 Malicious Email Activity
176.33.95.131	24	EE	None	2021-04-19 00:00:00	2021-07-19 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt (1:19559:13) - Sourcefire (IP=131,TU) | updated by RW Block expiration extended with reason INDICATOR-SCAN SSH brute force login attempt - Sourcefire (IP=131,TR)
176.35.59.61	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	GB TO-S-2020-0459 Malware Activity
176.37.53.80	24	RR	None	2021-05-22 00:00:00	2021-08-20 00:00:00	None	HTTP: SQL Injection - Exploit - Web Attacks (IP=80,UA)
176.42.120.0	21	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	TR TO-S-2021-0876 Hive Case 4166 Malware Activity
176.43.38.82	32	dbc	None	2020-03-24 00:00:00	2021-03-24 00:00:00	None	TR TO-S-2020-0369 Malicious Email Activity
176.53.86.208	24	EE	None	2021-02-07 00:00:00	2021-05-08 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6 HR Web Attacks (IP=208,TR)
176.57.120.131	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	IT TO-S-2020-0303 Malicious Email Activity
176.57.126.83	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	IT TO-S-2020-0298 Malicious Email Activity
176.58.104.222	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	NL TO-S-2020-0298 Malware Activity
176.58.106.131	24	WR	None	2021-05-26 00:00:00	2021-08-24 00:00:00	None	Intrusion Event Record - TT#
176.58.108.160	32	wmp	None	2021-04-15 00:00:00	2021-07-15 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=160,GB)
176.58.109.238	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	NL TO-S-2020-0298 Malware Activity
176.58.113.142	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	GB Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
176.58.115.180	32	wmp	None	2021-06-15 00:00:00	2021-09-15 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=180,GB)
176.58.124.134	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	GB Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
176.58.125.216	24	FT	None	2020-11-01 00:00:00	2021-02-01 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=216,GB)
176.58.151.165	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	GR TO-S-2021-0876 Hive Case 4166 Malicious Web Application Activity
176.58.19.26	24	BMP	None	2021-06-24 00:00:00	2021-09-22 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6hr Failed Logons (IP=26,PL)
176.58.96.156	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	GB Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
176.62.165.57	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=57,BE)
176.62.173.239	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	BE Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
176.67.108.77	32	srm	None	2021-04-28 00:00:00	2021-07-27 00:00:00	None	Firepower Suspicious Scan Activity (IP=77,PS)
176.67.192.0	24	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	RS TO-S-2020-0331 Malicious Web Application Activity
176.67.85.31	32	GM	None	2021-01-07 00:00:00	2021-04-07 00:00:00	None	SERVER-WEBAPP JBoss web console access attempt - Web Attacks (IP=31,US)
176.67.85.31	24	RR	None	2021-01-07 00:00:00	2021-04-07 00:00:00	None	Nuclei Vulnerability Scanner - IPS Events (IP=31,NL)
176.67.86.139	32	wmp	None	2021-01-19 00:00:00	2021-04-19 00:00:00	None	Suspicious Scan Activity (IP=139,NL)
176.77.204.85	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	HU TO-S-2020-0298 Malicious Email Activity
176.88.132.245	24	GM	None	2020-10-15 00:00:00	2021-01-15 00:00:00	None	Phish.URL.Emotet - Case # 4037 (IP=245,TR)
176.9.1.166	32	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	DE TO-S-2020-0315 Malicious Email Activity
176.9.116.91	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	DE TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
176.9.116.91	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	DE TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
176.9.116.91	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	DE TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
176.9.116.91	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	DE TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
176.9.150.37	32	kmw	None	2020-01-02 00:00:00	2021-01-02 00:00:00	None	DE TO-S-2020-0228 Malicious Web Application Activity
176.9.199.7	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	DE TO-S-2021-0949 Hive Case 4363 Malicious Email Activity
176.9.45.34	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	DE TO-S-2021-0876 Hive Case 4166 Malicious Web Application Activity
176.9.45.35	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	DE TO-S-2021-0876 Hive Case 4166 Malicious Web Application Activity
176.96.225.96	24	DT	None	2021-08-04 00:00:00	2021-11-02 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt (1:19559:13) - Source Fire (IP=96,UA)
176.97.169.13	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	RU TO-S-2020-0331 Malicious Web Application Activity
176.98.159.20	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	RU TO-S-2020-0298 Malicious Email Activity
176.98.16.43	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	GB TO-S-2020-0303 Malicious Email Activity
176.99.138.154	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	RU TO-S-2020-0303 Malicious Email Activity
177.101.148.40	32	NAB	None	2020-10-30 00:00:00	2021-01-28 00:00:00	None	HIVE Case #4238 COLS-NA-TIP-20-0344 (IP=40,BR)
177.103.232.152	32	jkc	None	2021-04-21 00:00:00	2021-10-21 00:00:00	None	Case # 5273 IOC_TO-S-2021-1233 Malicious callback IP
177.11.71.135	32	srm	None	2021-01-28 00:00:00	2021-04-28 00:00:00	None	Firepower Suspicious Scan Activity (IP=135,BR)
177.124.216.106	24	FT	None	2020-11-01 00:00:00	2021-02-01 00:00:00	None	SERVER-WEBAPP Tomato router web interface bruteforce scan attempt (1:52827:1) - SourceFire (IP=106,BR)
177.125.60.23	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=23,BR)
177.126.95.180	24	WR	None	2021-05-27 00:00:00	2021-08-25 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (1:42857:3) - SourceFire (IP=180,BR)
177.134.173.53	24	BMP	None	2021-04-27 00:00:00	2021-07-26 00:00:00	None	SQL injection - 6hr Web Attacks (IP=53,BR)
177.143.141.235	24	BMP	None	2021-04-27 00:00:00	2021-07-26 00:00:00	None	SQL injection - 6hr Web Attacks (IP=235,BR)
177.154.28.0	22	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5629 TO-S-2021-1303 (IP=0,BR)
177.185.107.172	24	RR	None	2021-08-30 00:00:00	2021-11-28 00:00:00	None	Command Injection - Automated Block Calculations (IP=172,BR)
177.19.86.44	24	RR	None	2020-11-16 00:00:00	2021-02-14 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=44,BR)
177.194.249.80	24	RR	None	2020-11-25 00:00:00	2021-02-23 00:00:00	None	SQL 1 = 1 - possible sql injection attempt - Web Attacks (IP=80,BR)
177.200.163.118	32	srm	None	2021-04-30 00:00:00	2021-07-30 00:00:00	None	Firepower Suspicious Scan Activity (IP=118,BR)
177.200.178.0	24	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=0,BR)
177.200.219.170	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=170,BR)
177.200.223.0	24	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=0,BR)
177.206.211.146	24	RR	None	2021-05-29 00:00:00	2021-08-27 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=146,BR)
177.207.65.214	24	RW	None	2021-05-02 00:00:00	2021-08-02 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web attacks (IP=214,BR)
177.22.121.134	32	TLM	None	2021-06-10 00:00:00	2021-12-10 00:00:00	None	HIVE CASE #5606 TO-S-2021-1338
177.22.248.120	24	RW	None	2021-01-21 00:00:00	2021-04-21 00:00:00	None	Authentication Failure - 6 hr failed logons (IP=120,BR)
177.22.81.0	24	TLM	None	2021-07-29 00:00:00	2021-10-27 00:00:00	None	HIVE Case #5884 TO-S-2021-1435 (IP=0,BR)
177.23.184.0	21	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5637 TO-S-2021-1321 (IP=0,BR)
177.231.253.46	24	BMP	None	2021-02-16 00:00:00	2021-05-16 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt (1:51395:1) - SourceFire (IP=46,MX) | updated by RW Block expiration extended with reason SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Sourcefire (IP=46,MX)
177.234.144.0	20	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=0,BR)
177.36.181.54	24	SW	None	2021-06-17 00:00:00	2021-09-15 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt (1:19559:13) - Source Fire (IP=54,BR)
177.38.96.0	21	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=0,BR)
177.39.196.24	24	KH	None	2021-07-21 00:00:00	2021-10-19 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=24,BR)
177.39.74.233	32	srm	None	2021-04-28 00:00:00	2021-07-27 00:00:00	None	Firepower Suspicious Scan Activity (IP=233,BR)
177.42.167.169	24	BMP	None	2021-06-01 00:00:00	2021-08-30 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6hr Failed Logons (IP=169,BR)
177.42.167.169	24	BMP	None	2021-06-01 00:00:00	2021-08-30 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6hr Failed Logons (IP=169 BR)
177.42.167.169	24	BMP	None	2021-06-01 00:00:00	2021-08-30 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6hr Failed Logons (IP=169,BR)
177.42.167.169	24	BMP	None	2021-06-01 00:00:00	2021-08-30 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6hr Failed Logons (IP=169 BR)
177.44.192.0	20	jkc	None	2021-04-21 00:00:00	2021-10-21 00:00:00	None	Case # 5273 IOC_TO-S-2021-1233 Malicious callback IP
177.52.192.0	21	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5629 TO-S-2021-1303 (IP=0,BR)
177.52.77.88	24	KH	None	2021-09-04 00:00:00	2021-12-03 00:00:00	None	Generic URI Injection wget Attempt - FE IPS (IP=88,BR)
177.64.253.234	24	BMP	None	2021-03-30 00:00:00	2021-06-28 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=234,BR)
177.66.10.211	24	RB	None	2021-06-19 00:00:00	2021-09-17 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr web attacks (IP=211,BR)
177.70.33.5	24	RT	None	2021-05-20 00:00:00	2021-08-19 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6 hr web attacks (IP=5,BR)
177.70.98.153	24	RB	None	2021-03-29 00:00:00	2021-06-27 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr web attacks (IP=153,BR)
177.72.254.121	32	RW	None	2021-07-18 00:00:00	2021-12-02 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6 Hr Web Attack (IP=121,BR) | updated by AR Block expiration extended with reason HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) TT #21C01747 (IP=121,US)
177.8.160.0	20	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	BR TO-S-2021-0949 Hive Case 4363 Malware Activity
177.84.109.114	32	srm	None	2021-04-26 00:00:00	2021-07-25 00:00:00	None	Firepower Suspicious Scan Activity (IP=114,BR)
177.84.128.0	22	jkc	None	2021-04-21 00:00:00	2021-10-21 00:00:00	None	Case # 5273 IOC_TO-S-2021-1233 Malicious callback IP
177.96.167.148	24	RR	None	2020-10-28 00:00:00	2021-01-26 00:00:00	None	SERVER-WEBAPP Ulterius web server directory traversal attempt - Web Attacks (IP=148,BR)
178.118.120.191	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	BE TO-S-2020-0303 Malicious Email Activity
178.128.1.217	32	GM	None	2021-01-02 00:00:00	2021-04-02 00:00:00	None	HTTP: SQL Injection - Exploit II - Web Attacks (IP=217,US)
178.128.1.217	32	GM	None	2021-01-02 00:00:00	2021-04-02 00:00:00	None	HTTP: SQL Injection - Exploit II - Web Attacks (IP=217,US)
178.128.101.187	24	RW	None	2021-03-31 00:00:00	2021-06-30 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability - 6hr web attacks (IP=187,SG)
178.128.101.58	24	RR	None	2021-05-22 00:00:00	2021-08-20 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - 6hr web attacks (IP=58,SG) | updated by RR Block expiration extended with reason SERVER-WEBAPP PHPUnit PHP remote code execution attempt - SourceFire (IP=58,SG) SERVER-WEBAPP PHPUnit PHP remote
178.128.101.58	24	RB	None	2021-05-16 00:00:00	2021-08-20 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - 6hr web attacks (IP=58,SG) | updated by RR Block expiration extended with reason SERVER-WEBAPP PHPUnit PHP remote code execution attempt - SourceFire (IP=58,SG) SERVER-WEBAPP PHPUnit PHP remote
178.128.101.58	24	RB	None	2021-05-16 00:00:00	2021-08-20 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - 6hr web attacks (IP=58,SG) | updated by RR Block expiration extended with reason SERVER-WEBAPP PHPUnit PHP remote code execution attempt - SourceFire (IP=58,SG) SERVER-WEBAPP PHPUnit PHP remote
178.128.105.98	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	SG Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
178.128.105.98	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	SG Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
178.128.105.98	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	SG Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
178.128.106.249	24	BMP	None	2021-04-10 00:00:00	2021-07-10 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=249,SG)
178.128.107.60	24	BMP	None	2021-06-22 00:00:00	2021-09-20 00:00:00	None	SERVER-WEBAPP VMWare vSphere Client remote code execution attempt (1:57720:1) - SourceFire (IP=60,SG)
178.128.112.200	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	SG TO-S-2020-0459 Malware Activity
178.128.116.253	24	DT	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=253,SG)
178.128.118.236	24	RW	None	2021-03-31 00:00:00	2021-06-30 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability - 6hr web attacks (IP=236,SG)
178.128.119.73	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=73,SG)
178.128.14.171	32	GM	None	2021-01-02 00:00:00	2021-04-02 00:00:00	None	SERVER-WEBAPP Atlassian OAuth plugin multiple versions server side request forgery attempt - Web Attacks (IP=171,US)
178.128.14.213	32	GM	None	2021-01-03 00:00:00	2021-04-03 00:00:00	None	SQL 1 = 1 - possible sql injection attempt - Sourcefire (IP=213,US)
178.128.14.92	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malware Activity
178.128.144.165	16	AR	None	2021-09-10 00:00:00	2021-12-09 00:00:00	None	Adobe ColdFusion Administrator Access Restriction - Web Attacks (IP=165,US)
178.128.144.174	32	BB	None	2021-09-02 00:00:00	2021-12-01 00:00:00	None	Command Injection - ABC Report(IP=174,US)
178.128.145.0	32	RR	None	2021-03-23 00:00:00	2021-06-21 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=0,US)
178.128.145.22	32	BMP	None	2021-06-17 00:00:00	2021-09-15 00:00:00	None	SQL injection - 6hr Web Attacks (IP=22,US)
178.128.145.236	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	US TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
178.128.146.87	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	US TO-S-2020-0493 Malware Activity
178.128.149.166	32	BMP	None	2021-06-17 00:00:00	2021-09-15 00:00:00	None	SQL injection - 6hr Web Attacks (IP=166,US)
178.128.149.184	32	BMP	None	2021-06-17 00:00:00	2021-09-15 00:00:00	None	SQL injection - 6hr Web Attacks (IP=184,US)
178.128.15.221	24	RW	None	2021-04-19 00:00:00	2021-07-08 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=221,US) | Unblocked - INC000008317660 EasyPower is used by USACE for electrical analysis and design
178.128.152.230	32	BMP	None	2021-06-17 00:00:00	2021-09-15 00:00:00	None	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt - 6hr Web Attacks (IP=230,US)
178.128.152.32	32	BMP	None	2021-06-25 00:00:00	2021-09-23 00:00:00	None	SQL injection - 6hr Web Attacks (IP=32,US)
178.128.153.112	32	wmp	None	2021-02-17 00:00:00	2021-05-17 00:00:00	None	Imperva Distributed Nuclei Scanner (IP=112,US)
178.128.154.23	32	RW	None	2021-06-16 00:00:00	2021-09-15 00:00:00	None	Nuclei Vulnerability Scanner - Fireeye IPS (IP=23,US)
178.128.155.105	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	US TO-S-2021-0949 Hive Case 4363 Malicious Email Activity
178.128.155.32	32	GM	None	2021-04-22 00:00:00	2021-07-22 00:00:00	None	HTTP SQL Injection Attempt - Web Attacks (IP=32,US) | updated by wmp Block expiration extended with reason Palo Alto Suspicious Scan Activity (IP=32,US)
178.128.156.176	32	BMP	None	2021-06-17 00:00:00	2021-09-15 00:00:00	None	SQL injection - 6hr Web Attacks (IP=176,US)
178.128.156.41	32	BMP	None	2021-06-17 00:00:00	2021-09-15 00:00:00	None	SQL injection - 6hr Web Attacks (IP=41,US)
178.128.171.76	24	FT	None	2020-10-04 00:00:00	2021-01-04 00:00:00	None	HTTP SQL Injection Attempt - Web Attacks (IP=76,GB)
178.128.174.19	24	EE	None	2021-03-15 00:00:00	2021-09-13 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attack (IP=19,GB) | updated by KD Block was inactive. Reactivated on 20210614 with reason SERVER-WEBAPP PHPUnit PHP remote code execution attempt- Web Attacks (IP=19,GB)
178.128.176.122	32	EE	None	2021-04-04 00:00:00	2021-07-03 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) Web Attack (IP=122,US)
178.128.178.244	32	RB	None	2018-10-25 05:00:00	2021-02-20 00:00:00	None	SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt (IP=244 US) | updated by dbc Block was inactive. Reactivated on 20200220 with reason US TO-S-2020-0303 Malicious Email Activity
178.128.179.41	32	GM	None	2021-01-03 00:00:00	2021-04-03 00:00:00	None	SQL 1 = 1 - possible sql injection attempt - Sourcefire (IP=41,US)
178.128.180.114	32	GM	None	2021-01-02 00:00:00	2021-04-02 00:00:00	None	SERVER-WEBAPP Oracle Business Intelligence directory traversal attempt - Web Attacks (IP=114,US)
178.128.184.24	32	RW	None	2021-01-03 00:00:00	2021-04-03 00:00:00	None	HTTP: SQL Injection - Exploit II - Web Attacks (IP=24,US)
178.128.188.163	32	GM	None	2021-01-02 00:00:00	2021-04-02 00:00:00	None	SERVER-WEBAPP Atlassian OAuth plugin multiple versions server side request forgery attempt - Web Attacks (IP=163,US)
178.128.188.237	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	US TO-S-2020-0493 Malware Activity
178.128.190.243	32	RB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=243,US)
178.128.192.11	32	wmp	None	2021-05-14 00:00:00	2021-08-14 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=11,DE)
178.128.193.25	24	RW	None	2021-05-02 00:00:00	2021-08-02 00:00:00	None	SQL injection - Web attacks (IP=25,DE)
178.128.196.211	24	CR	None	2021-04-30 00:00:00	2021-07-30 00:00:00	None	HTTP SQL injection_Web Attack Report (IP=211,DE)
178.128.197.17	24	RB	None	2021-05-10 00:00:00	2021-08-08 00:00:00	None	SQL injection - 6hr web attacks (IP=17,DE)
178.128.198.235	24	RB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr failed logons (IP=235,DE)
178.128.199.90	24	RB	None	2021-05-02 00:00:00	2021-07-31 00:00:00	None	HTTP: Apache mod_cgi Bash Environment Variable Code Injection - 6hr web attacks (IP=90,DE)
178.128.2.107	32	GM	None	2020-11-05 00:00:00	2021-02-05 00:00:00	None	Nuclei Vulnerability Scanner other HTTP - FireEye CMS (IP=107,US)
178.128.203.31	24	RR	None	2021-05-04 00:00:00	2021-08-02 00:00:00	None	SQL injection - Web Attacks (IP=31,DE)
178.128.204.130	24	RB	None	2021-05-02 00:00:00	2021-07-31 00:00:00	None	HTTP: PHP File Upload Vulnerability Detected - 6hr web attacks (IP=130,DE)
178.128.205.216	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	US TO-S-2020-0698 Malicious Email Activity
178.128.206.112	24	CR	None	2021-04-30 00:00:00	2021-07-30 00:00:00	None	HTTP SQL injection_Web Attack Report (IP=112,DE)
178.128.206.34	24	BMP	None	2021-08-16 00:00:00	2021-11-14 00:00:00	None	ReputationDV Malware Event - TT# 21C01554 (IP=34,DE)
178.128.207.56	32	srm	None	2021-05-17 00:00:00	2021-08-15 00:00:00	None	Firepower Suspicious Scan Activity (IP=56,DE)
178.128.208.77	24	EE	None	2021-03-28 00:00:00	2021-06-26 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks(IP=77,SG)
178.128.209.120	24	BMP	None	2021-03-30 00:00:00	2021-06-28 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=120,SG)
178.128.212.173	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	SG TO-S-2020-0459 Malware Activity
178.128.212.95	32	srm	None	2021-04-30 00:00:00	2021-07-30 00:00:00	None	Firepower Suspicious Scan Activity (IP=95,SG)
178.128.215.95	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	SG TO-S-2020-0459 Malware Activity
178.128.220.175	24	EE	None	2021-04-06 00:00:00	2021-07-05 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire (IP=175,SG)
178.128.229.81	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	CA TO-S-2020-0459 Malware Activity
178.128.229.81	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	CA TO-S-2020-0459 Malware Activity
178.128.23.143	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	SG TO-S-2020-0459 Malware Activity
178.128.232.144	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	CA Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
178.128.232.228	24	RR	None	2021-03-11 00:00:00	2021-06-09 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=228,CA)
178.128.233.43	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	CA Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
178.128.233.62	24	EE	None	2021-04-06 00:00:00	2021-07-05 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire (IP=62,CA)
178.128.234.200	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	CA Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
178.128.235.208	24	RW	None	2021-04-02 00:00:00	2021-07-02 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=208,CA)
178.128.235.55	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	CA Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
178.128.236.202	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	CA TO-S-2020-0493 Malware Activity
178.128.236.243	24	RW	None	2020-11-04 00:00:00	2021-02-04 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=243,CA)
178.128.236.248	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	CA TO-S-2020-0331 Malicious Web Application Activity
178.128.247.152	32	wmp	None	2021-05-13 00:00:00	2021-08-13 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=152,NL)
178.128.249.85	32	srm	None	2021-04-26 00:00:00	2021-07-25 00:00:00	None	Firepower Suspicious Scan Activity (IP=85,NL)
178.128.4.19	32	GM	None	2021-01-03 00:00:00	2021-04-03 00:00:00	None	SQL 1 = 1 - possible sql injection attempt - Sourcefire (IP=19,US)
178.128.4.209	32	GM	None	2021-01-02 00:00:00	2021-04-02 00:00:00	None	SERVER-WEBAPP Mantis Bug Tracker password reset attempt - Web Attacks (IP=163,US)
178.128.41.212	24	EE	None	2021-01-08 00:00:00	2021-04-08 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire (IP=212,GB)
178.128.47.146	24	EE	None	2021-03-22 00:00:00	2021-06-20 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attack(IP=146,GB)
178.128.47.206	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	GB TO-S-2020-0331 Malicious Web Application Activity
178.128.5.0	32	RW	None	2020-12-05 00:00:00	2021-03-05 00:00:00	None	Nuclei Vulnerability Scanner - Fireeye IPS (IP=0,US)
178.128.6.194	32	GM	None	2021-01-03 00:00:00	2021-04-03 00:00:00	None	SQL 1 = 1 - possible sql injection attempt - Sourcefire (IP=194,US)
178.128.69.81	32	RB	None	2021-03-24 00:00:00	2021-06-22 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr web attacks (IP=81 US)
178.128.77.147	32	RR	None	2020-12-29 00:00:00	2021-03-29 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=147,US)
178.128.80.37	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	SG TO-S-2020-0459 Malware Activity
178.128.90.190	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	SG TO-S-2020-0298 Malware Activity
178.128.92.188	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	SG TO-S-2020-0331 Malicious Web Application Activity
178.128.94.31	32	BMP	None	2020-03-05 00:00:00	2021-10-29 00:00:00	None	Known Attack Tool User Agent / HTTP: Masscan Scanner Traffic Detected - TT# 20C02009 (IP=31,SG) | updated by dbc Block was inactive. Reactivated on 20201029 with reason SG Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
178.128.94.58	24	EE	None	2021-04-07 00:00:00	2021-07-06 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire (IP=58,SG)
178.132.169.75	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	MD TO-S-2020-0298 Malicious Email Activity
178.135.0.4	24	BMP	None	2020-12-06 00:00:00	2021-03-06 00:00:00	None	SERVER-WEBAPP Oracle Business Intelligence directory traversal attempt - 6hr Web Attacks (IP=4,LB)
178.135.245.10	24	RT	None	2021-07-21 00:00:00	2021-10-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (1:42857:3) - Sourcefire Report (IP=10,LB)
178.135.3.108	24	BMP	None	2020-12-06 00:00:00	2021-03-06 00:00:00	None	HTTP SQL Injection Attempt - 6hr Web Attacks (IP=108,LB)
178.141.126.251	24	GM	None	2021-01-12 00:00:00	2021-04-12 00:00:00	None	Generic URI Injection wget Attempt - FireEye CMS (IP=251,RU)
178.141.185.124	32	srm	None	2021-03-30 00:00:00	2021-06-30 00:00:00	None	Firepower Suspicious Scan Activity (IP=124,RU)
178.141.202.157	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=157,RU)
178.141.202.157	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=157,RU)
178.141.202.157	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=157,RU)
178.141.211.79	32	srm	None	2021-05-05 00:00:00	2021-08-03 00:00:00	None	Firepower Suspicious Scan Activity (IP=79,RU)
178.141.215.81	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	HIVE Case #Firepower Firepower (IP=81,RU)
178.141.44.159	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=159,RU)
178.141.57.168	32	srm	None	2021-05-17 00:00:00	2021-08-15 00:00:00	None	Firepower Suspicious Scan Activity (IP=168,RU)
178.141.77.137	32	wmp	None	2021-04-23 00:00:00	2021-07-23 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=137,RU)
178.141.89.176	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=176,RU)
178.142.192.230	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	DE TO-S-2020-0331 Malicious Web Application Activity
178.148.12.229	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	RS TO-S-2020-0303 Malicious Email Activity
178.152.205.218	24	CR	None	2021-06-29 00:00:00	2021-09-27 00:00:00	None	ESM High Attacker Suspicious Scan Activity (IP=218,QA)
178.152.239.2	32	wmp	None	2021-03-11 00:00:00	2021-06-11 00:00:00	None	ArcSight High Attacker (IP=2,QA)
178.154.231.53	24	EE	None	2020-12-31 00:00:00	2021-03-31 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=53,RU)
178.154.252.103	24	RR	None	2020-12-30 00:00:00	2021-03-30 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=103,RU)
178.156.225.206	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	RO TO-S-2020-0331 Malicious Web Application Activity
178.156.95.174	32	wmp	None	2021-05-21 00:00:00	2021-08-21 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=174,ES)
178.157.91.87	32	srm	None	2021-05-05 00:00:00	2021-08-03 00:00:00	None	Firepower Suspicious Scan Activity (IP=87,NL)
178.159.111.11	32	srm	None	2021-03-30 00:00:00	2021-06-30 00:00:00	None	Firepower Suspicious Scan Activity (IP=11,UA)
178.159.37.85	32	jkc	None	2020-06-26 00:00:00	2021-06-26 00:00:00	None	Case # 3146 - IOC_ CTO 20-172 malicious callback IP (ip=85,RU)
178.159.37.88	32	jkc	None	2020-06-26 00:00:00	2021-06-26 00:00:00	None	Case # 3146 - IOC_ CTO 20-172 malicious callback IP (ip=88,RU)
178.16.58.76	32	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	DE TO-S-2020-0322 Malware Activity
178.168.128.123	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	BY TO-S-2020-0750 Malicious Email Activity
178.17.170.178	32	GM	None	2021-03-09 00:00:00	2021-06-07 00:00:00	None	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00632 (IP=178,MD)
178.17.170.23	32	GM	None	2021-03-09 00:00:00	2021-06-07 00:00:00	None	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00630 (IP=23,MD)
178.17.174.14	32	DT	None	2021-03-14 00:00:00	2021-06-14 00:00:00	None	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00678 (IP=14,MD)
178.17.174.68	32	RW	None	2021-03-10 00:00:00	2021-06-10 00:00:00	None	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00664 (IP=68,MD)
178.170.138.62	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	MX TO-S-2020-0698 Malicious Email Activity
178.170.184.158	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	CN TO-S-2020-0303 Malicious Email Activity
178.170.248.0	21	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	RU Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
178.173.15.204	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	RU TO-S-2020-0303 Malicious Email Activity
178.174.174.11	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	SE TO-S-2021-1007 Malware Activity
178.175.0.103	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=103,AL)
178.175.1.155	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=155,AL)
178.175.1.254	32	srm	None	2021-03-30 00:00:00	2021-06-30 00:00:00	None	Firepower Suspicious Scan Activity (IP=254,AL)
178.175.1.75	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=75,AL)
178.175.1.76	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=76,AL)
178.175.10.48	32	wmp	None	2021-04-28 00:00:00	2021-07-28 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=48,AL)
178.175.10.96	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=96,AL)
178.175.100.215	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=215,AL)
178.175.101.155	32	srm	None	2021-04-23 00:00:00	2021-07-22 00:00:00	None	Firepower Suspicious Scan Activity (IP=155,AL)
178.175.101.219	32	wmp	None	2021-05-13 00:00:00	2021-08-13 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=219,AL)
178.175.101.232	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=232,AL)
178.175.101.45	32	srm	None	2021-03-30 00:00:00	2021-06-30 00:00:00	None	Firepower Suspicious Scan Activity (IP=45,AL)
178.175.102.136	32	wmp	None	2021-05-03 00:00:00	2021-08-03 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=136,AL)
178.175.102.190	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=190,AL)
178.175.102.200	32	wmp	None	2021-05-14 00:00:00	2021-08-14 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=200,AL)
178.175.102.207	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=207,AL)
178.175.103.105	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=105,AL)
178.175.103.115	32	wmp	None	2021-05-21 00:00:00	2021-08-21 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=115,AL)
178.175.103.131	32	srm	None	2021-05-19 00:00:00	2021-08-17 00:00:00	None	Firepower Suspicious Scan Activity (IP=131,AL)
178.175.103.217	32	srm	None	2021-04-23 00:00:00	2021-07-22 00:00:00	None	Firepower Suspicious Scan Activity (IP=217,AL)
178.175.103.58	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=58,AL)
178.175.104.112	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=112,AL)
178.175.104.15	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=15,AL)
178.175.104.194	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=194,AL)
178.175.104.69	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=69,AL)
178.175.105.206	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=206,AL)
178.175.105.213	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=213,AL)
178.175.105.243	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=243,AL)
178.175.105.245	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=245,AL)
178.175.105.249	32	wmp	None	2021-05-03 00:00:00	2021-08-03 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=249,AL)
178.175.105.47	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=47,AL)
178.175.105.54	32	srm	None	2021-03-30 00:00:00	2021-06-30 00:00:00	None	Firepower Suspicious Scan Activity (IP=54,AL)
178.175.106.182	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=182,AL)
178.175.106.19	32	srm	None	2021-05-17 00:00:00	2021-08-15 00:00:00	None	Firepower Suspicious Scan Activity (IP=19,undefined)
178.175.106.219	32	wmp	None	2021-04-29 00:00:00	2021-07-29 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=219,AL)
178.175.106.238	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=238,AL)
178.175.106.42	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=42,AL)
178.175.106.83	32	wmp	None	2021-05-03 00:00:00	2021-08-03 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=83,AL)
178.175.108.156	24	GM	None	2021-03-03 00:00:00	2021-06-03 00:00:00	None	Generic URI Injection wget Attempt - FireEye CMS (IP=156,AL)
178.175.108.189	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=189,AL)
178.175.109.0	32	wmp	None	2021-04-20 00:00:00	2021-07-20 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=0,AL)
178.175.109.116	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=116,AL)
178.175.109.132	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=132,AL)
178.175.109.181	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=181,AL)
178.175.11.119	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	HIVE Case #Firepower Firepower (IP=119,AL)
178.175.11.139	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=139,AL)
178.175.11.209	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=209,AL)
178.175.110.178	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=178,AL)
178.175.110.195	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=195,AL)
178.175.110.26	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	HIVE Case #Firepower Firepower (IP=26,AL)
178.175.110.50	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	HIVE Case #Firepower Firepower (IP=50,AL)
178.175.111.126	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=126,AL)
178.175.112.163	32	wmp	None	2021-05-11 00:00:00	2021-08-11 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=163,AL)
178.175.112.183	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=183,AL)
178.175.112.204	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=204,AL)
178.175.112.230	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=230,AL)
178.175.112.254	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=254,AL)
178.175.112.30	32	wmp	None	2021-04-19 00:00:00	2021-07-19 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=30,AL)
178.175.112.75	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=75,AL)
178.175.113.144	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=144,AL)
178.175.113.174	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=174,AL)
178.175.113.35	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	HIVE Case #Firepower Firepower (IP=35,AL)
178.175.113.68	32	srm	None	2021-04-26 00:00:00	2021-07-25 00:00:00	None	Firepower Suspicious Scan Activity (IP=68,AL)
178.175.114.198	32	wmp	None	2021-04-30 00:00:00	2021-07-30 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=198,AL)
178.175.114.212	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=212,AL)
178.175.114.214	32	wmp	None	2021-05-21 00:00:00	2021-08-21 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=214,AL)
178.175.114.54	32	wmp	None	2021-04-22 00:00:00	2021-07-22 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=54,AL)
178.175.114.63	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=63,AL)
178.175.114.68	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=68,AL)
178.175.115.101	32	wmp	None	2021-05-13 00:00:00	2021-08-13 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=101,AL)
178.175.115.115	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=115,AL)
178.175.115.127	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	HIVE Case #Firepower Firepower (IP=127,AL)
178.175.115.166	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=166,AL)
178.175.115.206	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=206,AL)
178.175.115.40	32	srm	None	2021-05-14 00:00:00	2021-08-12 00:00:00	None	Firepower Suspicious Scan Activity (IP=40,AL)
178.175.115.7	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=7,AL)
178.175.116.170	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=170,AL)
178.175.116.47	32	wmp	None	2021-04-20 00:00:00	2021-07-20 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=47,AL)
178.175.117.180	32	srm	None	2021-05-14 00:00:00	2021-08-12 00:00:00	None	Firepower Suspicious Scan Activity (IP=180,AL)
178.175.117.72	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=72,AL)
178.175.118.101	32	srm	None	2021-05-05 00:00:00	2021-08-03 00:00:00	None	Firepower Suspicious Scan Activity (IP=101,AL)
178.175.119.115	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=115,AL)
178.175.119.173	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	HIVE Case #Firepower Firepower (IP=173,AL)
178.175.119.20	32	srm	None	2021-03-30 00:00:00	2021-06-30 00:00:00	None	Firepower Suspicious Scan Activity (IP=20,AL)
178.175.12.101	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=101,AL)
178.175.12.213	32	srm	None	2021-05-19 00:00:00	2021-08-17 00:00:00	None	Firepower Suspicious Scan Activity (IP=213,AL)
178.175.120.131	32	wmp	None	2021-05-13 00:00:00	2021-08-13 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=131,AL)
178.175.121.125	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=125,AL)
178.175.121.130	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=130,AL)
178.175.121.151	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=151,AL)
178.175.121.169	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=169,AL)
178.175.121.54	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=54,AL)
178.175.121.88	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=88,AL)
178.175.122.14	32	wmp	None	2021-05-03 00:00:00	2021-08-03 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=14,AL)
178.175.122.141	32	wmp	None	2021-04-27 00:00:00	2021-07-27 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=141,AL)
178.175.122.245	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=245,AL)
178.175.122.28	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=28,AL)
178.175.123.114	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	HIVE Case #Firepower Firepower (IP=114,AL)
178.175.123.145	32	srm	None	2021-05-17 00:00:00	2021-08-15 00:00:00	None	Firepower Suspicious Scan Activity (IP=145,AL)
178.175.123.255	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=255,AL)
178.175.123.33	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=33,AL)
178.175.123.60	32	srm	None	2021-04-23 00:00:00	2021-07-22 00:00:00	None	Firepower Suspicious Scan Activity (IP=60,AL)
178.175.124.113	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=113,AL)
178.175.124.129	32	srm	None	2021-04-30 00:00:00	2021-07-30 00:00:00	None	Firepower Suspicious Scan Activity (IP=129,AL)
178.175.124.157	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=157,AL)
178.175.124.199	32	wmp	None	2021-04-28 00:00:00	2021-07-28 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=199,AL)
178.175.124.233	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=233,AL)
178.175.124.251	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	HIVE Case #Firepower Firepower (IP=251,AL)
178.175.124.32	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=32,AL)
178.175.124.75	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=75,AL)
178.175.125.158	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=158,AL)
178.175.125.204	32	NAB	None	2021-04-05 00:00:00	2021-07-04 00:00:00	None	HIVE Case #5201 TO-S-21-1209 (IP=204,AL)
178.175.125.72	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=72,AL)
178.175.126.234	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=234,AL)
178.175.127.166	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=166,AL)
178.175.127.176	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=176,AL)
178.175.127.90	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=90,AL)
178.175.127.97	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=97,AL)
178.175.13.222	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=222,AL)
178.175.131.114	24	EE	None	2021-02-15 00:00:00	2021-05-15 00:00:00	None	SERVER-WEBAPP Oracle Glassfish unauthenticated directory traversal attempt - 6 HR Web Attacks (IP=114,MD)
178.175.14.138	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=138,AL)
178.175.14.248	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=248,AL)
178.175.15.166	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=166,AL)
178.175.15.19	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=19,AL)
178.175.15.44	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=44,AL)
178.175.15.72	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=72,AL)
178.175.16.132	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=132,AL)
178.175.16.26	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=26,AL)
178.175.16.52	32	wmp	None	2021-04-28 00:00:00	2021-07-28 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=52,AL)
178.175.16.62	32	srm	None	2021-05-19 00:00:00	2021-08-17 00:00:00	None	Firepower Suspicious Scan Activity (IP=62,AL)
178.175.16.71	32	srm	None	2021-04-30 00:00:00	2021-07-30 00:00:00	None	Firepower Suspicious Scan Activity (IP=71,AL)
178.175.17.109	32	wmp	None	2021-05-11 00:00:00	2021-08-11 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=109,AL)
178.175.17.113	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=113,AL)
178.175.17.231	32	srm	None	2021-04-26 00:00:00	2021-07-25 00:00:00	None	Firepower Suspicious Scan Activity (IP=231,AL)
178.175.17.245	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=245,AL)
178.175.18.177	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=177,AL)
178.175.18.195	32	wmp	None	2021-05-07 00:00:00	2021-08-07 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=195,AL)
178.175.18.233	32	wmp	None	2021-04-26 00:00:00	2021-07-26 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=233,AL)
178.175.18.31	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=31,AL)
178.175.18.62	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=62,AL)
178.175.18.75	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=75,AL)
178.175.18.93	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=93,AL)
178.175.19.166	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=166,AL)
178.175.19.254	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	HIVE Case #Firepower Firepower (IP=254,AL)
178.175.2.110	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=110,AL)
178.175.2.158	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=158,AL)
178.175.2.175	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=175,AL)
178.175.2.188	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=188,AL)
178.175.2.189	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=189,AL)
178.175.2.190	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=190,AL)
178.175.2.71	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=71,AL)
178.175.20.117	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=117,AL)
178.175.21.161	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=161,AL)
178.175.21.176	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=176,AL)
178.175.21.71	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=71,AL)
178.175.22.112	32	wmp	None	2021-04-20 00:00:00	2021-07-20 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=112,AL)
178.175.22.173	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=173,AL)
178.175.22.177	32	srm	None	2021-05-19 00:00:00	2021-08-17 00:00:00	None	Firepower Suspicious Scan Activity (IP=177,AL)
178.175.22.205	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=205,AL)
178.175.22.237	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=237,AL)
178.175.22.51	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=51,AL)
178.175.22.67	32	wmp	None	2021-04-26 00:00:00	2021-07-26 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=67,AL)
178.175.23.106	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=106,AL)
178.175.23.152	32	wmp	None	2021-05-13 00:00:00	2021-08-13 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=152,AL)
178.175.23.226	32	srm	None	2021-04-22 00:00:00	2021-07-21 00:00:00	None	Firepower Suspicious Scan Activity (IP=226,AL)
178.175.24.240	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=240,AL)
178.175.25.129	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=129,AL)
178.175.25.177	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=177,AL)
178.175.25.46	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=46,AL)
178.175.26.225	32	NAB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HIVE Case #5136 TO-S-21-1197 TO-S-21-1197.01 (IP=225,AL)
178.175.26.90	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=90,AL)
178.175.27.136	32	wmp	None	2021-04-28 00:00:00	2021-07-28 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=136,AL)
178.175.27.199	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=199,AL)
178.175.27.244	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=244,AL)
178.175.29.162	32	srm	None	2021-05-05 00:00:00	2021-08-03 00:00:00	None	Firepower Suspicious Scan Activity (IP=162,AL)
178.175.29.172	32	srm	None	2021-04-20 00:00:00	2021-07-19 00:00:00	None	Firepower Suspicious Scan Activity (IP=172,AL)
178.175.29.91	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=91,AL)
178.175.30.186	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	HIVE Case #Firepower Firepower (IP=186,AL)
178.175.30.213	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=213,AL)
178.175.30.242	32	srm	None	2021-03-30 00:00:00	2021-06-30 00:00:00	None	Firepower Suspicious Scan Activity (IP=242,AL)
178.175.31.27	24	SW	None	2021-06-09 00:00:00	2021-09-07 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Web Attacks(IP=27, AL)
178.175.32.220	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=220,AL)
178.175.32.248	32	wmp	None	2021-04-20 00:00:00	2021-07-20 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=248,AL)
178.175.33.23	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=23,AL)
178.175.33.246	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=246,AL)
178.175.34.180	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=180,AL)
178.175.34.216	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=216,AL)
178.175.34.223	32	NAB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HIVE Case #5136 TO-S-21-1197 TO-S-21-1197.01 (IP=223,AL)
178.175.35.110	32	srm	None	2021-03-30 00:00:00	2021-06-30 00:00:00	None	Firepower Suspicious Scan Activity (IP=110,AL)
178.175.35.29	32	srm	None	2021-05-19 00:00:00	2021-08-17 00:00:00	None	Firepower Suspicious Scan Activity (IP=29,AL)
178.175.35.40	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=40,AL)
178.175.36.100	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=100,AL)
178.175.36.146	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=146,AL)
178.175.36.153	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=153,AL)
178.175.36.175	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=175,AL)
178.175.36.43	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=43,AL)
178.175.37.129	32	srm	None	2021-05-19 00:00:00	2021-08-17 00:00:00	None	Firepower Suspicious Scan Activity (IP=129,AL)
178.175.37.149	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=149,AL)
178.175.37.215	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=215,AL)
178.175.37.83	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=83,AL)
178.175.38.12	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=12,AL)
178.175.38.132	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=132,AL)
178.175.38.152	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=152,AL)
178.175.38.88	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=88,AL)
178.175.39.129	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=129,AL)
178.175.39.210	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=210,AL)
178.175.39.36	32	wmp	None	2021-04-30 00:00:00	2021-07-30 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=36,AL)
178.175.4.125	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	HIVE Case #Firepower Firepower (IP=125,AL)
178.175.4.150	32	wmp	None	2021-05-14 00:00:00	2021-08-14 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=150,AL)
178.175.40.166	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=166,AL)
178.175.40.251	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=251,AL)
178.175.40.59	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=59,AL)
178.175.41.108	32	srm	None	2021-03-30 00:00:00	2021-06-30 00:00:00	None	Firepower Suspicious Scan Activity (IP=108,AL)
178.175.41.182	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=182,AL)
178.175.41.217	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=217,AL)
178.175.41.250	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=250,AL)
178.175.41.39	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=39,AL)
178.175.42.28	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=28,AL)
178.175.42.57	32	srm	None	2021-04-30 00:00:00	2021-07-30 00:00:00	None	Firepower Suspicious Scan Activity (IP=57,AL)
178.175.42.90	32	wmp	None	2021-04-19 00:00:00	2021-07-19 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=90,AL)
178.175.43.114	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=114,AL)
178.175.43.121	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=121,AL)
178.175.43.23	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	HIVE Case #Firepower Firepower (IP=23,AL)
178.175.45.234	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=234,AL)
178.175.45.3	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=3,AL)
178.175.47.56	24	RB	None	2021-03-02 00:00:00	2021-05-31 00:00:00	None	Generic URI Injection wget Attempt - IPS Events (IP=56,AL)
178.175.48.174	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=174,AL)
178.175.48.185	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=185,AL)
178.175.48.226	32	srm	None	2021-04-26 00:00:00	2021-07-25 00:00:00	None	Firepower Suspicious Scan Activity (IP=226,AL)
178.175.49.176	32	srm	None	2021-05-17 00:00:00	2021-08-15 00:00:00	None	Firepower Suspicious Scan Activity (IP=176,AL)
178.175.49.78	32	wmp	None	2021-04-29 00:00:00	2021-07-29 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=78,AL)
178.175.49.82	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=82,AL)
178.175.49.92	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=92,AL)
178.175.5.240	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=240,AL)
178.175.5.88	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=88,AL)
178.175.50.177	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=177,AL)
178.175.50.217	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=217,AL)
178.175.50.42	32	wmp	None	2021-04-27 00:00:00	2021-07-27 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=42,AL)
178.175.50.68	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=68,AL)
178.175.51.101	32	wmp	None	2021-04-26 00:00:00	2021-07-26 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=101,AL)
178.175.51.160	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=160,AL)
178.175.51.2	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=2,AL)
178.175.51.223	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=223,AL)
178.175.52.139	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=139,AL)
178.175.52.24	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=24,AL)
178.175.52.46	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=46,AL)
178.175.53.135	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=135,AL)
178.175.53.214	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=214,AL)
178.175.53.56	32	srm	None	2021-03-30 00:00:00	2021-06-30 00:00:00	None	Firepower Suspicious Scan Activity (IP=56,AL)
178.175.54.100	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=100,AL)
178.175.54.225	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=225,AL)
178.175.54.237	32	wmp	None	2021-05-13 00:00:00	2021-08-13 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=237,AL)
178.175.54.249	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=249,AL)
178.175.55.133	32	srm	None	2021-03-30 00:00:00	2021-06-30 00:00:00	None	Firepower Suspicious Scan Activity (IP=133,AL)
178.175.55.156	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=156,AL)
178.175.55.99	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=99,AL)
178.175.56.222	24	GM	None	2021-03-03 00:00:00	2021-06-03 00:00:00	None	Generic URI Injection wget Attempt - FireEye CMS (IP=222,AL)
178.175.57.179	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=179,AL)
178.175.57.230	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	HIVE Case #Firepower Firepower (IP=230,AL)
178.175.57.249	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=249,AL)
178.175.57.25	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=25,AL)
178.175.58.126	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=126,AL)
178.175.58.147	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=147,AL)
178.175.58.155	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=155,AL)
178.175.58.201	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=201,AL)
178.175.59.142	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=142,AL)
178.175.6.136	32	NAB	None	2021-04-05 00:00:00	2021-07-04 00:00:00	None	HIVE Case #5201 TO-S-21-1209 (IP=136,AL)
178.175.6.195	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=195,AL)
178.175.6.203	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=203,AL)
178.175.6.226	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	HIVE Case #Firepower Firepower (IP=226,AL)
178.175.6.246	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=246,AL)
178.175.6.28	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=28,AL)
178.175.6.50	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=50,AL)
178.175.60.132	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	HIVE Case #Firepower Firepower (IP=132,AL)
178.175.60.209	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=209,AL)
178.175.60.59	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=59,AL)
178.175.61.103	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=103,AL)
178.175.61.117	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=117,AL)
178.175.61.143	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=143,AL)
178.175.61.28	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=28,AL)
178.175.62.132	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	HIVE Case #Firepower Firepower (IP=132,AL)
178.175.62.201	32	srm	None	2021-04-27 00:00:00	2021-07-26 00:00:00	None	Firepower Suspicious Scan Activity (IP=201,AL)
178.175.62.34	32	wmp	None	2021-04-20 00:00:00	2021-07-20 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=34,AL)
178.175.63.205	32	wmp	None	2021-05-21 00:00:00	2021-08-21 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=205,AL)
178.175.64.226	32	wmp	None	2021-04-30 00:00:00	2021-07-30 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=226,AL)
178.175.64.72	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=72,AL)
178.175.65.115	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=115,AL)
178.175.65.233	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=233,AL)
178.175.65.5	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=5,AL)
178.175.66.16	32	wmp	None	2021-04-27 00:00:00	2021-07-27 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=16,AL)
178.175.66.186	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=186,AL)
178.175.66.211	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	HIVE Case #Firepower Firepower (IP=211,AL)
178.175.66.250	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=250,AL)
178.175.67.185	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=185,AL)
178.175.67.186	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=186,AL)
178.175.67.201	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=201,AL)
178.175.67.26	32	srm	None	2021-03-30 00:00:00	2021-06-30 00:00:00	None	Firepower Suspicious Scan Activity (IP=26,AL)
178.175.67.8	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=8,AL)
178.175.68.166	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=166,AL)
178.175.68.17	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=17,AL)
178.175.68.171	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=171,AL)
178.175.68.180	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=180,AL)
178.175.68.246	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=246,AL)
178.175.68.52	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=52,AL)
178.175.69.112	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=112,AL)
178.175.69.173	32	wmp	None	2021-05-14 00:00:00	2021-08-14 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=173,AL)
178.175.69.176	32	srm	None	2021-05-14 00:00:00	2021-08-12 00:00:00	None	Firepower Suspicious Scan Activity (IP=176,AL)
178.175.7.107	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=107,AL)
178.175.7.109	32	wmp	None	2021-05-13 00:00:00	2021-08-13 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=109,AL)
178.175.7.169	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=169,AL)
178.175.7.191	32	wmp	None	2021-04-26 00:00:00	2021-07-26 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=191,AL)
178.175.7.198	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=198,AL)
178.175.7.98	32	srm	None	2021-03-30 00:00:00	2021-06-30 00:00:00	None	Firepower Suspicious Scan Activity (IP=98,AL)
178.175.70.163	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=163,AL)
178.175.70.165	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=165,AL)
178.175.70.167	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	HIVE Case #Firepower Firepower (IP=167,AL)
178.175.70.177	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=177,AL)
178.175.71.69	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=69,AL)
178.175.71.85	32	wmp	None	2021-06-03 00:00:00	2021-09-03 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=85,AL)
178.175.72.111	32	srm	None	2021-03-30 00:00:00	2021-06-30 00:00:00	None	Firepower Suspicious Scan Activity (IP=111,AL)
178.175.72.133	32	srm	None	2021-05-05 00:00:00	2021-08-03 00:00:00	None	Firepower Suspicious Scan Activity (IP=133,AL)
178.175.72.208	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=208,AL)
178.175.72.220	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=220,AL)
178.175.72.41	32	wmp	None	2021-04-30 00:00:00	2021-07-30 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=41,AL)
178.175.73.140	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=140,AL)
178.175.73.153	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=153,AL)
178.175.73.238	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=238,AL)
178.175.74.238	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=238,AL)
178.175.75.156	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=156,AL)
178.175.75.181	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=181,AL)
178.175.75.19	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=19,AL)
178.175.75.214	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=214,AL)
178.175.75.237	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=237,AL)
178.175.76.143	32	srm	None	2021-05-14 00:00:00	2021-08-12 00:00:00	None	Firepower Suspicious Scan Activity (IP=143,AL)
178.175.76.167	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=167,AL)
178.175.76.213	32	wmp	None	2021-05-05 00:00:00	2021-08-05 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=213,AL)
178.175.76.221	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=221,AL)
178.175.77.11	32	wmp	None	2021-04-29 00:00:00	2021-07-29 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=11,AL)
178.175.78.118	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=118,AL)
178.175.78.243	32	NAB	None	2021-04-05 00:00:00	2021-07-04 00:00:00	None	HIVE Case #5201 TO-S-21-1209 (IP=243,AL)
178.175.78.247	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	HIVE Case #Firepower Firepower (IP=247,AL)
178.175.78.250	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=250,AL)
178.175.78.37	32	wmp	None	2021-04-30 00:00:00	2021-07-30 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=37,AL)
178.175.78.93	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=93,AL)
178.175.8.111	32	NAB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HIVE Case #5136 TO-S-21-1197 TO-S-21-1197.01 (IP=111,AL)
178.175.8.119	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=119,AL)
178.175.8.200	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=200,AL)
178.175.8.72	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=72,AL)
178.175.80.136	32	wmp	None	2021-03-25 00:00:00	2021-06-25 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=136,AL)
178.175.80.142	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=142,AL)
178.175.80.185	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=185,AL)
178.175.80.216	32	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5629 TO-S-2021-1303 (IP=216,AL)
178.175.80.221	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=221,AL)
178.175.81.144	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=144,AL)
178.175.81.147	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=147,AL)
178.175.81.15	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=15,AL)
178.175.81.189	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=189,AL)
178.175.81.253	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=253,AL)
178.175.82.253	32	srm	None	2021-04-28 00:00:00	2021-07-27 00:00:00	None	Firepower Suspicious Scan Activity (IP=253,AL)
178.175.83.125	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=125,AL)
178.175.83.127	32	srm	None	2021-05-17 00:00:00	2021-08-15 00:00:00	None	Firepower Suspicious Scan Activity (IP=127,AL)
178.175.83.4	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=4,AL)
178.175.84.201	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=201,AL)
178.175.84.233	32	srm	None	2021-05-17 00:00:00	2021-08-15 00:00:00	None	Firepower Suspicious Scan Activity (IP=233,AL)
178.175.84.237	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=237,AL)
178.175.85.138	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	HIVE Case #Firepower Firepower (IP=138,AL)
178.175.85.167	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=167,AL)
178.175.85.213	32	srm	None	2021-04-23 00:00:00	2021-07-22 00:00:00	None	Firepower Suspicious Scan Activity (IP=213,AL)
178.175.85.54	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=54,AL)
178.175.86.18	32	wmp	None	2021-04-30 00:00:00	2021-07-30 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=18,AL)
178.175.87.146	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=146,AL)
178.175.87.180	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=180,AL)
178.175.87.202	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=202,AL)
178.175.87.77	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	HIVE Case #Firepower Firepower (IP=77,AL)
178.175.88.102	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=102,AL)
178.175.88.148	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=148,AL)
178.175.88.159	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=159,AL)
178.175.88.222	32	srm	None	2021-04-26 00:00:00	2021-07-25 00:00:00	None	Firepower Suspicious Scan Activity (IP=222,AL)
178.175.88.86	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=86,AL)
178.175.89.11	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=11,AL)
178.175.9.132	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=132,AL)
178.175.9.217	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=217,AL)
178.175.9.223	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=223,AL)
178.175.9.92	32	wmp	None	2021-05-14 00:00:00	2021-08-14 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=92,AL)
178.175.9.95	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=95,AL)
178.175.90.194	32	wmp	None	2021-04-26 00:00:00	2021-07-26 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=194,AL)
178.175.90.3	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=3,AL)
178.175.90.81	32	srm	None	2021-03-30 00:00:00	2021-06-30 00:00:00	None	Firepower Suspicious Scan Activity (IP=81,AL)
178.175.90.90	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=90,AL)
178.175.91.122	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=122,AL)
178.175.91.178	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=178,AL)
178.175.91.243	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=243,AL)
178.175.91.3	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=3,AL)
178.175.92.236	32	srm	None	2021-05-17 00:00:00	2021-08-15 00:00:00	None	Firepower Suspicious Scan Activity (IP=236,AL)
178.175.92.45	32	NAB	None	2021-04-05 00:00:00	2021-07-04 00:00:00	None	HIVE Case #5201 TO-S-21-1209 (IP=45,AL)
178.175.93.112	32	wmp	None	2021-05-11 00:00:00	2021-08-11 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=112,AL)
178.175.94.192	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=192,AL)
178.175.94.204	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=204,AL)
178.175.95.101	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=101,AL)
178.175.95.158	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=158,AL)
178.175.95.253	24	SW	None	2021-06-09 00:00:00	2021-09-07 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Web Attacks(IP=253, AL)
178.175.96.177	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=177,AL)
178.175.97.105	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=105,AL)
178.175.97.182	32	wmp	None	2021-04-20 00:00:00	2021-07-20 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=182,AL)
178.175.97.183	32	srm	None	2021-03-30 00:00:00	2021-06-30 00:00:00	None	Firepower Suspicious Scan Activity (IP=183,AL)
178.175.97.225	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=225,AL)
178.175.97.248	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=248,AL)
178.175.97.33	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=33,AL)
178.175.97.88	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=88,AL)
178.175.98.228	32	wmp	None	2021-04-26 00:00:00	2021-07-26 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=228,AL)
178.175.98.86	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=86,AL)
178.175.99.120	32	srm	None	2021-03-30 00:00:00	2021-06-30 00:00:00	None	Firepower Suspicious Scan Activity (IP=120,AL)
178.175.99.202	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=202,AL)
178.176.152.30	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	RU TO-S-2020-0331 Malicious Web Application Activity
178.176.194.0	24	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	RU Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
178.176.202.0	24	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	RU Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
178.176.216.0	24	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,RU)
178.176.40.0	21	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	RU TO-S-2020-0838 Malware Activity
178.18.193.159	32	dbc	None	2020-09-17 00:00:00	2021-09-17 00:00:00	None	TR TO-S-2020-0805 Malicious Email Activity
178.18.96.0	20	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	RU TO-S-2020-0331 Malicious Web Application Activity
178.184.227.119	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=119,RU)
178.193.128.220	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	CH TO-S-2020-0331 Malicious Web Application Activity
178.196.70.89	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	CH TO-S-2020-0331 Malicious Web Application Activity
178.20.208.88	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	DE TO-S-2020-0331 Malicious Web Application Activity
178.20.225.66	32	dbc	None	2020-01-08 00:00:00	2021-01-08 00:00:00	None	TR TO-S-2020-0236 Malicious Email Activity
178.205.135.130	24	EE	None	2021-03-10 00:00:00	2021-06-10 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6 HR Web Attack (IP=130,RU)
178.21.205.138	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	IT TO-S-2020-0298 Malicious Email Activity
178.210.171.15	32	dbc	None	2020-09-01 00:00:00	2021-09-01 00:00:00	None	TR HIVE Case #3744 TO-S-2020-0772 Malicious Email Activity
178.211.49.37	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	TR TO-S-2021-1007 Malicious Email Activity
178.212.128.0	21	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	RU Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
178.214.224.0	19	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	RU Hive Case 4187 TO-S-2021-0898 Malicious Web Application Activity
178.214.255.107	32	jkc	None	2020-06-26 00:00:00	2021-06-26 00:00:00	None	Case # 3146 - IOC_ CTO 20-172 malicious callback IP (ip=107,RU)
178.215.150.123	24	DT	None	2021-06-21 00:00:00	2021-09-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=123,RU)
178.215.71.10	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	RU TO-S-2020-0331 Malicious Web Application Activity
178.216.24.44	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	PL Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
178.216.24.51	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	PL Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
178.216.26.171	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	PL Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
178.217.186.71	24	GM	None	2021-04-02 00:00:00	2021-07-02 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=71,PL)
178.217.8.194	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=194,RS)
178.218.165.52	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=52,HR)
178.218.165.76	32	TLM	None	2021-06-10 00:00:00	2021-12-10 00:00:00	None	HIVE CASE #5606 TO-S-2021-1338
178.219.28.123	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	PL TO-S-2020-0303 Malicious Email Activity
178.22.173.142	24	AR	None	2021-09-28 00:00:00	2021-12-27 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6Hr Failed Logons (IP=142,KZ)
178.22.48.0	21	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	RU TO-S-2020-0331 Malicious Web Application Activity
178.233.96.226	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	HIVE Case #Firepower Firepower (IP=226,TR)
178.236.240.0	20	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	RU TO-S-2020-0331 Command and Control Exploit
178.237.38.28	24	GED	None	2020-12-07 00:00:00	2021-03-07 00:00:00	None	HIVE Case #NA FP CIO Policy (IP=28,NL)
178.238.112.0	20	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	RU TO-S-2020-0331 Command and Control Exploit
178.238.16.0	20	NAB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HIVE Case #5136 TO-S-21-1197 TO-S-21-1197.01 (IP=0,RU)
178.238.232.46	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	DE TO-S-2021-0876 Hive Case 4166 Malware Activity
178.238.235.178	32	NAB	None	2021-04-05 00:00:00	2021-07-04 00:00:00	None	HIVE Case #5201 TO-S-21-1209 (IP=178,DE)
178.238.235.178	32	NAB	None	2021-04-05 00:00:00	2021-07-04 00:00:00	None	HIVE Case #5201 TO-S-21-1209 (IP=178,DE) HIVE Case #5201 TO-S-21-1209 (IP=178,DE)
178.238.235.76	24	RB	None	2021-03-29 00:00:00	2021-06-27 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - 6hr web attacks (IP=76,DE)
178.238.236.62	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	DE TO-S-2021-1007 Malicious Email Activity
178.238.37.219	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	CZ TO-S-2020-0698 Malicious Email Activity
178.238.47.108	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	CZ TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
178.238.8.20	24	BB	None	2021-06-15 00:00:00	2021-09-14 00:00:00	None	Self Report / ColdFusion Error reporting - TT# 21C01298 (IP=20,UK)
178.238.8.227	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	GB Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
178.238.8.64	24	KD	None	2021-06-28 00:00:00	2021-09-27 00:00:00	None	Self Report / ColdFusion (3): Host Sweep TT# 21C01378 (IP=64,GB)
178.239.113.42	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	BG TO-S-2020-0303 Malicious Email Activity
178.239.166.182	24	GM	None	2020-11-01 00:00:00	2021-02-01 00:00:00	None	HTTP: SQL Injection - Exploit III - Web Attacks (IP=182,GB)
178.239.56.97	24	SW	None	2021-09-13 00:00:00	2021-12-12 00:00:00	None	Apache Struts ConversionErrorInterceptor OGNL Script Injection - TT# 21C01840 (IP=97,CH)
178.246.25.238	32	TLM	None	2021-06-10 00:00:00	2021-12-10 00:00:00	None	HIVE CASE #5606 TO-S-2021-1338
178.250.157.18	24	RB	None	2021-03-24 00:00:00	2021-06-25 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability- 6hr web attack (IP=18,RU) | updated by RW Block expiration extended with reason SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Sourcefire (IP=18,RU)
178.250.158.51	24	RW	None	2021-03-25 00:00:00	2021-06-25 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=51,RU)
178.250.54.208	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	GB TO-S-2021-0876 Hive Case 4166 Malware Activity
178.251.242.231	24	EE	None	2021-02-11 00:00:00	2021-05-11 00:00:00	None	SERVER-WEBAPP LifeRay arbitrary Java object deserialization attempt - 6 HR Web Attacks (IP=231,SE)
178.253.94.23	24	KH	None	2021-08-17 00:00:00	2021-11-15 00:00:00	None	SSLv2 Client Hello Request Detected
178.253.94.23	24	KH	None	2021-08-17 00:00:00	2021-11-15 00:00:00	None	SSLv2 Client Hello Request Detected - FE IPS (IP=23,SY)
178.254.18.94	24	GLM	None	2021-04-05 00:00:00	2021-07-04 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=94,DE)
178.254.7.34	32	dbc	None	2020-05-13 00:00:00	2021-05-13 00:00:00	None	Unaffiliated TO-S-2020-0503 Malicious Email Activity
178.26.125.202	32	wmp	None	2021-06-03 00:00:00	2021-09-03 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=202,DE)
178.32.106.81	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=81,FR)
178.32.15.8	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	FR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
178.32.190.8	32	TLM	None	2021-07-29 00:00:00	2021-10-27 00:00:00	None	HIVE Case #5884 TO-S-2021-1435 (IP=8,FR)
178.32.197.84	24	GM	None	2020-11-20 00:00:00	2021-02-20 00:00:00	None	FTP Login Failed - Web Attacks (IP=84,FR)
178.32.49.166	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=166,GB)
178.33.115.92	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=92,ES)
178.33.115.92	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=92,ES)
178.33.167.120	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	ES TO-S-2021-0876 Hive Case 4166 Malware Activity
178.33.220.55	24	RR	None	2021-05-13 00:00:00	2021-08-11 00:00:00	None	SERVER-WEBAPP Drupal unsafe internal attribute remote code execution attempt - Web Attacks (IP=55,FR)
178.33.35.232	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	FR Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
178.33.41.47	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	FR TO-S-2020-0698 Malicious Email Activity
178.33.44.117	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	FR TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
178.33.52.5	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	PL TO-S-2020-0459 Malware Activity
178.34.152.0	21	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	RU TO-S-2020-0303 Malicious Email Activity
178.41.183.40	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	SK TO-S-2020-0331 Malicious Web Application Activity
178.45.215.142	32	jkc	None	2020-06-26 00:00:00	2021-06-26 00:00:00	None	Case # 3146 - IOC_ CTO 20-172 malicious callback IP (ip=142,RU)
178.48.133.54	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	HU Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
178.57.192.0	20	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	RU Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
178.60.60.165	32	srm	None	2021-04-20 00:00:00	2021-07-19 00:00:00	None	Firepower Suspicious Scan Activity (IP=165,ES)
178.60.60.165	24	EE	None	2021-04-20 00:00:00	2021-07-19 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=165,ES)
178.62.10.75	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	GB TO-S-2020-0493 Malware Activity
178.62.109.59	24	EE	None	2021-04-04 00:00:00	2021-07-03 00:00:00	None	HTTP: Apache Struts2 Remote Command Execution Vulnerability TT# 21C00958 - TT# 21C00963 (IP=59,GB)
178.62.115.86	24	EE	None	2021-03-27 00:00:00	2021-06-25 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=86,GB)
178.62.117.213	24	RR	None	2021-03-11 00:00:00	2021-06-09 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=213,GB)
178.62.163.178	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	NL TO-S-2020-0459 Malware Activity
178.62.181.73	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	NL TO-S-2020-0298 Malware Activity
178.62.19.234	24	EE	None	2021-03-28 00:00:00	2021-06-26 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=234,GB)
178.62.19.66	32	NAB	None	2020-10-30 00:00:00	2021-11-19 00:00:00	None	HIVE Case #4238 COLS-NA-TIP-20-0344 (IP=66,GB) | updated by dbc Block expiration extended with reason GB TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
178.62.201.170	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	NL TO-S-2020-0459 Malware Activity
178.62.202.154	32	srm	None	2021-04-28 00:00:00	2021-07-27 00:00:00	None	Firepower Suspicious Scan Activity (IP=154,NL)
178.62.202.154	32	srm	None	2021-04-28 00:00:00	2021-07-27 00:00:00	None	Firepower Suspicious Scan Activity (IP=154,NL)
178.62.205.227	24	RB	None	2021-01-09 00:00:00	2021-04-11 00:00:00	None	Suspicious Scan Activity - Hive Case #4744 (IP=227,NL) | updated by BMP Block expiration extended with reason Backdoor.TROCHILUS - Hive Case 4744 (IP=227,NL)
178.62.219.252	24	BMP	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=252,NL)
178.62.221.172	24	RT	None	2021-05-27 00:00:00	2021-08-25 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire Report (IP=172,NL)
178.62.238.147	24	BMP	None	2021-04-28 00:00:00	2021-07-27 00:00:00	None	Command Injection (IP=147,NL)
178.62.238.147	24	BMP	None	2021-04-28 00:00:00	2021-07-27 00:00:00	None	Command Injection (IP=147,NL)
178.62.241.207	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	NL Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
178.62.241.207	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	NL Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
178.62.250.110	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	srm Firepwer Suspicious Scan Activity (IP=110,NL)
178.62.253.15	24	KH	None	2021-09-22 00:00:00	2021-12-21 00:00:00	None	SQL injection - 6 hr Web Attacks (IP=15,NL)
178.62.35.96	32	srm	None	2021-03-30 00:00:00	2021-06-30 00:00:00	None	Firepower Suspicious Scan Activity (IP=96,GB)
178.62.41.77	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	GB Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
178.62.45.102	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	GB TO-S-2020-0459 Malware Activity
178.62.49.130	24	DT	None	2021-03-25 00:00:00	2021-06-23 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=130,GB)
178.62.55.152	24	RR	None	2021-06-12 00:00:00	2021-09-10 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - SourceFire (IP=152,GB)
178.62.55.19	24	GM	None	2020-11-20 00:00:00	2021-02-20 00:00:00	None	Masscan TCP Port Scanner - FireEye CMS (IP=19,GB)
178.62.6.86	24	AR	None	2021-09-30 00:00:00	2021-12-29 00:00:00	None	SERVER-WEBAPP Symantec Messaging Gateway KavaChart Component directory traversal attempt (1:40451:2) - SourceFire (IP=86,GB)
178.62.63.68	24	FT	None	2021-04-06 00:00:00	2021-07-05 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire (IP=68,GB)
178.62.66.136	24	DT	None	2021-03-25 00:00:00	2021-06-23 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=136,GB)
178.62.68.153	24	RW	None	2020-06-29 00:00:00	2021-09-29 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=153,UK) | updated by BMP Block expiration extended with reason SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt
178.62.76.43	24	RR	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=43,GB)
178.62.76.96	24	AR	None	2021-07-10 00:00:00	2021-10-08 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6 Hr Web Attack (IP=96,GB)
178.62.78.170	24	RB	None	2021-03-30 00:00:00	2021-06-28 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Sourcefire (IP=170,GB)
178.62.80.38	24	RB	None	2021-01-09 00:00:00	2021-04-11 00:00:00	None	Suspicious Scan Activity - Hive Case #4744 (IP=38,GB) | updated by BMP Block expiration extended with reason Backdoor.TROCHILUS - Hive Case 4744 (IP=38,GB)
178.62.9.117	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	GB Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
178.62.9.12	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	GB Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
178.62.9.176	24	EE	None	2021-04-12 00:00:00	2021-07-11 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire (IP=176,GB)
178.62.91.137	24	BMP	None	2021-01-11 00:00:00	2021-04-11 00:00:00	None	Backdoor.TROCHILUS - Hive Case 4744 (IP=137,GB)
178.62.91.137	24	RB	None	2021-01-09 00:00:00	2021-04-09 00:00:00	None	Suspicious Scan Activity - Hive Case #4744 (IP=137,GB)
178.62.92.48	32	wmp	None	2021-06-29 00:00:00	2021-09-29 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=48,GB)
178.62.96.199	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	GB TO-S-2020-0493 Malware Activity
178.63.229.185	32	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	DE TO-S-2020-0315 Malicious Email Activity
178.63.23.207	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	DE Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
178.72.68.17	32	wmp	None	2021-05-13 00:00:00	2021-08-13 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=17,RU)
178.72.68.181	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	HIVE Case #Firepower Firepower (IP=181,RU)
178.72.68.20	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=20,RU)
178.72.68.230	24	KH	None	2021-07-22 00:00:00	2021-10-20 00:00:00	None	Generic URI Injection wget Attempt - FE IPS (IP=230,RU)
178.72.68.31	32	wmp	None	2021-04-26 00:00:00	2021-07-26 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=31,RU)
178.72.68.5	32	wmp	None	2021-04-27 00:00:00	2021-07-27 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=5,RU)
178.72.68.51	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=51,RU)
178.72.68.7	32	srm	None	2021-04-30 00:00:00	2021-07-30 00:00:00	None	Firepower Suspicious Scan Activity (IP=7,RU)
178.72.68.93	24	GM	None	2020-11-28 00:00:00	2021-02-28 00:00:00	None	Generic URI Injection wget Attempt - FireEye CMS (IP=93,RU)
178.72.69.210	24	GM	None	2020-11-22 00:00:00	2021-02-22 00:00:00	None	Generic URI Injection wget Attempt - FireEye (IP=210,RU)
178.72.69.230	32	wmp	None	2021-05-13 00:00:00	2021-08-13 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=230,RU)
178.72.70.188	24	GM	None	2020-12-19 00:00:00	2021-03-19 00:00:00	None	Generic URI Injection wget Attempt - FireEye CMS (IP=188,RU)
178.72.70.205	24	KH	None	2021-09-22 00:00:00	2021-12-21 00:00:00	None	Generic URI Injection wget Attempt - Sourcefire (IP=205,RU)
178.72.70.220	32	wmp	None	2021-05-27 00:00:00	2021-08-27 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=220,RU)
178.72.71.1	24	GM	None	2020-11-29 00:00:00	2021-03-01 00:00:00	None	Generic URI Injection wget Attempt - FireEye CMS (IP=1,RU)
178.72.71.214	32	srm	None	2021-05-14 00:00:00	2021-08-12 00:00:00	None	Firepower Suspicious Scan Activity (IP=214,RU)
178.72.73.0	24	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	RU Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
178.72.75.236	24	GM	None	2021-03-03 00:00:00	2021-06-03 00:00:00	None	Generic URI Injection wget Attempt - FireEye CMS (IP=236,RU)
178.72.76.109	32	wmp	None	2021-04-28 00:00:00	2021-07-28 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=109,RU)
178.72.76.129	32	srm	None	2021-04-20 00:00:00	2021-07-19 00:00:00	None	Firepower Suspicious Scan Activity (IP=129,RU)
178.72.76.135	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=135,RU)
178.72.76.140	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=140,RU)
178.72.76.171	32	wmp	None	2021-02-12 00:00:00	2021-05-12 00:00:00	None	ArcSight High Attacker (IP=171,RU)
178.72.76.203	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	HIVE Case #Firepower Firepower (IP=203,RU)
178.72.76.97	32	srm	None	2021-03-30 00:00:00	2021-06-30 00:00:00	None	Firepower Suspicious Scan Activity (IP=97,RU)
178.72.77.137	32	srm	None	2021-04-28 00:00:00	2021-07-27 00:00:00	None	Firepower Suspicious Scan Activity (IP=137,RU)
178.72.77.153	32	srm	None	2021-03-30 00:00:00	2021-06-30 00:00:00	None	Firepower Suspicious Scan Activity (IP=153,RU)
178.72.77.27	32	wmp	None	2021-03-25 00:00:00	2021-06-25 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=27,RU)
178.72.77.54	24	KH	None	2021-09-22 00:00:00	2021-12-21 00:00:00	None	Generic URI Injection wget Attempt - Sourcefire (IP=54,RU)
178.72.78.149	32	srm	None	2021-03-30 00:00:00	2021-06-30 00:00:00	None	Firepower Suspicious Scan Activity (IP=149,RU)
178.72.78.173	32	srm	None	2021-03-30 00:00:00	2021-06-30 00:00:00	None	Firepower Suspicious Scan Activity (IP=173,RU)
178.72.78.177	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	HIVE Case #Firepower Firepower (IP=177,RU)
178.72.78.199	32	wmp	None	2021-05-11 00:00:00	2021-08-11 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=199,RU)
178.72.78.219	32	srm	None	2021-03-30 00:00:00	2021-06-30 00:00:00	None	Firepower Suspicious Scan Activity (IP=219,RU)
178.72.78.235	32	srm	None	2021-04-23 00:00:00	2021-07-22 00:00:00	None	Firepower Suspicious Scan Activity (IP=235,RU)
178.72.78.85	32	srm	None	2021-03-30 00:00:00	2021-06-30 00:00:00	None	Firepower Suspicious Scan Activity (IP=85,RU)
178.72.91.172	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=172,RU)
178.73.215.171	32	wmp	None	2021-04-27 00:00:00	2021-07-27 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=171,SE)
178.76.142.36	24	JKC	None	2021-09-22 00:00:00	2021-12-21 00:00:00	None	HIVE Case #NA AC hunter Excessive TCP attacks (IP=36,DE)
178.77.228.168	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	CZ TO-S-2020-0331 Malicious Web Application Activity
178.77.73.62	32	RW	None	2021-07-18 00:00:00	2021-10-16 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - 6 Hr Web Attack (IP=62,FR)
178.79.128.152	24	EE	None	2021-04-19 00:00:00	2021-07-19 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire (IP=152,GB) | updated by RW Block expiration extended with reason INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=152,U
178.79.128.152	24	RW	None	2021-04-19 00:00:00	2021-07-19 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire (IP=152,GB) | updated by RW Block expiration extended with reason INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=152,U
178.79.129.208	24	RT	None	2021-05-27 00:00:00	2021-08-25 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire Report (IP=208,UK)
178.79.129.218	32	wmp	None	2021-03-11 00:00:00	2021-06-11 00:00:00	None	ArcSight High Attacker (IP=218,GB)
178.79.131.159	32	srm	None	2021-04-28 00:00:00	2021-07-27 00:00:00	None	Firepower Suspicious Scan Activity (IP=159,GB)
178.79.139.96	24	ZH	None	2021-07-05 00:00:00	2021-10-03 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire Rpt (IP=96,GB)
178.79.142.204	32	wmp	None	2021-03-11 00:00:00	2021-12-05 00:00:00	None	ArcSight High Attacker (IP=204,GB) | updated by SW Block was inactive. Reactivated on 20210906 with reason ReputationDV Malware Event TT# 21C01758 (IP=204,US)
178.79.152.119	32	wmp	None	2021-06-15 00:00:00	2021-09-15 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=119,GB)
178.79.152.21	24	BMP	None	2021-07-04 00:00:00	2021-10-02 00:00:00	None	Artica Web Proxy SQL Injection Vulnerability - 6hr Web Attacks (IP=21,GB)
178.79.165.230	24	DT	None	2021-08-04 00:00:00	2021-11-02 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt (1:28556:3) - Source Fire (IP=230,GB)
178.79.169.92	32	wmp	None	2021-03-11 00:00:00	2021-06-11 00:00:00	None	ArcSight High Attacker (IP=92,GB)
178.79.172.231	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	GB Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
178.79.174.198	24	RR	None	2021-03-29 00:00:00	2021-06-27 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=198,GB)
178.79.178.246	32	srm	None	2021-04-28 00:00:00	2021-07-27 00:00:00	None	Firepower Suspicious Scan Activity (IP=246,GB)
178.79.181.175	32	kmw	None	2020-01-02 00:00:00	2021-01-02 00:00:00	None	GB TO-S-2020-0228 Malicious Web Application Activity
178.79.227.167	32	dbc	None	2020-01-08 00:00:00	2021-01-08 00:00:00	None	AT TO-S-2020-0236 Malicious Email Activity
178.84.117.59	24	BMP	None	2021-06-04 00:00:00	2021-09-02 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - 6hr Web Attacks (IP=59,NL)
178.87.144.0	20	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	SA Hive Case 4187 TO-S-2021-0898 Malware Activity
178.88.11.90	24	EE	None	2021-04-22 00:00:00	2021-07-21 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt (1:19559:13) - SourceFire (IP=90,KZ )
178.89.16.224	24	ZH	None	2021-07-17 00:00:00	2021-10-15 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt (1:19559:13) - Sourcefire Rpt (IP=224,KZ)
178.91.102.66	24	BB	None	2021-07-31 00:00:00	2021-10-29 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt (1:19559:13) - SourceFire (IP=66,KZ)
178.91.198.222	24	RW	None	2020-10-04 00:00:00	2021-01-04 00:00:00	None	Authentication Failed - 6hr Failed Logon (IP=222,KZ)
178.91.97.226	24	RR	None	2021-05-24 00:00:00	2021-08-22 00:00:00	None	FTP Login Failed - Failed Logons (IP=226,KZ)
178.95.65.1	24	KH	None	2021-07-16 00:00:00	2021-10-14 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - SourceFire (IP=1,UA)
178.95.65.1	24	RT	None	2021-07-16 00:00:00	2021-10-14 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6HR Failed Logons (IP=165,UA)
1781444966.scootmobiel-cursus.nl	---	TLM	None	2021-06-15 00:00:00	2021-09-13 00:00:00	2023-01-19 22:57:28	HIVE Case #5605 TO-S-2021-1338
179.0.193.0	24	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5629 TO-S-2021-1303 (IP=0,AR)
179.1.65.134	32	wmp	None	2021-03-04 00:00:00	2021-06-04 00:00:00	None	FirePower Suspicious Scan Activity (IP=134,CO)
179.108.176.0	21	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	BR TO-S-2020-0303 Malicious Email Activity
179.108.80.0	21	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	BR Hive Case 4187 TO-S-2021-0898 Malware Activity
179.109.200.0	22	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,BR)
179.110.180.228	24	RR	None	2021-06-19 00:00:00	2021-09-17 00:00:00	None	SQL HTTP URI blind injection attempt - SourceFire (IP=228,BR)
179.111.141.207	24	CR	None	2021-05-29 00:00:00	2021-08-27 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=207,BR)
179.124.31.240	24	SW	None	2021-05-26 00:00:00	2021-08-24 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell
179.127.128.0	20	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	BR TO-S-2020-0298 Malicious Email Activity
179.127.240.0	21	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	BR TO-S-2020-0298 Malicious Email Activity
179.127.93.52	32	srm	None	2021-04-28 00:00:00	2021-07-27 00:00:00	None	Firepower Suspicious Scan Activity (IP=52,BR)
179.129.193.156	32	wmp	None	2021-04-27 00:00:00	2021-07-27 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=156,BR)
179.162.119.99	24	BMP	None	2020-10-28 00:00:00	2021-01-26 00:00:00	None	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt - 6hr Web Attacks (IP=99,BR)
179.176.226.176	32	wmp	None	2021-01-25 00:00:00	2021-04-25 00:00:00	None	Suspicious Scan Activity (IP=176,BR)
179.189.192.0	20	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	BR TO-S-2020-0315 Malicious Web Application Activity
179.191.48.0	21	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	BR TO-S-2020-0331 Malicious Web Application Activity
179.227.120.78	24	KH	None	2021-09-22 00:00:00	2021-12-21 00:00:00	None	Generic URI Injection wget Attempt - Sourcefire (IP=78,BR)
179.241.199.4	24	KH	None	2021-07-16 00:00:00	2021-10-14 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - SourceFire (IP=4,BR)
179.241.199.4	24	RT	None	2021-07-16 00:00:00	2021-10-14 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6HR Failed Logons (IP=4,BR)
179.252.18.51	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	BR TO-S-2020-0303 Malicious Email Activity
179.254.235.172	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	BR TO-S-2020-0303 Malicious Email Activity
179.42.105.0	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=0,BR)
179.43.160.237	32	GM	None	2021-03-09 00:00:00	2021-06-07 00:00:00	None	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00652 (IP=237,UY)
179.43.160.238	32	GM	None	2021-03-09 00:00:00	2021-06-07 00:00:00	None	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00649 (IP=238,UY)
179.43.167.228	32	RR	None	2021-03-09 00:00:00	2021-06-07 00:00:00	None	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00574 (IP=228,PA)
179.43.175.37	32	srm	None	2021-04-26 00:00:00	2021-07-25 00:00:00	None	Firepower Suspicious Scan Activity (IP=37,CH)
179.43.175.9	24	WR	None	2021-06-17 00:00:00	2021-09-15 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=9,CH)
179.43.176.6	24	BMP	None	2021-04-11 00:00:00	2021-07-10 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=6,CH)
179.48.249.132	24	KH	None	2021-07-19 00:00:00	2021-10-17 00:00:00	None	Nmap Scanner Traffic Detected - FE IPS (IP=132,CR)
179.49.125.227	24	UA	None	2021-07-11 00:00:00	2021-10-09 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - Sourcefire (1:19559:13)(IP=443,AR)
179.5.118.12	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	SV TO-S-2021-0876 Hive Case 4166 Malware Activity
179.51.136.18	24	DT	None	2021-03-14 00:00:00	2021-06-14 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - Failed Logons (IP=18,EC)
179.56.112.0	21	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,CL)
179.56.177.0	24	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	CL Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
179.60.208.230	24	RB	None	2021-01-18 00:00:00	2021-04-19 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr web attacks (IP=230,AR) | updated by RW Block expiration extended with reason Hello Peppa Scan - Fireeye IPS (IP=230,AR)
179.61.12.0	24	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=0,CL)
179.70.65.31	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	BR TO-S-2021-1007 Malware Activity
179.95.224.115	24	KD	None	2021-09-23 00:00:00	2021-12-22 00:00:00	None	Adobe ColdFusion Administrator Access Restriction - Web Attacks (IP=115,BR)
179.97.192.0	19	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	BR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
179.97.244.0	22	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	BR TO-S-2020-0298 Malicious Email Activity
179.97.72.0	21	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	BR TO-S-2020-0303 Malicious Email Activity
179.98.121.141	24	RR	None	2021-08-30 00:00:00	2021-11-28 00:00:00	None	SQL injection - Web Attacks (IP=141,BR)
18.118.200.101	32	BMP	None	2021-08-15 00:00:00	2021-11-13 00:00:00	None	SQL injection - 6hr Web Attacks (IP=101,US)
18.119.132.169	32	AR	None	2021-09-28 00:00:00	2021-12-27 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - 6Hr Web Attacks (IP=169,US)
18.130.170.214	24	KH	None	2021-09-11 00:00:00	2021-12-10 00:00:00	None	Masscan TCP Port Scanner - FE IPS (IP=214,GB)
18.130.245.145	24	SW	None	2021-10-01 00:00:00	2021-12-30 00:00:00	None	Masscan TCP Port Scanner - IPS Events (IP=145,GB)
18.130.7.54	24	KH	None	2021-09-23 00:00:00	2021-12-22 00:00:00	None	Masscan TCP Port Scanner - FE IPS (IP=54,GB)
18.132.196.189	24	KH	None	2021-09-12 00:00:00	2021-12-11 00:00:00	None	Masscan TCP Port Scanner - FE IPS (IP=189,GB)
18.132.36.147	24	KH	None	2021-09-04 00:00:00	2021-12-03 00:00:00	None	Masscan TCP Port Scanner - FE IPS (IP=147,GB)
18.132.38.56	24	RR	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=56,GB)
18.134.135.154	24	GM	None	2021-03-09 00:00:00	2021-06-07 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=154,GB)
18.134.244.44	24	KH	None	2021-09-11 00:00:00	2021-12-10 00:00:00	None	Masscan TCP Port Scanner - FE IPS (IP=44,GB)
18.135.128.145	24	GM	None	2021-03-27 00:00:00	2021-06-25 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=145,GB)
18.136.209.80	24	RR	None	2021-03-22 00:00:00	2021-06-20 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=80,SG)
18.136.72.135	32	wmp	None	2021-06-14 00:00:00	2021-09-14 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=135,SG)
18.138.170.112	24	FT	None	2021-03-30 00:00:00	2021-06-28 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=112,SG)
18.139.108.203	24	BMP	None	2021-03-30 00:00:00	2021-06-28 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - 6hr Web Attacks (IP=203,SG)
18.139.223.58	24	DT	None	2021-03-14 00:00:00	2021-06-14 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=58,SG)
18.139.32.215	24	DT	None	2021-03-30 00:00:00	2021-06-28 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=215,SG)
18.140.25.202	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=202,SG)
18.144.34.201	32	BMP	None	2021-04-02 00:00:00	2021-07-01 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=201,US)
18.159.215.246	32	SW	None	2021-07-24 00:00:00	2021-10-22 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - WebAttacks (IP=246, US)
18.162.146.54	24	BMP	None	2021-04-29 00:00:00	2021-07-28 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt (1:48837:6) - SourceFire (IP=54,HK)
18.163.102.200	24	DT	None	2021-04-04 00:00:00	2021-07-03 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841)- 6hr Web Attacks (IP=200,HK)
18.169.244.156	24	DT	None	2021-07-26 00:00:00	2021-10-24 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - SourceFire (IP=156,GB)
18.170.218.49	24	KH	None	2021-10-01 00:00:00	2021-12-30 00:00:00	None	Masscan TCP Port Scanner - FE IPS (IP=49,GB)
18.170.222.20	24	KH	None	2021-09-22 00:00:00	2021-12-21 00:00:00	None	Masscan TCP Port Scanner - Sourcefire (IP=20,GB)
18.170.225.206	24	KH	None	2021-09-11 00:00:00	2021-12-10 00:00:00	None	Masscan TCP Port Scanner - FE IPS (IP=206,GB)
18.170.226.166	24	KH	None	2021-09-22 00:00:00	2021-12-21 00:00:00	None	Masscan TCP Port Scanner - Sourcefire (IP=166,GB)
18.170.228.133	24	KH	None	2021-09-22 00:00:00	2021-12-21 00:00:00	None	Masscan TCP Port Scanner - Sourcefire (IP=133,GB)
18.170.230.150	24	SW	None	2021-09-07 00:00:00	2021-12-06 00:00:00	None	Masscan TCP Port Scanner - IPS Events (IP=150, GB)
18.170.29.89	24	KH	None	2021-09-12 00:00:00	2021-12-11 00:00:00	None	Masscan TCP Port Scanner - FE IPS (IP=89,GB)
18.170.36.76	24	KH	None	2021-09-22 00:00:00	2021-12-21 00:00:00	None	Masscan TCP Port Scanner - Sourcefire (IP=76,GB)
18.177.119.208	32	srm	None	2021-04-26 00:00:00	2021-07-25 00:00:00	None	Firepower Suspicious Scan Activity (IP=208,JP)
18.178.224.62	24	ZH	None	2021-06-26 00:00:00	2021-09-24 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=62,JP)
18.181.128.25	24	DT	None	2021-03-30 00:00:00	2021-06-28 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=25,JP)
18.181.231.106	24	DT	None	2021-03-30 00:00:00	2021-06-28 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=106,JP)
18.182.11.17	24	BMP	None	2020-12-24 00:00:00	2021-03-24 00:00:00	None	APT Webshell SUPERNOVA - FireEye CMS (IP=17,JP)
18.183.222.181	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=181,JP)
18.184.21.57	24	GM	None	2021-01-26 00:00:00	2021-04-26 00:00:00	None	SQL union select - possible sql injection attempt - GET parameter - Web Attacks (IP=57,DE)
18.185.83.64	24	EE	None	2021-03-12 00:00:00	2021-06-10 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=64,DE)
18.188.153.150	32	BB	None	2021-09-27 00:00:00	2021-12-26 00:00:00	None	PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 21C01975 (IP=150,US)
18.188.206.19	32	RW	None	2021-09-01 00:00:00	2021-11-30 00:00:00	None	Self-Report / ColdFusion errors - TT# 21C01715 (IP=19,US)
18.189.192.244	32	BMP	None	2021-04-01 00:00:00	2021-06-30 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=244,US)
18.189.8.102	32	CR	None	2020-12-29 00:00:00	2021-03-29 00:00:00	None	Hosting sites associated with WebNav Broswer (IP=102,US)
18.191.0.13	32	GM	None	2021-03-09 00:00:00	2021-06-07 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=13,US)
18.191.134.191	32	BMP	None	2021-06-01 00:00:00	2021-08-30 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - 6hr Web Attacks (IP=191,US)
18.191.203.9	32	BMP	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=9,US)
18.191.232.90	32	BMP	None	2021-03-07 00:00:00	2021-06-07 00:00:00	None	SQL use of concat function with select - likely SQL injection (1:24172:2) - SourceFire (IP=90,US)
18.191.74.130	32	RT	None	2021-08-11 00:00:00	2021-11-09 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - 6HR Web Attack (IP=130,US)
18.192.63.46	24	GM	None	2020-12-03 00:00:00	2021-03-03 00:00:00	None	Artica Web Proxy SQL Injection Vulnerability - Web Attacks (IP=46,DE)
18.193.230.121	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	HIVE Case #Firepower Firepower (IP=121,DE)
18.193.233.9	32	RB	None	2021-05-17 00:00:00	2021-08-15 00:00:00	None	Self Report / ColdFusion Error - TT# 21C01179 (IP=9,US)
18.193.51.117	24	RW	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=117,DE)
18.193.76.239	24	RR	None	2021-03-30 00:00:00	2021-06-28 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt -SourceFire (IP=239,DE)
18.193.86.200	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=200,DE)
18.194.159.131	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=131,DE)
18.203.190.4	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=4,IE)
18.204.208.107	32	GM	None	2021-01-29 00:00:00	2021-04-29 00:00:00	None	FTP Login Failed - Failed Logons (IP=107,US)
18.204.210.41	32	RT	None	2021-09-14 00:00:00	2021-12-13 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire Report (IP=41,US)
18.204.211.207	32	GM	None	2021-02-15 00:00:00	2021-05-15 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=207,US)
18.205.149.104	32	BMP	None	2021-04-29 00:00:00	2021-07-28 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=104,US)
18.205.155.45	32	RT	None	2021-08-05 00:00:00	2021-11-03 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire Report (IP=45,US)
18.205.156.74	32	BMP	None	2021-09-03 00:00:00	2021-12-02 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=74,US)
18.205.19.80	32	RT	None	2021-05-20 00:00:00	2021-08-19 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=80,US)
18.206.115.120	32	DT	None	2021-03-23 00:00:00	2021-06-21 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=120,US)
18.206.127.239	32	BMP	None	2021-05-14 00:00:00	2021-08-12 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=239,US)
18.206.137.98	32	KH	None	2021-08-03 00:00:00	2021-11-01 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire (IP=98,US)
18.206.196.45	32	ZH	None	2021-06-09 00:00:00	2021-09-07 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire Report (IP=45,US)
18.206.215.40	32	RT	None	2021-09-03 00:00:00	2021-12-02 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - SOURCEFIRE REPORT (IP=40,US)
18.206.250.32	32	RW	None	2021-06-25 00:00:00	2021-09-23 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=32,US)
18.206.253.182	32	BMP	None	2021-04-30 00:00:00	2021-07-29 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - SourceFire (IP=182,US)
18.206.253.39	32	RT	None	2021-08-18 00:00:00	2021-11-16 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire Report( IP=39,US)
18.206.61.183	32	SW	None	2021-07-31 00:00:00	2021-10-29 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - SourceFire (IP=183, US)
18.206.96.211	32	AR	None	2021-07-11 00:00:00	2021-10-09 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - SourceFire (IP=211,US)
18.206.97.25	32	SW	None	2021-08-01 00:00:00	2021-10-30 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - SourceFire (IP=25, US)
18.206.99.142	32	RT	None	2021-06-04 00:00:00	2021-09-02 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire Report (IP=142,US)
18.207.159.60	32	RW	None	2021-01-16 00:00:00	2021-04-16 00:00:00	None	Nuclei Vulnerability Scanner - Fireeye IPS (IP=60,US)
18.207.166.238	32	GM	None	2021-03-29 00:00:00	2021-06-29 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=238,US)
18.207.191.21	32	ZH	None	2021-08-19 00:00:00	2021-11-17 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire Rpt (IP=21,US)
18.208.107.145	32	ZH	None	2021-08-22 00:00:00	2021-11-20 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire (IP=145,US)
18.208.107.27	32	CR	None	2021-05-31 00:00:00	2021-08-29 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=27,US)
18.208.115.4	32	RW	None	2021-08-24 00:00:00	2021-11-22 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=4,US)
18.208.136.243	32	BMP	None	2021-04-11 00:00:00	2021-07-10 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - SourceFire (IP=243,US)
18.208.161.218	32	RT	None	2021-07-10 00:00:00	2021-10-08 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire Report (IP=218,US)
18.208.167.6	32	RT	None	2021-05-20 00:00:00	2021-08-19 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - SourceFire (IP=6,US)
18.208.252.232	32	DT	None	2020-11-07 00:00:00	2021-02-07 00:00:00	None	SERVER-OTHER limited RSA
18.209.104.60	32	RT	None	2021-08-18 00:00:00	2021-11-16 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire Report( IP=60,US)
18.209.108.46	32	RT	None	2021-06-23 00:00:00	2021-09-21 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire Report (IP=46,US)
18.210.72.253	32	DT	None	2021-03-13 00:00:00	2021-06-13 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=253,US)
18.212.105.89	32	GM	None	2021-02-20 00:00:00	2021-05-21 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=89,US)
18.212.141.181	32	BMP	None	2020-10-26 00:00:00	2021-01-24 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=181,US)
18.212.159.26	32	ZH	None	2021-06-27 00:00:00	2021-09-25 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire Rpt (IP=26,US)
18.212.16.175	32	BMP	None	2021-06-24 00:00:00	2021-09-22 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=175,US)
18.212.171.121	32	RT	None	2021-06-29 00:00:00	2021-09-27 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - SourceFire Report (IP=121,US)
18.212.180.55	32	CR	None	2021-05-31 00:00:00	2021-08-29 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=55,US)
18.212.187.227	32	RW	None	2020-11-09 00:00:00	2021-02-09 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=227,US)
18.212.233.80	32	BMP	None	2020-10-11 00:00:00	2021-01-09 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=80,US)
18.212.62.58	32	RW	None	2021-08-24 00:00:00	2021-11-22 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=58,US)
18.212.87.32	32	GM	None	2020-11-09 00:00:00	2021-02-09 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=32,US)
18.215.151.137	32	BMP	None	2021-08-05 00:00:00	2021-11-03 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=137,US)
18.215.234.228	32	BMP	None	2021-06-16 00:00:00	2021-09-14 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - SourceFire (IP=228,US)
18.215.236.147	32	BMP	None	2021-02-23 00:00:00	2021-05-24 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=147,US)
18.215.246.124	32	ZH	None	2021-05-18 00:00:00	2021-08-16 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire Report (IP=124,US)
18.215.254.241	32	BMP	None	2021-04-01 00:00:00	2021-06-30 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=241,US)
18.215.255.44	24	FT	None	2021-03-30 00:00:00	2021-06-28 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=44,BG)
18.216.126.184	32	BMP	None	2021-04-01 00:00:00	2021-06-30 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=184,US)
18.217.139.117	32	DT	None	2021-03-14 00:00:00	2021-06-14 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=117,US)
18.217.36.84	32	CR	None	2020-11-17 00:00:00	2021-02-17 00:00:00	None	Nuclei Vulnerability Scanner - IPS Event (IP=84,US)
18.219.18.158	32	GM	None	2021-03-09 00:00:00	2021-06-07 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=158,US)
18.219.21.208	32	RW	None	2021-03-13 00:00:00	2021-06-13 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=208,US)
18.219.69.242	32	RW	None	2021-03-13 00:00:00	2021-06-13 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=242,US)
18.220.7.51	32	BMP	None	2021-04-10 00:00:00	2021-07-09 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - 6hr Web Attacks (IP=51,US)
18.221.16.38	32	RT	None	2021-07-07 00:00:00	2021-10-05 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire Report (IP=38,US)
18.221.216.199	32	ZH	None	2021-07-03 00:00:00	2021-10-01 00:00:00	None	SQL injection - 6hr Web Attacks (IP=199,US)
18.221.64.196	32	GM	None	2021-03-29 00:00:00	2021-06-29 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=196,US)
18.222.198.3	32	BMP	None	2020-10-11 00:00:00	2021-01-11 00:00:00	None	SQL use of sleep function in HTTP header - likely SQL injection attempt - 6hr Web Attacks (IP=3,US)
18.222.239.74	32	ZH	None	2021-07-20 00:00:00	2021-10-18 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=74,US)
18.222.58.223	32	RW	None	2021-03-13 00:00:00	2021-06-13 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=223,US)
18.223.206.145	32	SW	None	2021-07-24 00:00:00	2021-10-22 00:00:00	None	ABC MULTIPLE UNRECOGNIZED TECHNIQUES; FORWARD TO DEV TEAM - ABC Report (IP=145,US)
18.223.23.170	32	GM	None	2021-01-26 00:00:00	2021-04-26 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=170,US)
18.224.0.81	32	DT	None	2021-03-14 00:00:00	2021-06-14 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=81,US)
18.224.132.170	32	BMP	None	2021-03-23 00:00:00	2021-06-21 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=170,US)
18.224.23.254	32	RW	None	2021-03-31 00:00:00	2021-06-30 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability - 6hr web attacks (IP=254,US)
18.228.213.135	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=135,BR)
18.228.48.145	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=145,BR)
18.230.153.185	24	BMP	None	2021-04-10 00:00:00	2021-07-10 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=185,BR)
18.231.155.124	24	BMP	None	2021-03-30 00:00:00	2021-06-28 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=124,BR)
18.231.94.162	24	RT	None	2021-05-24 00:00:00	2021-08-22 00:00:00	None	FTP Login Failed - 6hr Failed Logons(IP=162,BR)
18.232.104.183	32	BMP	None	2021-08-14 00:00:00	2021-11-12 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=183,US)
18.232.158.241	32	SW	None	2021-05-20 00:00:00	2021-08-19 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt SourceFire (IP=241,US)
18.232.159.98	32	BMP	None	2021-06-03 00:00:00	2021-09-01 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=98,US)
18.232.163.184	32	BMP	None	2021-08-15 00:00:00	2021-11-13 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - SoureFire (IP=184,US)
18.232.97.158	32	GM	None	2021-03-09 00:00:00	2021-06-28 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=158,US) | updated by DT Block expiration extended with reason HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=158,US)
18.233.158.24	32	CR	None	2021-05-31 00:00:00	2021-08-29 00:00:00	None	SSLv2 Client Hello Request Detected - IPS Event (IP=24,US)
18.234.118.80	32	PS	None	2021-05-19 00:00:00	2021-08-17 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2)-Sourcefire Report (IP=80,US)
18.234.123.148	32	BMP	None	2021-09-03 00:00:00	2021-12-02 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=148, US)
18.234.158.123	32	ZH	None	2021-08-22 00:00:00	2021-11-20 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - Sourcefire (IP=123,US)
18.234.172.128	32	BMP	None	2021-02-11 00:00:00	2021-05-11 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=128,US)
18.234.195.238	32	GM	None	2020-11-21 00:00:00	2021-02-21 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=238,US)
18.234.206.229	32	RT	None	2021-06-10 00:00:00	2021-09-08 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire Report (IP=229,US)
18.234.234.80	32	RT	None	2021-06-18 00:00:00	2021-09-16 00:00:00	None	Malicious Activity - TT# 21C01336 (IP=80,US)
18.234.67.145	32	GM	None	2020-11-20 00:00:00	2021-02-20 00:00:00	None	SSLv2 Client Hello Request Detected - FireEye CMS (IP=145,US)
18.234.68.236	32	AR	None	2021-07-02 00:00:00	2021-09-30 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=236,US)
18.237.205.164	32	BMP	None	2021-03-16 00:00:00	2021-06-14 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - 6hr Web Attacks (IP=164,US)
18.237.5.42	32	GM	None	2021-03-20 00:00:00	2021-06-18 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=42,US)
180.104.13.127	24	RB	None	2020-12-09 00:00:00	2021-03-09 00:00:00	None	OS-OTHER Bash CGI environment variable injection attempt - Sourcefire (IP=127,CN)
180.105.2.217	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=217,CN)
180.109.33.9	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=9,CN)
180.109.39.51	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=51,CN)
180.115.26.96	24	EE	None	2020-12-07 00:00:00	2021-03-07 00:00:00	None	POLICY-OTHER SAP NetWeaver AS LM - SourceFire (IP=96,CN)
180.118.2.212	32	srm	None	2021-04-26 00:00:00	2021-07-25 00:00:00	None	Firepower Suspicious Scan Activity (IP=212,CN)
180.124.248.36	24	KD	None	2021-06-04 00:00:00	2021-09-03 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (1:42857:3)- Source Fire (IP=36,CN)
180.126.55.40	32	srm	None	2021-04-20 00:00:00	2021-07-19 00:00:00	None	Firepower Suspicious Scan Activity (IP=40,CN)
180.127.124.132	24	FT	None	2020-11-09 00:00:00	2021-02-09 00:00:00	None	HTTP: php.cgi Buffer Overflow - 6hr web attacks (IP=132,CN)
180.129.17.234	24	RR	None	2021-05-18 00:00:00	2021-08-16 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - Web Attacks (IP=234,SG)
180.129.6.7	32	dbc	None	2020-06-10 00:00:00	2021-06-10 00:00:00	None	SG TO-S-2020-0601 Malicious Web Application Activity
180.131.241.113	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	JP TO-S-2021-0989 Hive Case # 4493 Malicious Web Application Activity
180.136.98.177	32	wmp	None	2021-04-30 00:00:00	2021-07-30 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=177,CN)
180.147.243.247	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	JP TO-S-2020-0331 Malicious Web Application Activity
180.148.208.0	21	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	BD TO-S-2020-0331 Malicious Web Application Activity
180.149.125.162	24	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=162,MN)
180.149.125.168	32	wmp	None	2021-02-12 00:00:00	2021-05-12 00:00:00	None	Imperva Suspicious Scan Activity (IP=168,MN)
180.150.66.211	24	EE	None	2021-04-20 00:00:00	2021-12-28 00:00:00	None	HIVE Case #6266 IOC_CVE-2021-22005 (IP=211,AU) | updated by EE Block was inactive. Reactivated on 20210929 with reason HIVE Case #6266 IOC_CVE-2021-22005 (IP=211,AU) HIVE Case #6266 IOC_CVE-2021-22005 (IP=211,AU)
180.150.66.211	24	EE	None	2021-04-20 00:00:00	2021-12-28 00:00:00	None	HIVE Case #6266 IOC_CVE-2021-22005 (IP=211,AU) | updated by EE Block was inactive. Reactivated on 20210929 with reason HIVE Case #6266 IOC_CVE-2021-22005 (IP=211,AU) HIVE Case #6266 IOC_CVE-2021-22005 (IP=211,AU)
180.150.66.211	24	EE	None	2021-04-20 00:00:00	2021-12-28 00:00:00	None	HIVE Case #6266 IOC_CVE-2021-22005 (IP=211,AU) | updated by EE Block was inactive. Reactivated on 20210929 with reason HIVE Case #6266 IOC_CVE-2021-22005 (IP=211,AU) HIVE Case #6266 IOC_CVE-2021-22005 (IP=211,AU)
180.150.66.211	24	EE	None	2021-09-29 00:00:00	2021-12-28 00:00:00	None	HIVE Case #6266 IOC_CVE-2021-22005 (IP=211,AU) | updated by EE Block was inactive. Reactivated on 20210929 with reason HIVE Case #6266 IOC_CVE-2021-22005 (IP=211,AU) HIVE Case #6266 IOC_CVE-2021-22005 (IP=211,AU)
180.150.66.211	24	EE	None	2021-09-29 00:00:00	2021-12-28 00:00:00	None	HIVE Case #6266 IOC_CVE-2021-22005 (IP=211,AU)
180.151.0.0	16	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	IN TO-S-2020-0331 Malware Activity
180.151.241.2	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	IN TO-S-2020-0331 Malicious Reconnaissance Activity
180.153.183.5	32	RW	None	2020-10-03 00:00:00	2021-01-03 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 21C00017 (IP=5,CN)
180.164.88.166	32	srm	None	2021-03-30 00:00:00	2021-06-30 00:00:00	None	Firepower Suspicious Scan Activity (IP=166,CN)
180.164.88.223	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=223,CN)
180.165.226.126	24	BMP	None	2021-03-30 00:00:00	2021-06-28 00:00:00	None	FTP Login Failed - 6hr Failed Logons (IP=126,CN)
180.178.124.0	22	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	KH Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
180.178.133.10	24	EE	None	2021-03-19 00:00:00	2021-06-17 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=10,PK)
180.178.145.2	24	BMP	None	2021-07-27 00:00:00	2021-10-25 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6hr Web Attacks (IP=2,PK)
180.178.33.0	24	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	HK Hive Case 4187 TO-S-2021-0898 Malicious Web Application Activity
180.178.43.0	24	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	HK Hive Case 4187 TO-S-2021-0898 Malicious Web Application Activity
180.18.46.55	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	JP TO-S-2021-0989 Hive Case # 4493 Malicious Web Application Activity
180.180.152.15	24	FT	None	2021-03-02 00:00:00	2021-05-31 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt- 6hr failed logonsweb attacks (IP=15,TH)
180.180.71.117	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	TH TO-S-2020-0298 Malicious Email Activity
180.180.71.182	24	RR	None	2021-05-24 00:00:00	2021-08-22 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - SourceFire (IP=182,TH)
180.182.141.111	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	KR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
180.182.141.113	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	KR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
180.182.229.204	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	KR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
180.182.234.21	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	KR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
180.182.234.22	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	KR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
180.182.234.23	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	KR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
180.182.236.144	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	KR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
180.182.245.94	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	KR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
180.188.232.100	24	ZH	None	2021-08-19 00:00:00	2021-11-17 00:00:00	None	Generic URI Injection wget Attempt - CMS IPS Alert (IP=100,IN)
180.188.236.149	32	srm	None	2021-03-30 00:00:00	2021-06-30 00:00:00	None	Firepower Suspicious Scan Activity (IP=149,IN)
180.188.236.18	32	srm	None	2021-04-22 00:00:00	2021-07-21 00:00:00	None	Firepower Suspicious Scan Activity (IP=18,IN)
180.188.236.83	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	HIVE Case #Firepower Firepower (IP=83,IN)
180.188.241.46	24	GM	None	2020-12-19 00:00:00	2021-03-19 00:00:00	None	Generic URI Injection wget Attempt - FireEye CMS (IP=46,IN)
180.188.242.123	32	srm	None	2021-05-11 00:00:00	2021-08-09 00:00:00	None	Firepower Suspicious Scan Activity (IP=123,IN)
180.188.247.38	24	GM	None	2020-11-29 00:00:00	2021-03-01 00:00:00	None	Generic URI Injection wget Attempt - FireEye CMS (IP=38,IN)
180.190.112.0	22	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	PH TO-S-2021-0941 Hive Case 4361 Malware Activity
180.194.139.128	24	EE	None	2021-04-20 00:00:00	2021-07-19 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - Failed Logon (IP=128,PH)
180.211.183.110	24	BB	None	2021-08-12 00:00:00	2021-11-10 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt (1:19559:13) - SourceFire (IP=110,BD)
180.215.197.146	24	RW	None	2020-12-21 00:00:00	2021-03-21 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr web attacks (IP=146,HK)
180.215.216.178	24	RR	None	2021-04-07 00:00:00	2021-07-06 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=178,HK)
180.215.218.54	24	CR	None	2021-05-31 00:00:00	2021-08-29 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=54,HK)
180.215.222.209	24	RB	None	2021-04-12 00:00:00	2021-07-11 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr web attacks (IP=209,SG)
180.215.223.247	24	DT	None	2021-02-02 00:00:00	2021-05-02 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - 6hr Web Attacks (IP=247,HK)
180.215.229.158	24	RB	None	2021-04-01 00:00:00	2021-06-30 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - Sourcefire (IP=158,SG)
180.215.43.123	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	SG TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
180.23.11.60	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	JP Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
180.232.147.156	24	EE	None	2021-01-21 00:00:00	2021-04-22 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt (1:19559:13) - SoureFire (IP=156,PH)
180.232.147.156	24	EE	None	2021-01-21 00:00:00	2021-04-22 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt (1:19559:13) - SoureFire (IP=156,PH)
180.232.147.156	24	EE	None	2021-01-21 00:00:00	2021-04-22 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt (1:19559:13) - SoureFire (IP=156,PH)
180.232.147.156	24	EE	None	2021-01-21 00:00:00	2021-04-22 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt (1:19559:13) - SoureFire (IP=156,PH)
180.233.124.226	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	AU TO-S-2020-0331 Malicious Web Application Activity
180.235.120.0	22	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	IN Hive Case 4237 TO-S-2021-0910 Malware Activity
180.235.129.144	32	wmp	None	2020-09-22 00:00:00	2021-10-29 00:00:00	None	HIVE Case #3941 TO-S-2020-0821 COLS-NA-TIP-20-0298 (IP=144,AU) | updated by dbc Block expiration extended with reason AU Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
180.241.135.195	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	ID TO-S-2020-0331 Malicious Web Application Activity
180.241.176.0	20	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	ID Hive Case 4187 TO-S-2021-0898 Malware Activity
180.241.240.0	22	TLM	None	2021-06-10 00:00:00	2021-12-10 00:00:00	None	HIVE CASE #5606 TO-S-2021-1338
180.241.246.0	23	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	ID Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
180.241.44.0	22	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	ID Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
180.241.44.11	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	ID TO-S-2020-0331 Malicious Web Application Activity
180.241.58.57	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	ID TO-S-2020-0331 Malicious Web Application Activity
180.241.81.143	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	ID TO-S-2020-0331 Malicious Web Application Activity
180.241.91.153	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	ID TO-S-2020-0298 Malicious Email Activity
180.242.180.0	22	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	ID TO-S-2020-0750 Malicious Email Activity
180.242.232.0	22	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	ID TO-S-2021-0876 Hive Case 4166 Malware Activity
180.242.66.0	23	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	ID TO-S-2020-0298 Malicious Email Activity
180.242.74.0	24	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,ID)
180.243.154.0	24	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5637 TO-S-2021-1321 (IP=0,ID)
180.243.69.251	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	ID TO-S-2020-0298 Malicious Email Activity
180.244.128.0	20	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	ID Hive Case 4187 TO-S-2021-0898 Malware Activity
180.244.196.0	22	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	ID TO-S-2020-0298 Malicious Email Activity
180.244.235.93	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	ID TO-S-2020-0303 Malicious Email Activity
180.244.64.0	21	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	ID Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
180.245.103.23	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	ID TO-S-2020-0298 Malicious Email Activity
180.245.168.0	21	jkc	None	2021-04-21 00:00:00	2021-10-21 00:00:00	None	Case # 5273 IOC_TO-S-2021-1233 Malicious callback IP
180.245.218.62	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	ID TO-S-2020-0331 Malicious Web Application Activity
180.246.112.0	23	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	ID TO-S-2020-0298 Malicious Email Activity
180.246.171.152	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	ID TO-S-2020-0303 Malicious Email Activity
180.246.172.0	22	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	ID TO-S-2020-0298 Malicious Email Activity
180.246.31.107	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	ID TO-S-2020-0303 Malicious Email Activity
180.248.120.0	22	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	ID Hive Case 4187 TO-S-2021-0898 Malware Activity
180.248.141.244	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	ID TO-S-2020-0331 Malicious Web Application Activity
180.248.55.67	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	ID TO-S-2020-0331 Malicious Web Application Activity
180.248.72.0	22	jkc	None	2021-04-21 00:00:00	2021-10-21 00:00:00	None	Case # 5273 IOC_TO-S-2021-1233 Malicious callback IP
180.249.167.73	24	DT	None	2021-02-02 00:00:00	2021-05-02 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6hr Failed Logons (IP=73,ID)
180.249.200.0	22	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	ID TO-S-2020-0750 Malicious Email Activity
180.249.8.0	21	TLM	None	2021-07-29 00:00:00	2021-10-27 00:00:00	None	HIVE Case #5884 TO-S-2021-1435 (IP=0,ID)
180.249.88.0	23	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	ID TO-S-2020-0298 Malicious Email Activity
180.251.161.93	24	RB	None	2021-05-09 00:00:00	2021-08-09 00:00:00	None	Hive Case #5410 (IP=93,ID)
180.251.181.69	24	RR	None	2021-06-07 00:00:00	2021-09-05 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - Failed Logns (IP=69,ID)
180.251.216.167	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	ID TO-S-2020-0303 Malicious Email Activity
180.252.92.138	24	BB	None	2021-08-06 00:00:00	2021-11-04 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - (IP=138,ID)
180.253.144.49	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	ID TO-S-2020-0303 Malicious Email Activity
180.253.16.0	21	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	ID TO-S-2020-0298 Malicious Email Activity
180.253.235.26	24	EE	None	2021-03-28 00:00:00	2021-06-26 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=26,ID)
180.254.109.70	24	DT	None	2021-06-25 00:00:00	2021-09-23 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt (1:19559:13) - Source Fire (IP=70,ID)
180.254.128.3	24	GM	None	2020-11-27 00:00:00	2021-02-27 00:00:00	None	SERVER-WEBAPP ZyXEL P660HN ADSL Router viewlog.asp command injection attempt - Web Attacks (IP=128,ID)
180.254.157.60	24	RR	None	2021-05-29 00:00:00	2021-08-27 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - SourceFire (IP=60,ID)
180.254.80.0	20	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	ID TO-S-2020-0298 Malicious Email Activity
180.28.104.242	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	JP TO-S-2020-0493 Malware Activity
180.36.63.38	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	JP TO-S-2020-0303 Malicious Email Activity
180.39.245.73	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	JP TO-S-2020-0303 Malicious Email Activity
180.48.126.185	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	JP TO-S-2020-0331 Malicious Web Application Activity
180.76.115.123	24	GM	None	2020-11-12 00:00:00	2021-02-12 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Web Attacks (IP=123,CN)
180.76.117.61	24	FT	None	2020-11-14 00:00:00	2021-02-22 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr Web Attacks (IP=61,CN)
180.76.143.249	24	RW	None	2021-04-29 00:00:00	2021-07-29 00:00:00	None	Hello Peppa Scan - Fireeye IPS (IP=249,CN)
180.76.152.12	24	RR	None	2021-04-01 00:00:00	2021-06-30 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=12,CN)
180.76.163.8	24	RR	None	2021-03-16 00:00:00	2021-06-14 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Sourcefire (IP=8,CN)
180.76.178.166	24	RB	None	2021-02-06 00:00:00	2021-05-07 00:00:00	None	FireEye IPS Hello Peppa Scan (IP=166,CN)
180.76.226.36	24	RB	None	2021-03-24 00:00:00	2021-06-22 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr web attacks (IP=36 CN)
180.76.231.116	24	GM	None	2021-01-06 00:00:00	2021-08-11 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Web Attacks (IP=116,CN) | updated by CR Block was inactive. Reactivated on 20210511 with reason INDICATOR-SCAN PHP backdoor scan attempt_Sourcefire (IP=116,CN)
180.76.233.127	24	BMP	None	2020-10-28 00:00:00	2021-01-26 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=127,CN)
180.76.239.199	24	GM	None	2021-03-04 00:00:00	2021-06-05 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=199,CN)
180.76.240.100	24	DT	None	2021-03-22 00:00:00	2021-06-20 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=100,CN)
180.76.245.22	24	BMP	None	2021-03-25 00:00:00	2021-06-23 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - 6hr Web Attacks (IP=22,CN)
180.76.54.70	24	EE	None	2021-01-22 00:00:00	2021-04-22 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6 Web Attacks (IP=70,CN)
180.76.99.94	24	EE	None	2020-11-20 00:00:00	2021-02-20 00:00:00	None	HTTP: Blind SQL Injection - Timing - Web Attacks (IP=94,CN)
180.92.224.0	20	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	BD TO-S-2020-0298 Malicious Email Activity
181.10.133.82	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	AR TO-S-2020-0331 Malicious Web Application Activity
181.10.53.193	24	FT	None	2020-10-05 00:00:00	2021-01-05 00:00:00	None	SERVER-WEBAPP WordPress SocialWarfare deprecated function access attempt - SourceFire (IP=193,AR)
181.111.56.0	21	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	AR TO-S-2021-0876 Hive Case 4166 Malware Activity
181.112.221.222	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	EC TO-S-2020-0303 Malicious Email Activity
181.112.224.0	21	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	EC Hive Case 4237 TO-S-2021-0910 Malware Activity
181.114.114.0	23	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	BO TO-S-2021-0876 Hive Case 4166 Malware Activity
181.114.134.0	24	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	AR TO-S-2020-0298 Malicious Email Activity
181.114.141.36	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	AR TO-S-2020-0303 Malicious Email Activity
181.114.146.22	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	AR TO-S-2020-0331 Malicious Web Application Activity
181.114.224.0	21	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,AR)
181.115.176.0	20	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,BO)
181.115.59.68	24	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=68,GT)
181.120.254.64	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	PY TO-S-2020-0331 Malicious Web Application Activity
181.122.160.0	20	TLM	None	2021-06-10 00:00:00	2021-12-10 00:00:00	None	HIVE CASE #5606 TO-S-2021-1338
181.123.12.0	22	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	PY TO-S-2020-0298 Malicious Email Activity
181.126.48.0	20	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	PY TO-S-2021-0876 Hive Case 4166 Malware Activity
181.143.111.170	24	SW	None	2021-07-22 00:00:00	2021-10-20 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - WebAttacks (IP=170, CO)
181.161.116.101	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	CL TO-S-2020-0303 Malicious Email Activity
181.163.35.31	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	CL TO-S-2020-0331 Malicious Web Application Activity
181.163.60.109	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	CL TO-S-2020-0331 Malicious Web Application Activity
181.167.96.0	19	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	AR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
181.174.102.25	24	EE	None	2021-02-12 00:00:00	2021-05-12 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6 HR Failed Logon (IP=25,GT)
181.174.94.0	24	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	GT TO-S-2020-0298 Malicious Email Activity
181.188.194.74	32	srm	None	2021-01-29 00:00:00	2021-04-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=74,EC)
181.188.224.13	24	BMP	None	2021-09-15 00:00:00	2021-12-14 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=13,EC)
181.188.224.13	32	DT	None	2021-09-12 00:00:00	2021-12-11 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 21C01833 (IP=13,EC)
181.188.66.231	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	TT TO-S-2020-0331 Malicious Web Application Activity
181.189.245.145	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	HN TO-S-2020-0303 Malicious Email Activity
181.191.142.63	24	RW	None	2021-05-02 00:00:00	2021-08-02 00:00:00	None	SQL injection - Web attacks (IP=63,AR)
181.191.206.130	24	BMP	None	2021-06-02 00:00:00	2021-08-31 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - 6hr Web Attacks (IP=130,BR)
181.192.0.0	19	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	AR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
181.192.64.0	20	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	AR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
181.199.170.210	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=210,AR)
181.199.170.222	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=222,AR)
181.199.170.230	32	srm	None	2021-01-28 00:00:00	2021-04-28 00:00:00	None	Firepower Suspicious Scan Activity (IP=230,AR)
181.199.170.240	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=240,AR)
181.199.86.172	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	EC TO-S-2020-0303 Malicious Email Activity
181.209.192.0	19	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,GT)
181.211.144.226	24	KD	None	2021-08-10 00:00:00	2021-11-08 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - SourceFire (IP=226,EC)
181.211.56.0	22	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	EC Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
181.211.7.126	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	EC TO-S-2020-0331 Malicious Web Application Activity
181.214.133.181	32	RW	None	2021-05-15 00:00:00	2021-08-13 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=181,US)
181.214.142.111	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	US TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
181.214.142.131	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	US Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
181.224.128.0	19	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,PA)
181.224.144.0	22	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	PA TO-S-2020-0698 Malicious Email Activity
181.224.224.0	19	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	PE Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
181.224.243.165	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	PE TO-S-2020-0331 Malicious Web Application Activity
181.29.132.59	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	AR TO-S-2020-0303 Malicious Email Activity
181.30.21.212	24	RB	None	2018-12-08 06:00:00	2021-01-06 00:00:00	None	MALWARE-BACKDOOR JSP webshell backdoor detected (IP=212,AR) | updated by GM Block was inactive. Reactivated on 20201006 with reason SERVER-WEBAPP vBulletin pre-authenticated command injection attempt - Web Attacks (IP=212,AR)
181.30.32.0	19	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	AR TO-S-2021-0876 Hive Case 4166 Malware Activity
181.31.243.209	24	GM	None	2020-11-12 00:00:00	2021-02-12 00:00:00	None	FTP Login Failed - Failed Logons (IP=209,AR)
181.39.48.6	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	EC TO-S-2020-0298 Malicious Email Activity
181.39.63.26	24	DT	None	2021-01-30 00:00:00	2021-04-30 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - 6hr Web Attacks (IP=26,EC)
181.46.194.146	24	EE	None	2021-04-02 00:00:00	2021-07-01 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt (1:19559:13) - SourceFire (IP=146,AR)
181.46.33.32	32	FT	None	2020-08-10 00:00:00	2021-01-21 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C03689 (IP=32,AR) | updated by RR Block expiration extended with reason HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 21C00175 (I
181.46.71.208	24	EE	None	2021-02-27 00:00:00	2021-05-27 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6 HR Failed Logons (IP=208,AR)
181.57.222.214	32	TLM	None	2021-07-29 00:00:00	2021-10-27 00:00:00	None	HIVE Case #5884 TO-S-2021-1435 (IP=214,CO)
181.58.65.179	24	EE	None	2021-04-08 00:00:00	2021-07-07 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt (1:19559:13) - SourceFire (IP=179,CO)
181.62.248.0	24	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	CO TO-S-2020-0298 Malicious Email Activity
181.64.11.35	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	PE TO-S-2020-0303 Malicious Email Activity
181.64.151.76	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	PE TO-S-2020-0298 Malicious Email Activity
181.65.137.10	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	PE TO-S-2020-0303 Malicious Email Activity
181.65.224.0	19	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	PE TO-S-2020-0838 Malware Activity
181.72.57.68	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	CL Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
181.90.173.5	24	DT	None	2021-08-04 00:00:00	2021-11-02 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt (1:19559:13) - Source Fire (IP=5,AR)
182.106.215.27	24	DT	None	2020-10-09 00:00:00	2021-01-09 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=27,CN)
182.106.215.27	24	DT	None	2020-10-09 00:00:00	2021-01-09 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=27,CN)
182.106.215.27	24	DT	None	2020-10-09 00:00:00	2021-01-09 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=27,CN)
182.111.247.237	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=237,CN)
182.114.81.236	32	srm	None	2021-03-30 00:00:00	2021-06-30 00:00:00	None	Firepower Suspicious Scan Activity (IP=236,CN)
182.116.109.115	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=115,CN)
182.116.110.0	24	FT	None	2020-10-19 00:00:00	2021-01-19 00:00:00	None	SSH_EVENT_RESPOVERFLOW (128:1:2) - SourceFire (IP=110,CN)
182.116.45.184	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=184,CN)
182.116.48.104	32	srm	None	2021-04-26 00:00:00	2021-07-25 00:00:00	None	Firepower Suspicious Scan Activity (IP=104,CN)
182.116.77.27	24	GM	None	2020-10-25 00:00:00	2021-01-25 00:00:00	None	Generic URI Injection wget Attempt - FireEye CMS (IP=27,CN)
182.116.97.204	32	srm	None	2021-05-14 00:00:00	2021-08-12 00:00:00	None	Firepower Suspicious Scan Activity (IP=204,CN)
182.117.161.98	32	srm	None	2021-04-22 00:00:00	2021-07-21 00:00:00	None	Firepower Suspicious Scan Activity (IP=98,CN)
182.117.25.248	24	FT	None	2020-10-05 00:00:00	2021-01-05 00:00:00	None	FILE-FLASH Adobe Flash Player Action InitArray stack overflow attempt (1:27754:5) - SourceFire (IP=248,CN)
182.117.26.235	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=235,CN)
182.117.42.141	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=141,CN)
182.118.136.4	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	HIVE Case #Firepower Firepower (IP=4,CN)
182.119.137.51	32	srm	None	2021-05-04 00:00:00	2021-08-02 00:00:00	None	Firepower Suspicious Scan Activity (IP=51,CN)
182.119.162.44	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	HIVE Case #Firepower Firepower (IP=44,CN)
182.119.167.52	32	srm	None	2021-03-30 00:00:00	2021-06-30 00:00:00	None	Firepower Suspicious Scan Activity (IP=52,CN)
182.119.189.201	32	srm	None	2021-05-17 00:00:00	2021-08-15 00:00:00	None	Firepower Suspicious Scan Activity (IP=201,CN)
182.119.191.248	32	srm	None	2021-05-05 00:00:00	2021-08-03 00:00:00	None	Firepower Suspicious Scan Activity (IP=248,CN)
182.119.196.211	32	wmp	None	2021-04-19 00:00:00	2021-07-19 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=211,CN)
182.120.122.180	24	GM	None	2021-01-26 00:00:00	2021-04-26 00:00:00	None	Generic URI Injection wget Attempt - FireEye CMS (IP=180,CN)
182.120.34.60	24	GM	None	2021-01-12 00:00:00	2021-04-12 00:00:00	None	Generic URI Injection wget Attempt - FireEye CMS (IP=60,CN)
182.120.37.248	32	srm	None	2021-04-22 00:00:00	2021-07-21 00:00:00	None	Firepower Suspicious Scan Activity (IP=248,CN)
182.121.114.117	32	srm	None	2021-03-30 00:00:00	2021-06-30 00:00:00	None	Firepower Suspicious Scan Activity (IP=117,CN)
182.121.127.101	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	HIVE Case #Firepower Firepower (IP=101,CN)
182.121.130.110	32	srm	None	2021-04-28 00:00:00	2021-07-27 00:00:00	None	Firepower Suspicious Scan Activity (IP=110,CN)
182.121.246.130	24	GM	None	2020-11-22 00:00:00	2021-02-22 00:00:00	None	Generic URI Injection wget Attempt - FireEye (IP=130,CN)
182.121.252.151	32	srm	None	2021-05-17 00:00:00	2021-08-15 00:00:00	None	Firepower Suspicious Scan Activity (IP=151,CN)
182.121.68.86	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=86,CN)
182.122.251.141	32	srm	None	2021-03-30 00:00:00	2021-06-30 00:00:00	None	Firepower Suspicious Scan Activity (IP=141,CN)
182.123.210.33	32	wmp	None	2021-04-29 00:00:00	2021-07-29 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=33,CN)
182.123.212.56	24	GM	None	2020-12-25 00:00:00	2021-03-25 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Web Attacks (IP=56,CN)
182.124.203.85	24	WR	None	2021-05-27 00:00:00	2021-08-25 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (1:42857:3) - SourceFire (IP=85,CN)
182.124.218.81	24	KH	None	2021-08-17 00:00:00	2021-11-15 00:00:00	None	Generic URI Injection wget Attempt
182.124.80.30	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=30,CN)
182.126.112.162	24	GM	None	2020-10-31 00:00:00	2021-01-31 00:00:00	None	Generic URI Injection wget Attempt - FireEye CMS (IP=162,CN)
182.126.196.17	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=17,CN)
182.127.138.155	32	srm	None	2021-04-30 00:00:00	2021-07-30 00:00:00	None	Firepower Suspicious Scan Activity (IP=155,CN)
182.127.155.157	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=157,CN)
182.127.155.189	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=189,CN)
182.127.74.122	24	RR	None	2021-01-07 00:00:00	2021-04-07 00:00:00	None	Generic URI Injection wget Attempt - IPS Events (IP=122,CN)
182.131.85.194	24	GM	None	2020-10-14 00:00:00	2021-01-14 00:00:00	None	Generic URI Injection wget Attempt - FireEye CMS (IP=194,CN)
182.134.251.37	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=37,CN)
182.140.244.185	32	KH	None	2021-09-20 00:00:00	2021-12-19 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 21C01903 (IP=185,CN)
182.140.244.185	24	RW	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Sourcefire (IP=185,NL)
182.151.43.36	32	AR	None	2021-07-04 00:00:00	2021-10-02 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6 Hr Web Attack (IP=36,US)
182.152.71.202	32	srm	None	2021-03-30 00:00:00	2021-06-30 00:00:00	None	Firepower Suspicious Scan Activity (IP=202,HK)
182.155.144.134	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	TW Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
182.155.145.2	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	TW Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
182.155.216.15	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=15,TW)
182.155.222.161	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	TW TO-S-2020-0535 Malicious Email Activity
182.16.166.42	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	ID TO-S-2020-0303 Malicious Email Activity
182.16.242.3	24	RB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr failed logons (IP=3,ID)
182.160.111.33	24	RR	None	2021-02-24 00:00:00	2021-06-24 00:00:00	None	Infection Match (CitrixNetScalerGateway) - Case 4973 (IP=33,BD)
182.161.38.75	24	RT	None	2021-08-05 00:00:00	2021-11-03 00:00:00	None	POLICY-OTHER PHP uri tag injection attempt - Sourcefire Report (IP=75,HK)
182.161.66.103	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	KR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
182.161.8.41	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	US TO-S-2020-0303 Malicious Email Activity
182.162.136.235	32	dbc	None	2020-06-10 00:00:00	2021-06-10 00:00:00	None	KR TO-S-2020-0601 Malicious Web Application Activity
182.162.170.147	24	BMP	None	2021-03-25 00:00:00	2021-06-23 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=147,KR)
182.163.104.0	24	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	BG TO-S-2020-0298 Malicious Email Activity
182.163.227.54	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	KR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
182.18.208.118	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=118,PH)
182.180.127.136	24	BMP	None	2021-01-04 00:00:00	2021-04-04 00:00:00	None	FTP Login Failed - 6hr Failed Logons (IP=136,PK)
182.180.67.230	24	RB	None	2020-11-30 00:00:00	2021-03-02 00:00:00	None	FTP Login Failed - 6hr failed login (IP=230,PK)
182.184.121.120	24	RB	None	2021-03-24 00:00:00	2021-06-22 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=120 PK)
182.185.34.239	24	BMP	None	2021-04-11 00:00:00	2021-07-10 00:00:00	None	FTP Login Failed - 6hr Failed Logons (IP=239,PK)
182.186.28.101	24	EE	None	2021-04-04 00:00:00	2021-07-03 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - Failed Logons (IP=101,PK)
182.191.119.119	24	RW	None	2021-08-11 00:00:00	2021-11-09 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - Failed logons (IP=119,PK)
182.191.28.77	24	RR	None	2020-10-20 00:00:00	2021-01-18 00:00:00	None	SERVER-WEBAPP F5 BIG-IP Traffic Management User Interface remote code execution attempt - SourceFire (IP=77,PK)
182.208.124.155	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=155,KR)
182.222.199.174	24	EE	None	2021-03-19 00:00:00	2021-06-17 00:00:00	None	SERVER-WEBAPP JBoss JMX console access attempt (1:21516:9) - SourceFire (IP=174,KR)
182.23.29.0	24	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	ID Hive Case 4187 TO-S-2021-0898 Malware Activity
182.237.20.0	22	dbc	None	2020-03-24 00:00:00	2021-03-24 00:00:00	None	US TO-S-2020-0369 Malicious Email Activity
182.253.123.86	24	GM	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=86,ID)
182.253.123.86	24	RR	None	2021-04-15 00:00:00	2021-07-14 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - SourceFire (IP=86,ID)
182.253.222.66	24	EE	None	2021-03-27 00:00:00	2021-06-25 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=66,ID)
182.253.62.172	32	srm	None	2021-03-30 00:00:00	2021-06-30 00:00:00	None	Firepower Suspicious Scan Activity (IP=172,ID)
182.253.62.187	24	RW	None	2021-04-19 00:00:00	2021-07-19 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Sourcefire (IP=187,ID)
182.253.90.122	24	BMP	None	2021-09-03 00:00:00	2021-12-02 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt (1:19559:13) - SourceFire (IP=122,ID)
182.253.90.201	24	EE	None	2021-02-13 00:00:00	2021-05-13 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6 HR Failed Logon (IP=201,ID)
182.254.146.173	24	DT	None	2021-01-05 00:00:00	2021-04-05 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=173,CN)
182.254.209.28	24	DT	None	2021-01-24 00:00:00	2021-04-24 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Web Attacks (IP=28,CN)
182.254.218.111	24	RB	None	2021-04-01 00:00:00	2021-11-06 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Sourcefire (IP=111,CN) | updated by BMP Block was inactive. Reactivated on 20210808 with reason SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=111,CN)
182.254.223.95	24	RB	None	2021-04-01 00:00:00	2021-06-30 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr web attacks (IP=95,CN)
182.254.231.89	24	BMP	None	2021-05-11 00:00:00	2021-08-11 00:00:00	None	FTP Login Failed - 6hr Failed Logons (IP=89,CN)
182.30.119.179	24	RR	None	2020-10-27 00:00:00	2021-01-25 00:00:00	None	INDICATOR-COMPROMISE php web shell upload attempt (1:49657:1) - SourceFire (IP=179,ID)
182.42.105.87	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=87,CN)
182.47.91.185	24	GM	None	2021-01-28 00:00:00	2021-04-28 00:00:00	None	Generic URI Injection wget Attempt - FireEye CMS (IP=185,CN)
182.48.81.46	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	BG TO-S-2020-0298 Malicious Email Activity
182.50.130.67	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	SG TO-S-2021-0876 Hive Case 4166 Malicious Web Application Activity
182.50.130.70	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=70,SG)
182.50.132.1	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	SG TO-S-2020-0459 Malware Activity
182.50.132.25	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	SG TO-S-2020-0459 Malware Activity
182.50.132.48	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	SG TO-S-2020-0459 Malware Activity
182.50.132.57	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	SG TO-S-2020-0459 Malware Activity
182.50.132.59	32	KD	None	2021-07-20 00:00:00	2021-10-18 00:00:00	None	INDICATOR-OBFUSCATION Base64 encoded String.fromCharCode (1:42111:2) - Source Fire (IP=59,US)
182.50.132.59	24	RR	None	2021-07-20 00:00:00	2021-10-18 00:00:00	None	INDICATOR-OBFUSCATION Base64 encoded String.fromCharCode - SourceFire (IP=59,SG)
182.50.132.86	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	SG TO-S-2020-0459 Malware Activity
182.50.135.108	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	SG TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
182.50.135.120	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	SG TO-S-2020-0459 Malware Activity
182.50.135.51	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	SG TO-S-2020-0459 Malware Activity
182.50.135.51	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	SG TO-S-2020-0459 Malware Activity
182.50.135.59	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	SG TO-S-2020-0459 Malware Activity
182.50.135.89	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=89,SG)
182.52.30.0	24	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	TH TO-S-2021-0941 Hive Case 4361 Malware Activity
182.53.13.20	24	BMP	None	2021-03-30 00:00:00	2021-06-28 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6hr Failed Logons (IP=20,TH)
182.53.137.83	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	TH TO-S-2020-0331 Malicious Web Application Activity
182.53.164.186	24	RB	None	2021-02-24 00:00:00	2021-05-25 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6hr failed logons (IP=186,TH)
182.53.64.0	19	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,TH)
182.56.121.115	32	NAB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HIVE Case #5136 TO-S-21-1197 TO-S-21-1197.01 (IP=115,IN)
182.58.161.114	24	CR	None	2021-04-16 00:00:00	2021-07-15 00:00:00	None	Hive Case 5265_Exploit.IoT.Mozi (IP=114,IN)
182.58.227.46	24	GM	None	2020-11-01 00:00:00	2021-02-01 00:00:00	None	Generic URI Injection wget Attempt - FireEye CMS (IP=46,IN)
182.59.99.84	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	IN TO-S-2021-0949 Hive Case 4363 Malware Activity
182.61.2.150	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=150,CN)
182.61.30.218	32	BMP	None	2020-12-12 00:00:00	2021-03-12 00:00:00	None	External Scanning - FireEye CMS (IP=218,US)
182.61.30.218	24	RR	None	2020-12-12 00:00:00	2021-03-12 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - Web Attacks (IP=218,CN)
182.68.219.207	24	FT	None	2021-01-29 00:00:00	2021-04-29 00:00:00	None	Apache Struts ConversionErrorInterceptor OGNL Script - TT# 21C00447 (IP=207,IN)
182.68.232.148	24	RR	None	2021-03-29 00:00:00	2021-06-27 00:00:00	None	SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0917 attack attempt -SourceFire (IP=148,IN)
182.68.64.185	24	EE	None	2021-04-02 00:00:00	2021-07-01 00:00:00	None	SQL injection - Web Attacks (IP=185,IN)
182.70.120.6	24	BMP	None	2021-06-02 00:00:00	2021-08-31 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=6,IN)
182.74.38.150	24	BMP	None	2021-03-25 00:00:00	2021-06-23 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=150,IN)
182.75.105.186	32	srm	None	2021-03-30 00:00:00	2021-06-30 00:00:00	None	Firepower Suspicious Scan Activity (IP=186,IN)
182.75.35.100	24	EE	None	2021-01-26 00:00:00	2021-04-26 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6 HR Web Attacks (IP=100,IN)
182.91.12.214	24	GM	None	2021-03-20 00:00:00	2021-06-18 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=214,CN)
182.93.54.42	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	HIVE Case #Firepower Firepower (IP=42,MO)
182.93.71.233	24	EE	None	2021-04-20 00:00:00	2021-07-19 00:00:00	None	HTTP SQL Injection Attempt - Web Attack (IP=233,NP)
182.99.206.126	24	BB	None	2021-08-06 00:00:00	2021-11-04 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - (IP=126,CN)
183.100.92.83	24	UA	None	2021-05-31 00:00:00	2021-08-29 00:00:00	None	SERVER-WEBAPP MVPower - Exploit - Web Attacks (IP=83,KR)
183.103.66.105	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	KR TO-S-2020-0298 Malicious Email Activity
183.109.80.156	24	GM	None	2020-11-05 00:00:00	2021-02-05 00:00:00	None	Generic URI Injection wget Attempt - FireEye CMS (IP=156,KR)
183.111.197.223	32	jkc	None	2020-06-26 00:00:00	2021-06-26 00:00:00	None	Case # 3146 - IOC_ CTO 20-172 malicious callback IP (ip=223,KR)
183.128.115.93	24	EE	None	2021-01-13 00:00:00	2021-04-13 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6 HR WEB ATTACK (IP=93,CN)
183.135.102.4	24	GM	None	2021-01-30 00:00:00	2021-04-30 00:00:00	None	Generic URI Injection wget Attempt - FireEye CMS (IP=4,CN)
183.136.225.14	32	wmp	None	2021-05-21 00:00:00	2021-08-21 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=14,CN)
183.136.225.52	32	srm	None	2021-04-20 00:00:00	2021-07-19 00:00:00	None	Firepower Suspicious Scan Activity (IP=52,CN)
183.136.225.8	24	RT	None	2021-07-10 00:00:00	2021-10-08 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire Report (IP=87,CN)
183.136.225.8	24	DT	None	2021-07-09 00:00:00	2021-10-07 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Source Fire (IP=8,CN)
183.136.226.3	24	BMP	None	2021-08-05 00:00:00	2021-11-03 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire (IP=3,CN)
183.14.88.22	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=22,CN)
183.141.124.225	24	RW	None	2021-03-08 00:00:00	2021-06-08 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=225,CN)
183.141.125.156	24	GLM	None	2021-04-05 00:00:00	2021-07-04 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=156,CN)
183.141.127.76	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=76,CN)
183.166.238.195	24	RB	None	2021-05-09 00:00:00	2021-08-07 00:00:00	None	FTP Login Failed - 6hr failed logons (IP=195,CN)
183.166.239.0	24	RB	None	2021-05-09 00:00:00	2021-08-07 00:00:00	None	FTP Login Failed - 6hr failed logons (IP=0,CN)
183.167.64.174	24	RB	None	2021-05-09 00:00:00	2021-08-07 00:00:00	None	FTP Login Failed - 6hr failed logons (IP=174,CN)
183.167.65.115	24	RB	None	2021-05-09 00:00:00	2021-08-07 00:00:00	None	FTP Login Failed - 6hr failed logons (IP=115,CN)
183.167.66.89	24	RB	None	2021-05-09 00:00:00	2021-08-07 00:00:00	None	FTP Login Failed - 6hr failed logons (IP=89,CN)
183.167.67.105	24	RB	None	2021-05-09 00:00:00	2021-08-07 00:00:00	None	FTP Login Failed - 6hr failed logons (IP=105,CN)
183.167.76.0	24	RB	None	2021-05-09 00:00:00	2021-08-07 00:00:00	None	FTP Login Failed - 6hr failed logons (IP=0,CN)
183.167.77.102	24	RB	None	2021-05-09 00:00:00	2021-08-07 00:00:00	None	FTP Login Failed - 6hr failed logons (IP=102,CN)
183.167.78.57	24	RB	None	2021-05-09 00:00:00	2021-08-07 00:00:00	None	FTP Login Failed - 6hr failed logons (IP=57,CN)
183.17.228.150	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=150,CN)
183.17.231.9	24	FT	None	2021-03-09 00:00:00	2021-06-07 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=9,CN)
183.181.88.113	32	dbc	None	2020-09-17 00:00:00	2021-09-17 00:00:00	None	JP TO-S-2020-0805 Malicious Email Activity
183.182.115.15	24	KD	None	2021-09-05 00:00:00	2021-12-04 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6hr Failed Logons (IP=15,LA)
183.188.194.224	24	DT	None	2021-06-21 00:00:00	2021-09-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=224,CN)
183.194.64.166	24	GM	None	2021-03-29 00:00:00	2021-06-29 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=166,CN)
183.196.226.241	24	RR	None	2021-03-09 00:00:00	2021-06-07 00:00:00	None	SSH2 Failed Login Attempt - Failed Logons (IP=241,CN)
183.215.90.34	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=34,CN)
183.220.226.109	24	EE	None	2021-03-27 00:00:00	2021-06-25 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=109,CN)
183.230.33.16	24	GM	None	2021-03-09 00:00:00	2021-06-07 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=16,CN)
183.230.61.24	24	GM	None	2020-11-01 00:00:00	2021-02-01 00:00:00	None	HTTP: SQL Injection Attempt Detected - Web Attacks (IP=24,CN)
183.232.48.168	32	srm	None	2021-02-05 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=168,CN) | updated by srm Block expiration extended with reason Firepower Suspicious Scan Activity (IP=168,CN)
183.237.190.19	24	CR	None	2020-11-17 00:00:00	2021-02-17 00:00:00	None	Hello Peppa Scan - IPS Event (IP=19,CN)
183.245.123.100	24	FT	None	2021-03-03 00:00:00	2021-06-02 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=100,CN)
183.246.176.179	24	RB	None	2021-05-17 00:00:00	2021-08-15 00:00:00	None	SERVER-WEBAPP vBulletin pre-authenticated command injection attempt - 6hr web attacks (IP=179,CN)
183.249.115.151	32	RR	None	2020-10-19 00:00:00	2021-01-17 00:00:00	None	vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 21C00159 (IP=151,CN)
183.3.221.241	32	wmp	None	2021-03-09 00:00:00	2021-06-09 00:00:00	None	Firepower Suspicious Scan Activity (IP=241,CN)
183.56.165.166	24	EE	None	2021-03-19 00:00:00	2021-06-17 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attack (IP=166,CN)
183.56.212.208	24	BMP	None	2020-05-16 00:00:00	2021-08-14 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - 6hr Web Attacks (IP=208,CN) | updated by RB Block was inactive. Reactivated on 20210516 with reason INDICATOR-SCAN PHP backdoor scan attempt - Sourcefire (IP=208,CN)
183.60.108.82	24	EE	None	2020-12-09 00:00:00	2021-03-09 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=82,CN)
183.61.164.182	24	BMP	None	2021-03-07 00:00:00	2021-06-07 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr Web Attacks (IP=182,CN)
183.61.9.57	24	RB	None	2020-11-11 00:00:00	2021-02-09 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr web attacks (IP=57,CN)
183.80.208.0	20	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	VN Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
183.80.21.57	24	BB	None	2021-07-24 00:00:00	2021-10-22 00:00:00	None	SERVER-WEBAPP Drupal Core 8 PHP object injection RCE attempt - Web Attacks (IP=57,VN)
183.80.224.0	20	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	VN Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
183.81.155.0	24	TLM	None	2021-07-29 00:00:00	2021-10-27 00:00:00	None	HIVE Case #5884 TO-S-2021-1435 (IP=0,ID)
183.81.184.0	21	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	KH Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
183.81.80.0	20	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	VN Hive Case 4187 TO-S-2021-0898 Malware Activity
183.81.98.28	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	US TO-S-2020-0303 Malicious Email Activity
183.81.98.88	24	BMP	None	2021-06-15 00:00:00	2021-09-13 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6hr Failed Logons (IP=88,VN)
183.82.5.187	24	JKC	None	2020-04-13 00:00:00	2021-04-13 00:00:00	None	CTR-20-0629 MALWARE CAMPAIGN HIVE CASE #2512 (IP=187, IN)
183.83.109.216	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=216,IN)
183.83.13.172	32	wmp	None	2021-04-19 00:00:00	2021-07-19 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=172,IN)
183.83.19.109	32	wmp	None	2021-04-27 00:00:00	2021-07-27 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=109,IN)
183.83.217.3	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=3,IN)
183.83.26.50	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=50,IN)
183.83.46.52	24	UA	None	2021-08-16 00:00:00	2021-11-14 00:00:00	None	SERVER-WEBAPP JBoss JMX console access attempt (1:21516:9) - Sourcefire (IP=52,IN)
183.87.107.187	24	RR	None	2021-06-06 00:00:00	2021-09-04 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - SourceFire (IP=187,In)
183.87.107.187	24	RB	None	2021-06-06 00:00:00	2021-09-04 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - 6hr web attacks (IP=187,IN)
183.87.134.134	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	IN TO-S-2020-0303 Malicious Email Activity
183.88.0.158	24	RR	None	2021-03-02 00:00:00	2021-05-31 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - SourceFire (IP=158,TH)
183.88.145.33	24	EE	None	2021-03-12 00:00:00	2021-06-10 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - SourceFire (IP=33,TH)
183.88.243.192	32	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	TH TO-S-2020-0315 Malicious Web Application Activity
183.88.243.223	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=223,TH)
183.88.3.157	32	jkc	None	2021-04-21 00:00:00	2021-10-21 00:00:00	None	Case # 5273 IOC_TO-S-2021-1233 Malicious callback IP
183.88.32.215	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	TH TO-S-2020-0303 Malicious Email Activity
183.88.62.108	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	TH TO-S-2020-0303 Malicious Email Activity
183.89.160.213	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	TH TO-S-2020-0298 Malicious Email Activity
183.89.182.21	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	TH Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
183.89.212.159	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=159,TH)
183.89.214.184	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=184,TH)
183.89.237.71	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=71,TH)
183.89.237.96	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=96,TH)
183.89.249.158	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	TH TO-S-2021-0876 Hive Case 4166 Malware Activity
183.89.40.90	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	TH TO-S-2020-0331 Malicious Web Application Activity
183.89.6.1	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	TH Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
183.89.83.198	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=198,TH)
183.90.169.5	32	jkc	None	2021-04-21 00:00:00	2021-10-21 00:00:00	None	Case # 5273 IOC_TO-S-2021-1233 Malicious callback IP
183.90.232.43	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	JP TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
183.90.242.52	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	JP TO-S-2020-0493 Malware Activity
183.90.250.25	32	NAB	None	2020-10-30 00:00:00	2021-01-28 00:00:00	None	HIVE Case #4238 COLS-NA-TIP-20-0344 (IP=25,JP)
183.90.37.224	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	SG TO-S-2020-0535 Malware Activity
183.93.203.244	24	RW	None	2021-04-19 00:00:00	2021-07-19 00:00:00	None	SERVER-WEBAPP Liferay arbitrary Java object deserialization attempt - Sourcefire (IP=244,CN)
183.98.48.36	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	KR TO-S-2020-0298 Malicious Email Activity
184.102.76.4	32	BMP	None	2021-01-13 00:00:00	2021-04-13 00:00:00	None	SSH2 Failed Login Attempt - 6hr Failed Logons (IP=4,US)
184.105.253.154	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=154,US)
184.105.50.214	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	US TO-S-2021-1007 Unknown Malicious Activity
184.105.69.21	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
184.106.10.72	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	US TO-S-2020-0298 Malware Activity
184.106.12.158	32	TLM	None	2021-06-14 00:00:00	2021-12-14 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=158,US)
184.106.243.118	32	dbc	None	2020-05-14 00:00:00	2021-05-14 00:00:00	None	US TO-S-2020-0514 Malware Activity
184.107.253.10	32	dbc	None	2020-03-24 00:00:00	2021-03-24 00:00:00	None	CA TO-S-2020-0369 Malicious Email Activity
184.107.35.137	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	CA TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
184.107.41.75	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	CA Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
184.107.72.134	32	wmp	None	2020-06-19 00:00:00	2021-08-24 00:00:00	None	HIVE Case #3038 CTO-20-168 (IP=134,CA) | updated by dbc Block expiration extended with reason CA TO-S-2020-0750 Malicious Email Activity
184.154.119.130	32	NAB	None	2021-01-11 00:00:00	2021-04-11 00:00:00	None	HIVE Case #NA FP Security (IP=130,US)
184.154.13.122	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
184.154.15.188	32	wmp	None	2020-08-31 00:00:00	2021-10-08 00:00:00	None	HIVE Case #3723 COLS-NA-TIP-20-0275 (IP=188,US) | updated by dbc Block expiration extended with reason HIVE Case #4064 TO-S-2020-0859 (IP=188,US)
184.154.156.131	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	US TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
184.154.163.146	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	US TO-S-2020-0698 Malicious Email Activity
184.154.233.83	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	US TO-S-2020-0698 Malicious Email Activity
184.154.44.226	32	GM	None	2020-11-29 00:00:00	2021-03-01 00:00:00	None	SSLv2 Client Hello Request Detected - FireEye CMS (IP=226,US)
184.154.47.2	32	ABC	None	2017-11-25 06:00:00	2021-01-08 00:00:00	None	ET POLICY Suspicious inbound to mySQL port 3306 (IP=2,US) | updated by GM Block was inactive. Reactivated on 20201008 with reason SSLv2 Client Hello Request Detected - FE CMS/IPS alerts (IP=2,US)
184.154.52.138	32	dbc	None	2020-05-13 00:00:00	2021-05-13 00:00:00	None	Unaffiliated TO-S-2020-0503 Malicious Email Activity
184.154.73.76	32	KF	None	2020-01-25 00:00:00	2021-05-07 00:00:00	None	HTTP: Blind SQL Injection - Timing (IP=76,US) | updated by dbc Block was inactive. Reactivated on 20200507 with reason US TO-S-2020-0493 Malware Activity
184.154.95.146	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=146,US)
184.159.225.184	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=184,US)
184.161.10.214	24	GM	None	2021-01-30 00:00:00	2021-04-30 00:00:00	None	Generic URI Injection wget Attempt - FireEye CMS (IP=214,CA)
184.164.132.114	32	dbc	None	2020-06-10 00:00:00	2021-06-10 00:00:00	None	Unaffiliated TO-S-2020-0601 Malicious Email Activity
184.168.127.147	24	KH	None	2021-09-04 00:00:00	2021-12-03 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt (1:28556:3) - Sourcefire (IP=147,SG)
184.168.138.1	32	NAB	None	2021-01-22 00:00:00	2021-04-22 00:00:00	None	HIVE Case #NA FP Security (IP=1,US)
184.168.152.2	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
184.168.170.95	32	dbc	None	2020-05-13 00:00:00	2021-05-13 00:00:00	None	Unaffiliated TO-S-2020-0503 Malicious Email Activity
184.168.172.1	32	NAB	None	2021-01-07 00:00:00	2021-04-07 00:00:00	None	HIVE Case #NA FP Security (IP=1,US)
184.168.185.1	32	wmp	None	2020-09-24 00:00:00	2021-10-29 00:00:00	None	HIVE Case #3974 COLS-NA-TIP-20-0301 (IP=1,US) | updated by dbc Block expiration extended with reason US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
184.168.192.62	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	US TO-S-2021-0949 Hive Case 4363 Malicious Email Activity
184.168.221.57	32	NAB	None	2021-03-08 00:00:00	2021-06-06 00:00:00	None	HIVE Case #5021 TO-S-2021-1116 COLS-NA-TIP-21-0047 (IP=57,US)
184.168.224.116	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	US TO-S-2020-0493 Malware Activity
184.168.224.169	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=169,US)
184.168.224.226	32	RB	None	2018-06-15 05:00:00	2021-04-23 00:00:00	None	SQL use of sleep function with and - likely SQL injection (IP=226,US) | updated by dbc Block was inactive. Reactivated on 20200423 with reason US TO-S-2020-0459 Malware Activity
184.168.224.227	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
184.168.233.1	32	dbc	None	2020-09-17 00:00:00	2021-09-17 00:00:00	None	US TO-S-2020-0805 Malicious Email Activity
184.171.252.77	32	wmp	None	2020-08-31 00:00:00	2021-10-29 00:00:00	None	HIVE Case #3723 COLS-NA-TIP-20-0275 (IP=77,US) | updated by dbc Block expiration extended with reason US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
184.173.26.50	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	DE TO-S-2020-0698 Malicious Email Activity
184.174.131.240	32	BMP	None	2020-10-19 00:00:00	2021-01-17 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6hr Failed Logon (IP=240,US)
184.174.179.212	32	UA	None	2021-06-22 00:00:00	2021-09-22 00:00:00	None	SERVER-OTHER Cisco IOS invalid IKE fragment length memory corruption or exhaustion attempt (IP=212,US)
184.175.86.193	32	wmp	None	2020-09-03 00:00:00	2021-10-21 00:00:00	None	HIVE Case #3770 TO-S-2020-0779 COLS-NA-TIP-20-0280 (IP=193,US) | updated by dbc Block expiration extended with reason US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
184.182.213.50	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=50,US)
184.185.255.117	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=117,US)
184.186.192.162	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=162,US)
184.188.101.157	32	GM	None	2021-01-05 00:00:00	2021-04-05 00:00:00	None	OS-OTHER Bash CGI environment variable injection attempt - Web Attacks (IP=157,US)
184.22.164.0	22	TLM	None	2021-07-29 00:00:00	2021-10-27 00:00:00	None	HIVE Case #5884 TO-S-2021-1435 (IP=0,TH)
184.22.226.177	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	TH TO-S-2020-0331 Malicious Web Application Activity
184.26.143.98	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	Unaffiliated TO-S-2020-0535 Malware Activity
184.27.76.115	32	KH	None	2021-06-30 00:00:00	2021-07-08 00:00:00	None	INDICATOR-COMPROMISE Content-Type text/plain containing Portable Executable data (1:38619:5) - SourceFire (IP=115,US) | unblocked - IP is owned by Akamai with zero alerts in talos and virus total.
184.68.86.182	32	jkc	None	2020-06-26 00:00:00	2021-06-26 00:00:00	None	Case # 3146 - IOC_ CTO 20-172 malicious callback IP (ip= 182,CA)
184.69.149.206	24	FT	None	2021-04-06 00:00:00	2021-07-05 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr web attacks (IP=115,CA)
184.71.203.182	24	BMP	None	2021-04-10 00:00:00	2021-07-10 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=182,CA) | updated by RW Block expiration extended with reason SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Sourcefire (IP=182,CA)
184.72.146.161	32	PS	None	2021-05-19 00:00:00	2021-08-17 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2)-Sourcefire Report (IP=161,US)
184.73.113.96	32	DT	None	2021-08-31 00:00:00	2021-11-29 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Source Fire (IP=96,US)
184.73.45.5	32	AR	None	2021-07-11 00:00:00	2021-10-09 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=5,US)
184.73.63.167	32	BMP	None	2021-05-27 00:00:00	2021-08-25 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=167,US)
184.73.85.4	32	RT	None	2021-06-10 00:00:00	2021-09-08 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire Report (IP=4,US)
184.82.106.39	24	EE	None	2021-01-13 00:00:00	2021-04-13 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt (1:19559:13) - SOURCEFIRE (IP=39,TH)
184.82.160.0	19	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	TH TO-S-2021-1007 Malware Activity
184.82.31.252	24	EE	None	2021-03-12 00:00:00	2021-06-10 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - Failed Logon (IP=252,TH)
184.82.77.237	24	BMP	None	2021-06-26 00:00:00	2021-09-24 00:00:00	None	SSH2 Failed Login Attempt - 6hr Failed Logons (IP=237,TH)
184.88.144.26	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=26,US)
184.91.51.188	32	GM	None	2019-07-27 00:00:00	2021-02-20 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers authentication bypass attempt - Sourcefire (IP=188,US) | updated by dbc Block was inactive. Reactivated on 20200220 with reason CA TO-S-2020-0303 Malicious Email Activity
184.94.150.25	32	GED	None	2020-12-04 00:00:00	2021-03-04 00:00:00	None	HIVE Case #NA FP CIO Policy (IP=25,US)
184.95.46.53	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	US TO-S-2020-0303 Malicious Email Activity
184.95.50.202	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
184.95.51.101	32	NAB	None	2020-11-12 00:00:00	2021-11-19 00:00:00	None	HIVE Case #4296 COLS-NA-TIP-20-0347 (IP=101,US) | updated by dbc Block expiration extended with reason US TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
184.98.46.177	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=177,US)
185.10.165.62	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	GB TO-S-2020-0298 Malicious Email Activity
185.100.59.59	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	NL TO-S-2020-0493 Malicious Web Application Activity
185.100.86.128	32	EE	None	2021-03-09 00:00:00	2021-06-07 00:00:00	None	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00658 (IP=128,FI)
185.100.87.240	24	FT	None	2021-01-29 00:00:00	2021-04-29 00:00:00	None	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00446 (IP=240,RO)
185.100.87.251	32	RW	None	2021-03-10 00:00:00	2021-06-10 00:00:00	None	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00663 (IP=251,RO)
185.100.87.251	32	RW	None	2021-03-10 00:00:00	2021-06-10 00:00:00	None	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00663 (IP=251,RO) HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00663 (IP=251,RO)
185.101.16.0	24	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	LB Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
185.101.92.3	32	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	DE TO-S-2020-0315 Malicious Web Application Activity
185.102.136.0	24	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,RU)
185.103.136.0	22	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	RS Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
185.103.45.3	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	DE Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
185.103.46.3	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	DE Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
185.103.47.3	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	DE Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
185.104.152.243	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	ES TO-S-2020-0459 Malware Activity
185.104.152.65	32	dbc	None	2020-03-24 00:00:00	2021-03-24 00:00:00	None	ES TO-S-2020-0369 Malicious Email Activity
185.104.180.0	22	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	OM Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
185.104.186.2	24	EE SERVER-WEBAPP	None	2021-02-15 00:00:00	2021-05-15 00:00:00	None	Oracle Glassfish unauthenticated directory traversal attempt - 6 HR Web Attacks (IP=2,BE)
185.104.245.0	24	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	LB Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
185.104.252.0	22	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	LB TO-S-2020-0303 Malicious Email Activity
185.104.29.0	24	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5629 TO-S-2021-1303 (IP=0,NL)
185.104.29.0	24	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5629 TO-S-2021-1303 (IP=0,NL)
185.104.29.12	32	dbc	None	2020-06-10 00:00:00	2021-06-10 00:00:00	None	Unaffiliated TO-S-2020-0601 Malicious Email Activity
185.104.29.26	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=26,NL)
185.104.29.28	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	NL TO-S-2020-0535 Malware Activity
185.104.29.68	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	NL TO-S-2020-0459 Malware Activity
185.104.29.70	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	NL TO-S-2020-0303 Malicious Web Application Activity
185.104.68.0	22	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	LB TO-S-2020-0303 Malicious Email Activity
185.105.109.19	32	NAB	None	2021-05-11 00:00:00	2021-11-11 00:00:00	None	HIVE Case #5422 DARKSIDE Ransomware (IP=19,RU)
185.105.184.0	24	TLM	None	2021-06-17 00:00:00	2021-12-17 00:00:00	None	HIVE Case #5644 TO-S-2021-1352 (IP=0,IR)
185.105.7.241	32	ZH	None	2021-07-13 00:00:00	2021-10-11 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt (1:28556:3) - Sourcefire Rpt (IP=241,US)
185.106.100.0	22	kmw	None	2020-01-02 00:00:00	2021-01-02 00:00:00	None	CY TO-S-2020-0228 Malicious Email Activity
185.106.120.105	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	US TO-S-2020-0298 Malicious Email Activity
185.106.128.0	24	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	IL Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
185.106.144.0	22	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	IR TO-S-2020-0303 Malicious Email Activity
185.106.96.134	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	US TO-S-2021-1007 Malware Activity
185.107.205.140	32	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	IT TO-S-2020-0315 Malicious Web Application Activity
185.107.212.74	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	NL Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
185.107.232.244	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=244,FR)
185.107.237.133	24	RR	None	2021-05-29 00:00:00	2021-08-27 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - SourceFire (IP=133,NL)
185.107.3.8	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=8,ES)
185.107.47.215	24	RB	None	2021-05-15 00:00:00	2021-08-13 00:00:00	None	SQL injection - 6hr web attacks (IP=215,NL)
185.108.20.0	22	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	RU TO-S-2020-0331 Command and Control Exploit
185.109.26.137	24	KH	None	2021-09-23 00:00:00	2021-12-22 00:00:00	None	Drupal Core CVE-2018-7600 Form Rendering Post_render RCE - FE IPS (IP=137,IT)
185.109.52.0	22	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,UA)
185.11.125.202	32	wmp	None	2020-08-03 00:00:00	2021-09-29 00:00:00	None	HIVE Case #3444 COLS-NA-TIP-20-0242 (IP=202,IL) | updated by dbc Block expiration extended with reason FR TO-S-2020-0838 Malicious Email Activity
185.11.224.44	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=44,IT)
185.11.250.130	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	TR Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
185.11.28.0	22	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	UA Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
185.111.106.28	24	BMP	None	2021-03-30 00:00:00	2021-06-28 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=28,KZ)
185.111.184.106	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	ES TO-S-2020-0331 Malicious Web Application Activity
185.112.145.153	32	TLM	None	2021-07-29 00:00:00	2021-10-27 00:00:00	None	HIVE Case #5884 TO-S-2021-1435 (IP=153,IS)
185.112.148.0	22	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	IR TO-S-2020-0298 Malicious Email Activity
185.112.250.125	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	US TO-S-2020-0303 Malicious Email Activity
185.112.35.0	22	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	IR TO-S-2020-0315 Malicious Web Application Activity
185.112.82.29	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=29,RU)
185.113.128.30	32	GM	None	2021-03-09 00:00:00	2021-06-07 00:00:00	None	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00642 (IP=30,GB)
185.113.141.220	32	dbc	None	2020-09-17 00:00:00	2021-09-17 00:00:00	None	PT TO-S-2020-0805 Malicious Email Activity
185.115.100.69	32	srm	None	2021-01-29 00:00:00	2021-04-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=69,LB)
185.117.82.71	32	jkc	None	2021-04-21 00:00:00	2021-10-21 00:00:00	None	Case # 5273 IOC_TO-S-2021-1233 Malicious callback IP
185.118.12.0	22	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	IR Hive Case 4237 TO-S-2021-0910 Malicious Web Application Activity
185.118.143.47	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	TR Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
185.118.164.0	22	dcg	None	2018-10-04 05:00:00	2021-08-24 00:00:00	None	RU TO-S-2018-1204 Indicator associated with malware activity. | updated by dbc Block was inactive. Reactivated on 20200824 with reason RU TO-S-2020-0750 Malware Activity
185.118.213.46	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	PL TO-S-2020-0303 Malicious Email Activity
185.118.24.0	22	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	LB Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
185.119.173.104	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	GB TO-S-2020-0331 Malicious Email Activity
185.119.173.54	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	GB TO-S-2020-0535 Malicious Email Activity
185.119.56.171	24	EE	None	2021-04-04 00:00:00	2021-07-03 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attack (IP=171,RU)
185.12.224.0	22	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	RU Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
185.12.45.116	32	RW	None	2021-03-10 00:00:00	2021-06-08 00:00:00	None	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00667 (IP=116,PA)
185.12.45.117	32	RW	None	2021-03-10 00:00:00	2021-06-10 00:00:00	None	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00663 (IP=117,PA)
185.12.45.118	32	RW	None	2021-03-10 00:00:00	2021-06-10 00:00:00	None	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00663 (IP=118,PA)
185.12.56.133	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	NO TO-S-2020-0493 Malware Activity
185.12.76.0	22	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	BA TO-S-2020-0298 Malicious Email Activity
185.122.59.134	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	NL TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
185.123.233.196	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	IT Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
185.124.156.0	22	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	IR TO-S-2020-0331 Malicious Web Application Activity
185.124.180.198	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	IT TO-S-2020-0331 Malicious Web Application Activity
185.124.87.169	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=169,TR)
185.125.120.0	22	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	BA TO-S-2020-0303 Malicious Email Activity
185.125.169.31	24	GM	None	2021-02-02 00:00:00	2021-05-02 00:00:00	None	SERVER-WEBAPP JBoss admin-console access - Web Attacks (IP=31,NO)
185.125.207.135	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	GB Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
185.125.207.246	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	GB Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
185.125.228.0	22	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	RU TO-S-2020-0315 Malicious Web Application Activity
185.125.91.22	24	RW	None	2021-04-18 00:00:00	2021-07-18 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web attacks (IP=22,KZ)
185.128.137.0	24	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	IR Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
185.128.138.0	24	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5637 TO-S-2021-1321 (IP=0,IR)
185.128.139.0	24	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,IR)
185.128.15.166	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	ES TO-S-2020-0298 Malicious Email Activity
185.128.27.106	24	GM	None	2021-02-02 00:00:00	2021-05-04 00:00:00	None	SERVER-WEBAPP JBoss admin-console access - Web Attacks (IP=106,IT) | updated by RR Block expiration extended with reason SERVER-WEBAPP JBoss admin-console access - SourceFire (IP=106,IT)
185.129.212.0	22	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	IR TO-S-2020-0838 Malware Activity
185.129.216.0	22	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	IR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
185.129.4.0	22	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	IQ Hive Case 4237 TO-S-2021-0910 Malicious Reconnaissance Activity
185.13.39.253	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	FR TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
185.130.215.162	32	NAB	None	2020-10-30 00:00:00	2021-01-28 00:00:00	None	HIVE Case #4238 COLS-NA-TIP-20-0344 (IP=162,RU)
185.130.227.65	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	NL TO-S-2020-0459 Malware Activity
185.131.241.227	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	PL TO-S-2020-0331 Malicious Web Application Activity
185.131.241.238	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	PL TO-S-2020-0303 Malicious Email Activity
185.133.42.22	24	RT	None	2021-06-23 00:00:00	2021-09-21 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt (1:28556:3) - Sourcefire Report (IP=22,RU)
185.134.22.3	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	GB Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
185.134.30.55	32	dbc	None	2020-09-17 00:00:00	2021-09-17 00:00:00	None	DK TO-S-2020-0805 Malicious Email Activity
185.135.116.52	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	ES Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
185.135.198.0	24	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	IQ Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
185.135.81.80	24	BMP	None	2021-05-26 00:00:00	2021-08-24 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt (1:28556:3) - SourceFire (IP=80,RU)
185.135.81.80	24	BMP	None	2021-05-26 00:00:00	2021-08-24 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt (1:28556:3) - SourceFire (IP=80,RU)
185.135.88.254	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	PL TO-S-2020-0698 Malicious Email Activity
185.135.91.124	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=124,PL)
185.136.148.0	22	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	IQ Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
185.136.159.10	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	DE TO-S-2020-0303 Malicious Email Activity
185.136.171.180	32	dbc	None	2020-03-24 00:00:00	2021-03-24 00:00:00	None	DE TO-S-2020-0369 Malicious Email Activity
185.137.168.167	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	DE Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
185.137.168.76	32	wmp	None	2020-08-24 00:00:00	2021-10-21 00:00:00	None	HIVE Case #3623 COLS-NA-TIP-20-0266 (IP=76,DE) | updated by dbc Block expiration extended with reason DE TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
185.137.218.0	24	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	UA Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
185.137.232.0	22	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	RU TO-S-2020-0331 Command and Control Exploit
185.137.234.21	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	RU TO-S-2020-0331 Command and Control Exploit
185.137.234.25	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	RU TO-S-2020-0331 Command and Control Exploit
185.139.69.187	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	HIVE Case #Firepower Firepower (IP=187,RU)
185.14.185.102	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	NL Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
185.14.192.0	22	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	UA Hive Case 4237 TO-S-2021-0910 Malware Activity
185.14.233.160	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	CZ TO-S-2020-0331 Malicious Web Application Activity
185.14.248.0	22	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	IQ Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
185.14.56.96	32	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	ES TO-S-2020-0838 Malicious Email Activity
185.14.57.96	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	ES Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
185.140.101.96	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	PL TO-S-2020-0298 Malicious Email Activity
185.140.180.0	22	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	PS TO-S-2020-0698 Malicious Email Activity
185.140.52.0	22	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	SE TO-S-2020-0315 Malicious Web Application Activity
185.141.104.0	22	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	IR TO-S-2020-0331 Malicious Web Application Activity
185.141.168.0	22	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	IR TO-S-2020-0698 Malware Activity
185.141.168.82	32	dbc	None	2020-05-13 00:00:00	2021-05-13 00:00:00	None	Unaffiliated TO-S-2020-0503 Malicious Email Activity
185.141.63.47	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	BG Hive Case 4187 TO-S-2021-0898 Malicious Web Application Activity
185.142.184.67	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	DE TO-S-2020-0331 Malware Activity
185.142.236.163	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	NL TO-S-2021-0876 Hive Case 4166 Malware Activity
185.142.236.34	32	DT	None	2020-10-05 00:00:00	2021-08-12 00:00:00	None	HTTP: Microsoft Windows HTTP.sys Remote Code Execution (CVE-2015-1635) - TT # 21C00035 (IP=34,NL) | updated by srm Block was inactive. Reactivated on 20210514 with reason Firepower Suspicious Scan Activity (IP=34,NL) Firepower Suspicious Scan Activity
185.142.236.34	32	srm	None	2021-05-14 00:00:00	2021-08-12 00:00:00	None	HTTP: Microsoft Windows HTTP.sys Remote Code Execution (CVE-2015-1635) - TT # 21C00035 (IP=34,NL) | updated by srm Block was inactive. Reactivated on 20210514 with reason Firepower Suspicious Scan Activity (IP=34,NL) Firepower Suspicious Scan Activity
185.142.236.34	24	ZH	None	2021-06-01 00:00:00	2021-08-30 00:00:00	None	SERVER-IIS Microsoft IIS Range header integer overflow attempt - Sourcefire (IP=34,NL) | updated by ZH Block was inactive. Reactivated on 20210601 with reason INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire
185.142.236.34	24	RW	None	2020-06-08 00:00:00	2021-08-30 00:00:00	None	SERVER-IIS Microsoft IIS Range header integer overflow attempt - Sourcefire (IP=34,NL) | updated by ZH Block was inactive. Reactivated on 20210601 with reason INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire
185.142.236.35	32	srm	None	2021-05-11 00:00:00	2021-08-09 00:00:00	None	Firepower Suspicious Scan Activity (IP=35,NL)
185.142.236.36	32	srm	None	2021-05-11 00:00:00	2021-08-09 00:00:00	None	Firepower Suspicious Scan Activity (IP=36,NL)
185.142.236.40	32	GM	None	2021-02-20 00:00:00	2021-08-16 00:00:00	None	HTTP: Microsoft Windows HTTP.sys Remote Code Execution (CVE-2015-1635) - TT # 21C00524 (IP=40,NL) | updated by CR Block expiration extended with reason HTTP: Microsoft Windows HTTP.sys Remote Code Execution (CVE-2015-1635) - 21C01187 (IP=40,NL) HTTP: M
185.142.236.40	24	RR	None	2021-05-28 00:00:00	2021-08-26 00:00:00	None	SERVER-IIS Microsoft IIS Range header integer overflow attempt - SourceFire (IP=40,NL)
185.142.236.40	32	CR	None	2021-05-18 00:00:00	2021-08-16 00:00:00	None	HTTP: Microsoft Windows HTTP.sys Remote Code Execution (CVE-2015-1635) - TT # 21C00524 (IP=40,NL) | updated by CR Block expiration extended with reason HTTP: Microsoft Windows HTTP.sys Remote Code Execution (CVE-2015-1635) - 21C01187 (IP=40,NL) HTTP: M
185.142.236.43	32	RW	None	2021-01-20 00:00:00	2021-04-21 00:00:00	None	HTTP: Microsoft Windows HTTP.sys Remote Code Execution (CVE-2015-1635) - TT# 21C00418 (IP=43,NL)
185.142.239.16	32	srm	None	2021-05-17 00:00:00	2021-08-15 00:00:00	None	HTTP: Microsoft Windows HTTP.sys Remote Code Execution | updated by srm Block was inactive. Reactivated on 20210511 with reason Firepower Suspicious Scan Activity (IP=16,NL) Firepower Suspicious Scan Activity (IP=16,NL) | updated by srm Block expirat
185.142.239.16	32	RW	None	2020-10-10 00:00:00	2021-08-15 00:00:00	None	HTTP: Microsoft Windows HTTP.sys Remote Code Execution | updated by srm Block was inactive. Reactivated on 20210511 with reason Firepower Suspicious Scan Activity (IP=16,NL) Firepower Suspicious Scan Activity (IP=16,NL) | updated by srm Block expirat
185.142.239.16	32	srm	None	2021-05-11 00:00:00	2021-08-15 00:00:00	None	HTTP: Microsoft Windows HTTP.sys Remote Code Execution | updated by srm Block was inactive. Reactivated on 20210511 with reason Firepower Suspicious Scan Activity (IP=16,NL) Firepower Suspicious Scan Activity (IP=16,NL) | updated by srm Block expirat
185.142.239.168	32	RW	None	2021-03-24 00:00:00	2021-06-24 00:00:00	None	HTTP: Microsoft Windows HTTP.sys Remote Code Execution (CVE-2015-1635) - TT# 21C00751 (IP=168,NL)
185.143.172.0	22	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	RU Hive Case 4187 TO-S-2021-0898 Malicious Web Application Activity
185.143.204.0	22	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	IR TO-S-2020-0298 Malicious Email Activity
185.143.221.7	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	DE Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
185.143.45.138	32	BMP	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=138,US)
185.143.74.108	32	dbc	None	2020-09-01 00:00:00	2021-09-01 00:00:00	None	UK HIVE Case #3744 TO-S-2020-0772 Malicious Web Application Activity
185.143.74.49	32	dbc	None	2020-09-01 00:00:00	2021-09-01 00:00:00	None	UK HIVE Case #3744 TO-S-2020-0772 Malicious Web Application Activity
185.143.74.73	32	dbc	None	2020-09-01 00:00:00	2021-09-01 00:00:00	None	UK HIVE Case #3744 TO-S-2020-0772 Malicious Web Application Activity
185.143.74.93	32	dbc	None	2020-09-01 00:00:00	2021-09-01 00:00:00	None	UK HIVE Case #3744 TO-S-2020-0772 Malicious Web Application Activity
185.144.47.116	24	KD	None	2021-09-04 00:00:00	2021-12-03 00:00:00	None	HTTP: WordPress Portable php MyAdmin Plugin Authentication Bypass Vulnerability - Web Attacks (IP=116,FR)
185.145.128.35	32	dbc	None	2020-08-26 00:00:00	2021-08-26 00:00:00	None	NL TO-S-2020-0758 Malicious Web Application Activity
185.146.31.44	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
185.148.131.201	32	NAB	None	2021-04-05 00:00:00	2021-07-04 00:00:00	None	HIVE Case #5201 TO-S-21-1209 (IP=201,US)
185.148.131.6	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
185.148.72.170	32	jkc	None	2021-04-21 00:00:00	2021-10-21 00:00:00	None	Case # 5273 IOC_TO-S-2021-1233 Malicious callback IP
185.148.73.190	32	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	SI TO-S-2020-0315 Malicious Web Application Activity
185.149.112.215	32	dbc	None	2020-04-08 00:00:00	2021-04-08 00:00:00	None	US TO-S-2020-0419 Malware Activity
185.15.196.34	32	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	TR TO-S-2020-0315 Malicious Email Activity
185.150.190.103	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	US TO-S-2020-0493 Malware Activity
185.151.104.0	22	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	GB TO-S-2020-0303 Malicious Email Activity
185.151.117.86	24	EE	None	2021-04-02 00:00:00	2021-07-01 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=86,PL)
185.151.204.9	32	NAB	None	2021-01-07 00:00:00	2021-10-24 00:00:00	None	HIVE Case #NA FP Security (IP=9,DE) | updated by NAB Block was inactive. Reactivated on 20210726 with reason HIVE Case #NA FP Security (IP=9,DE)
185.151.240.0	22	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	RU TO-S-2020-0322 Malware Activity
185.151.28.62	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	GB TO-S-2020-0459 Malware Activity
185.151.29.127	32	dbc	None	2020-06-10 00:00:00	2021-06-10 00:00:00	None	Unaffiliated TO-S-2020-0601 Malicious Email Activity
185.153.151.21	32	jkc	None	2020-06-26 00:00:00	2021-06-26 00:00:00	None	Case # 3146 - IOC_ CTO 20-172 malicious callback IP (ip=21,IL)
185.153.180.63	32	CR	None	2019-06-25 00:00:00	2021-04-23 00:00:00	None	FTKNOX_HRC_GOARMY - TT# 19C02392 (IP=63,US) | updated by dbc Block was inactive. Reactivated on 20200423 with reason US TO-S-2020-0459 Malware Activity
185.153.180.64	32	RB	None	2019-07-20 00:00:00	2021-04-23 00:00:00	None	HTTP: Joomla HTTP Header - TT# 19C02614 (IP=64,US) | updated by dbc Block was inactive. Reactivated on 20200423 with reason US TO-S-2020-0459 Malware Activity
185.153.199.107	32	wmp	None	2021-05-27 00:00:00	2021-08-27 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=107,RU)
185.153.221.242	32	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	TR TO-S-2020-0838 Malicious Email Activity
185.154.129.248	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	TR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
185.154.53.145	24	BMP	None	2021-04-02 00:00:00	2021-07-01 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=145,RU)
185.156.40.0	22	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	UA TO-S-2020-0535 Malware Activity
185.156.73.0	24	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	RU TO-S-2020-0322 Malware Activity
185.158.172.0	24	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,IR)
185.158.250.239	24	EE	None	2021-06-29 00:00:00	2021-09-27 00:00:00	None	HIVE Case #5669 IOC_ Nobelium (IP=239,GB)
185.159.156.0	22	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	CH TO-S-2020-0331 Malware Activity
185.159.81.102	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	NL Hive Case 4187 TO-S-2021-0898 Malicious Web Application Activity
185.159.81.103	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	NL Hive Case 4187 TO-S-2021-0898 Malicious Web Application Activity
185.159.84.0	22	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	IR TO-S-2021-0941 Hive Case 4361 Malicious Web Application Activity
185.16.206.89	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	GB TO-S-2020-0493 Malware Activity
185.16.28.0	22	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	RU TO-S-2020-0322 Malware Activity
185.16.38.134	24	EE	None	2021-01-21 00:00:00	2021-04-22 00:00:00	None	Unauthorized Access-Probe - TT: 21C00422 & TT: 21C00424 (IP=134,IL)
185.16.38.151	24	EE	None	2021-02-06 00:00:00	2021-05-06 00:00:00	None	Unauthorized Access-Probe/UDP: Host Sweep - TT# 21C00471 (IP=4,IL)
185.16.38.164	24	FT	None	2021-02-22 00:00:00	2021-05-23 00:00:00	None	Unauthorized Access-Probe - TT# 21C00526 (IP=164,PL)
185.160.67.16	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	US TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
185.161.226.50	32	RB	None	2021-07-27 00:00:00	2021-10-25 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - Sourcefire (IP=50,AZ)
185.161.36.0	22	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	IR TO-S-2020-0298 Malicious Email Activity
185.162.130.155	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	NL Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
185.162.140.0	22	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	MD Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
185.162.235.137	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=137,NL)
185.162.235.167	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	Unaffiliated TO-S-2020-0698 Malicious Email Activity
185.162.235.197	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	NL TO-S-2020-0459 Malware Activity
185.162.235.76	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	NL TO-S-2020-0298 Malicious Email Activity
185.162.235.82	32	wmp	None	2021-04-29 00:00:00	2021-07-29 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=82,NL)
185.163.109.66	32	GM	None	2021-02-19 00:00:00	2021-05-19 00:00:00	None	HTTP: Microsoft Windows HTTP.sys Remote Code Execution (CVE-2015-1635) - TT# 21C00518 (IP=66,RO)
185.163.109.66	24	RB	None	2017-03-18 05:00:00	2021-12-22 00:00:00	None	ET POLICY Suspicious inbound to Oracle SQL port 1521 (IP=66,RO) | updated by jky with reason RO TO-S-2017-0826 Malicious acti | updated by RB with reason INDICATOR-SCAN DNS version.bind string information disclosure attempt_Sourcefire (IP=66,RO) | 201 | updated by ZH Block was inactive. Reactivated on 20210810 with reason HTTP: Microsoft Windows HTTP.sys Remote Code Execution (CVE-2015-1635) TT# 21C01539 (IP=66,RO) | updated by AR Block expiration extended with reason HTTP: Microsoft Windows HTTP.sys Remote Code Execution (CVE-2015-1635) - TT# 21C01924 (IP=66,RO)
185.164.33.0	24	dbc	None	2020-09-17 00:00:00	2021-09-17 00:00:00	None	BA TO-S-2020-0805 Malware Activity
185.164.72.0	22	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	IR TO-S-2020-0303 Malicious Email Activity
185.165.190.17	32	srm	None	2021-05-11 00:00:00	2021-08-30 00:00:00	None	Firepower Suspicious Scan Activity (IP=17,SC) | updated by ZH Block expiration extended with reason INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire Report (IP=17,US) INDICATOR-SCAN DNS version.bind string
185.165.190.17	32	ZH	None	2021-06-01 00:00:00	2021-08-30 00:00:00	None	Firepower Suspicious Scan Activity (IP=17,SC) | updated by ZH Block expiration extended with reason INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire Report (IP=17,US) INDICATOR-SCAN DNS version.bind string
185.165.241.12	32	RW	None	2021-05-14 00:00:00	2021-08-16 00:00:00	None	Unauthorized Access-Probe/UDP: Host Sweep - TT# 21C01176 (IP=12,NL) | updated by CR Block expiration extended with reason SUnauthorized Access-Probe/UDP: Host Sweep - TT# 21C01176 (IP=12,NL)
185.165.241.38	32	wmp	None	2021-05-04 00:00:00	2021-08-04 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=38,NL)
185.165.248.222	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	ES TO-S-2020-0459 Malware Activity
185.167.116.164	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	AU TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
185.167.98.154	32	wmp	None	2021-03-11 00:00:00	2021-06-11 00:00:00	None	ArcSight High Attacker (IP=154,NL)
185.168.173.122	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	IT TO-S-2020-0298 Malicious Email Activity
185.168.240.137	32	srm	None	2021-03-30 00:00:00	2021-06-30 00:00:00	None	Firepower Suspicious Scan Activity (IP=137,SE)
185.168.40.0	22	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	HR Hive Case 4187 TO-S-2021-0898 Malware Activity
185.169.52.171	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	TR TO-S-2020-0750 Malicious Email Activity
185.169.53.24	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=24,TR)
185.169.55.170	32	wmp	None	2020-09-22 00:00:00	2021-10-29 00:00:00	None	HIVE Case #3941 TO-S-2020-0821 COLS-NA-TIP-20-0298 (IP=170,TR) | updated by dbc Block expiration extended with reason TR Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
185.17.146.16	32	NAB	None	2021-04-05 00:00:00	2021-07-04 00:00:00	None	HIVE Case #5201 TO-S-21-1209 (IP=16,DE)
185.17.150.121	32	kmw	None	2020-01-02 00:00:00	2021-01-02 00:00:00	None	GB TO-S-2020-0228 Malicious Email Activity
185.17.20.19	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	IT TO-S-2020-0331 Malicious Web Application Activity
185.17.20.9	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	IT TO-S-2020-0303 Malicious Email Activity
185.17.42.51	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	PL TO-S-2021-1007 Malicious Email Activity
185.171.121.178	32	TLM	None	2021-07-29 00:00:00	2021-10-27 00:00:00	None	HIVE Case #5884 TO-S-2021-1435 (IP=178,US)
185.171.63.148	24	KD	None	2021-06-25 00:00:00	2021-09-24 00:00:00	None	Self Report/Account Creation Attempt - TT# 21C01367 (IP=148,AL)
185.171.90.188	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=188,TR)
185.172.0.0	22	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	IR TO-S-2020-0315 Malicious Email Activity
185.172.110.174	32	RW	None	2021-02-28 00:00:00	2021-05-28 00:00:00	None	Unauthorized Access-Probe / UDP: Host Sweep - TT# 21C00537 (IP=174,NL)
185.172.110.199	32	wmp	None	2021-06-29 00:00:00	2021-09-29 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=199,AU)
185.172.110.217	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	NL Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
185.172.110.240	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	NL Hive Case 4237 TO-S-2021-0910 Malware Activity
185.172.110.249	32	dbc	None	2020-05-22 00:00:00	2021-05-27 00:00:00	None	Unafilliated TO-S-2020-0559 Malicious Email Activity | updated by dbc Block expiration extended with reason Unafilliated TO-S-2020-0559.01 Malicious Email Activity
185.172.111.206	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	NL TO-S-2020-0698 unknown activity
185.172.111.225	32	dbc	None	2020-09-17 00:00:00	2021-09-17 00:00:00	None	NL TO-S-2020-0805 Malicious Email Activity
185.172.129.221	32	EE	None	2021-01-30 00:00:00	2021-04-30 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=221,US)
185.172.65.41	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	DE TO-S-2020-0298 Malicious Email Activity
185.173.35.13	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	DE Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
185.173.35.17	24	ZH	None	2021-06-01 00:00:00	2021-08-30 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire Report (IP=17,AU)
185.173.35.25	32	srm	None	2021-05-11 00:00:00	2021-08-09 00:00:00	None	Firepower Suspicious Scan Activity (IP=25,AU)
185.173.35.29	32	srm	None	2021-05-11 00:00:00	2021-08-09 00:00:00	None	Firepower Suspicious Scan Activity (IP=29,AU)
185.173.35.33	32	srm	None	2021-05-11 00:00:00	2021-08-09 00:00:00	None	Unauthorized Access-Probe - TT# 19C01988 (IP=33,US) | updated by GM with reason Unauthorized Access-Probe - 19C02602 (IP=33,US) | updated by srm Block was inactive. Reactivated on 20210511 with reason Firepower Suspicious Scan Activity (IP=33,AU) Fire
185.173.35.33	32	CR	None	2019-04-22 00:00:00	2021-08-09 00:00:00	None	Unauthorized Access-Probe - TT# 19C01988 (IP=33,US) | updated by GM with reason Unauthorized Access-Probe - 19C02602 (IP=33,US) | updated by srm Block was inactive. Reactivated on 20210511 with reason Firepower Suspicious Scan Activity (IP=33,AU) Fire
185.173.35.37	32	srm	None	2021-05-11 00:00:00	2021-08-09 00:00:00	None	Unauthorized Access-Probe - TT# 19C02017 (IP=37,DE) | updated by srm Block was inactive. Reactivated on 20210511 with reason Firepower Suspicious Scan Activity (IP=37,AU) Firepower Suspicious Scan Activity (IP=37,AU)
185.173.35.37	32	RB	None	2019-04-26 00:00:00	2021-08-09 00:00:00	None	Unauthorized Access-Probe - TT# 19C02017 (IP=37,DE) | updated by srm Block was inactive. Reactivated on 20210511 with reason Firepower Suspicious Scan Activity (IP=37,AU) Firepower Suspicious Scan Activity (IP=37,AU)
185.173.35.45	32	GM	None	2019-04-19 00:00:00	2021-08-09 00:00:00	None	Unauthorized Access-Probe 19C01962 (IP=45,US) | updated by srm Block was inactive. Reactivated on 20210511 with reason Firepower Suspicious Scan Activity (IP=45,AU) Firepower Suspicious Scan Activity (IP=45,AU)
185.173.35.45	32	srm	None	2021-05-11 00:00:00	2021-08-09 00:00:00	None	Unauthorized Access-Probe 19C01962 (IP=45,US) | updated by srm Block was inactive. Reactivated on 20210511 with reason Firepower Suspicious Scan Activity (IP=45,AU) Firepower Suspicious Scan Activity (IP=45,AU)
185.173.35.49	32	srm	None	2021-05-11 00:00:00	2021-08-09 00:00:00	None	Firepower Suspicious Scan Activity (IP=49,AU)
185.173.35.5	32	srm	None	2021-05-11 00:00:00	2021-08-09 00:00:00	None	Firepower Suspicious Scan Activity (IP=5,AU)
185.173.35.53	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	DE Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
185.173.35.61	32	srm	None	2021-05-11 00:00:00	2021-08-09 00:00:00	None	Unauthorized Access-Probe - TT# 19C01986 (IP=61,US) | updated by srm Block was inactive. Reactivated on 20210511 with reason Firepower Suspicious Scan Activity (IP=61,AU) Firepower Suspicious Scan Activity (IP=61,AU)
185.173.35.61	32	CR	None	2019-04-22 00:00:00	2021-08-09 00:00:00	None	Unauthorized Access-Probe - TT# 19C01986 (IP=61,US) | updated by srm Block was inactive. Reactivated on 20210511 with reason Firepower Suspicious Scan Activity (IP=61,AU) Firepower Suspicious Scan Activity (IP=61,AU)
185.173.35.9	32	srm	None	2021-05-11 00:00:00	2021-08-09 00:00:00	None	Firepower Suspicious Scan Activity (IP=9,AU)
185.174.195.128	24	GM	None	2020-11-01 00:00:00	2021-02-01 00:00:00	None	Generic URI Injection wget Attempt - FireEye CMS (IP=128,RU)
185.175.44.172	24	FT	None	2021-04-06 00:00:00	2021-07-05 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt (1:28556:3) - SourceFire (IP=172,RU)
185.175.93.0	24	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	RU TO-S-2020-0322 Malware Activity
185.177.153.31	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	ES TO-S-2020-0331 Malicious Email Activity
185.177.169.16	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	ES TO-S-2020-0459 Malware Activity
185.177.57.54	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	BG TO-S-2021-1007 Malicious Email Activity
185.177.59.164	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	BG TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
185.178.208.0	24	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	RU TO-S-2020-0322 Malware Activity
185.179.130.27	32	dbc	None	2020-03-24 00:00:00	2021-03-24 00:00:00	None	NO TO-S-2020-0369 Malicious Email Activity
185.18.236.136	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	NL TO-S-2020-0750 Malicious Email Activity
185.180.143.12	24	CR	None	2021-05-30 00:00:00	2021-08-28 00:00:00	None	SSLv2 Client Hello Request Detected - IPS Events (IP=12,PT)
185.180.196.0	22	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,NL)
185.180.222.154	24	EE	None	2021-03-15 00:00:00	2021-06-13 00:00:00	None	SQL injection - Web Attack (IP=154,NL)
185.180.229.0	24	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	RU TO-S-2021-0989 Hive Case # 4493 Malicious Web Application Activity
185.180.91.252	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	HU Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
185.181.124.16	32	NAB	None	2020-10-30 00:00:00	2021-01-28 00:00:00	None	HIVE Case #4238 COLS-NA-TIP-20-0344 (IP=16,GB)
185.181.180.0	22	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,IR)
185.181.228.0	22	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	MD TO-S-2021-1007 Malicious Email Activity
185.181.228.186	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	MD TO-S-2020-0698 Malicious Email Activity
185.181.43.103	24	RB	None	2021-05-15 00:00:00	2021-08-13 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Sourcefire (IP=103,MD)
185.181.52.0	22	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	IQ TO-S-2020-0331 Malicious Web Application Activity
185.181.61.37	24	BMP	None	2021-02-16 00:00:00	2021-05-15 00:00:00	None	SERVER-WEBAPP Oracle Glassfish unauthenticated directory traversal attempt - 6hr Web Attacks (IP=37,NO)
185.182.56.104	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	NL TO-S-2020-0459 Malware Activity
185.182.56.107	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=107,NL)
185.182.56.163	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	NL TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
185.182.56.170	32	dbc	None	2020-09-17 00:00:00	2021-09-17 00:00:00	None	NL TO-S-2020-0805 Malicious Email Activity
185.182.56.175	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	NL TO-S-2020-0459 Malware Activity
185.182.56.177	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	NL TO-S-2020-0459 Malware Activity
185.182.56.183	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	NL Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
185.182.56.186	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	NL TO-S-2020-0459 Malware Activity
185.182.56.190	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=190,NL)
185.182.56.216	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	NL TO-S-2020-0459 Malware Activity
185.182.56.217	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	NL TO-S-2020-0459 Malware Activity
185.182.57.79	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	NL TO-S-2020-0459 Malware Activity
185.182.58.12	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	NL TO-S-2020-0459 Malware Activity
185.182.58.19	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	NL TO-S-2020-0459 Malware Activity
185.182.58.23	32	dbc	None	2020-09-17 00:00:00	2021-09-17 00:00:00	None	NL TO-S-2020-0805 Malicious Email Activity
185.183.106.3	24	UA	None	2021-07-11 00:00:00	2021-10-09 00:00:00	None	SQL injection - Web Attacks (IP=3,ES)
185.183.180.146	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	ES TO-S-2020-0331 Malicious Web Application Activity
185.184.221.244	32	dbc	None	2020-09-17 00:00:00	2021-09-17 00:00:00	None	UA TO-S-2020-0805 Malicious Email Activity
185.184.25.78	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=78,TR)
185.184.70.54	32	RR	None	2020-10-22 00:00:00	2021-01-20 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=54,US)
185.184.79.0	24	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	RU TO-S-2020-0322 Malware Activity
185.186.191.122	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	ES TO-S-2020-0331 Malicious Web Application Activity
185.186.244.62	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	NL TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
185.186.244.62	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	NL TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
185.186.244.62	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	NL TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
185.186.48.0	22	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	IR TO-S-2020-0298 Malicious Email Activity
185.187.71.22	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	ES TO-S-2020-0298 Malicious Email Activity
185.188.8.203	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	ES TO-S-2020-0331 Malicious Web Application Activity
185.189.112.228	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	HIVE Case #3650 COLS-NA-TIP-20-0271 (IP=228,DE)
185.189.115.103	24	EE	None	2021-02-15 00:00:00	2021-05-15 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6 HR Web Attacks (IP=103,CZ)
185.189.115.54	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	CZ TO-S-2020-0303 Malicious Reconnaissance Activity
185.19.84.0	22	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	CH TO-S-2020-0315 Malicious Web Application Activity
185.190.132.31	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	AL Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
185.191.124.143	32	DT	None	2021-03-14 00:00:00	2021-06-14 00:00:00	None	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00691 (IP=143,HK)
185.191.124.151	24	RB	None	2021-05-15 00:00:00	2021-08-13 00:00:00	None	SQL injection - 6hr web attacks (IP=151,SC)
185.191.124.151	32	GM	None	2021-03-09 00:00:00	2021-06-07 00:00:00	None	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00645 (IP=151,NL)
185.191.124.152	32	DT	None	2021-03-14 00:00:00	2021-06-14 00:00:00	None	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00678 (IP=152,NL)
185.191.124.153	32	RW	None	2021-03-10 00:00:00	2021-06-10 00:00:00	None	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00663 (IP=153,SC)
185.191.171.1	24	wmp	None	2021-06-09 00:00:00	2021-09-07 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=1,GB)
185.191.171.1	24	wmp	None	2021-06-09 00:00:00	2021-09-07 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=1,GB)
185.191.171.10	24	wmp	None	2021-02-12 00:00:00	2021-05-12 00:00:00	None	Imperva Suspicious Scan Activity (IP=10,GB)
185.191.171.17	32	wmp	None	2021-05-27 00:00:00	2021-08-27 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=17,GB)
185.191.171.21	32	wmp	None	2021-05-27 00:00:00	2021-08-27 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=21,GB)
185.191.171.3	32	wmp	None	2021-06-02 00:00:00	2021-09-02 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=3,GB)
185.191.171.34	32	wmp	None	2021-02-11 00:00:00	2021-05-11 00:00:00	None	Imperva Suspicious Scan Activity (IP=34,NL)
185.191.171.44	32	wmp	None	2021-06-02 00:00:00	2021-09-02 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=44,GB)
185.191.204.155	24	GM	None	2021-02-02 00:00:00	2021-05-02 00:00:00	None	SERVER-WEBAPP JBoss admin-console access - Web Attacks (IP=155,IL)
185.191.34.210	32	wmp	None	2021-04-15 00:00:00	2021-07-15 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=210,RU)
185.191.34.210	24	EE	None	2021-04-15 00:00:00	2021-07-14 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt (1:28556:3) Sourcefire (IP=210,RU)
185.193.24.0	22	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	LT TO-S-2020-0750 Malicious Email Activity
185.193.38.135	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	FR TO-S-2020-0698 Malicious Web Application Activity
185.193.38.139	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	DE TO-S-2020-0298 Malware Activity
185.193.38.201	32	dbc	None	2020-09-23 00:00:00	2021-09-23 00:00:00	None	FR TO-S-2020-0826 Hive Case 3950 Malicious Email Activity
185.193.91.250	32	wmp	None	2021-01-27 00:00:00	2021-04-27 00:00:00	None	Firepower Suspicious Scan Activity (IP=250,RU)
185.194.237.38	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	DE Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
185.195.24.0	22	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	RU TO-S-2020-0838 Malware Activity
185.195.48.183	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	TR TO-S-2020-0298 Malicious Email Activity
185.196.182.109	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	AL TO-S-2020-0298 Malicious Email Activity
185.196.182.18	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	AL Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
185.196.182.65	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	AL TO-S-2020-0298 Malicious Email Activity
185.196.212.0	22	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	UZ TO-S-2020-0459 Malware Activity
185.197.125.2	32	dbc	None	2020-05-22 00:00:00	2021-05-27 00:00:00	None	Unafilliated TO-S-2020-0559 Malicious Email Activity | updated by dbc Block expiration extended with reason Unafilliated TO-S-2020-0559.01 Malicious Email Activity
185.197.141.206	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	IT TO-S-2020-0331 Malicious Web Application Activity
185.197.75.239	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	NL TO-S-2020-0331 Malicious Web Application Activity
185.197.75.80	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	NL TO-S-2020-0298 Malicious Email Activity
185.198.10.7	24	BMP	None	2021-04-30 00:00:00	2021-07-29 00:00:00	None	APP-DETECT Steam game URI handler (1:24397:4) - SourceFire (IP=7,SE)
185.198.124.34	32	wmp	None	2021-04-27 00:00:00	2021-07-27 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=34,TR)
185.198.126.10	32	wmp	None	2021-06-22 00:00:00	2021-09-22 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=10,TR)
185.198.57.174	32	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	NL TO-S-2020-0315 Malware Activity
185.198.58.45	24	RR	None	2021-03-30 00:00:00	2021-06-28 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt -SourceFire (IP=45,RO)
185.199.110.153	32	srm	None	2020-12-04 00:00:00	2021-03-04 00:00:00	None	HIVE Case #4467 COLS-NA-TIP-20-0390 (IP=153,US)
185.199.111.153	32	NAB	None	2020-10-30 00:00:00	2021-01-28 00:00:00	None	HIVE Case #4238 COLS-NA-TIP-20-0344 (IP=153,US)
185.199.220.102	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	GB TO-S-2021-1007 Malicious Email Activity
185.199.26.162	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	IT TO-S-2020-0493 Malware Activity
185.2.5.33	32	dbc	None	2020-06-08 00:00:00	2021-06-08 00:00:00	None	Unafiliated TO-S-2020-0592 Malicious Email Activity
185.2.5.77	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	IT TO-S-2020-0750 Malicious Email Activity
185.2.6.5	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	IT Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
185.20.132.0	22	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	RU TO-S-2020-0331 Malicious Web Application Activity
185.20.209.0	24	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	CH TO-S-2020-0322 Malware Activity
185.200.117.142	24	EE	None	2021-02-15 00:00:00	2021-05-15 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6 HR Web Attacks (IP=142,SG)
185.200.118.35	32	dbc	None	2020-06-10 00:00:00	2021-06-10 00:00:00	None	Unaffiliated TO-S-2020-0601 Malicious Email Activity
185.200.118.37	32	dbc	None	2020-06-10 00:00:00	2021-06-10 00:00:00	None	Unaffiliated TO-S-2020-0601 Malicious Email Activity
185.200.118.39	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	GB TO-S-2020-0459 Malware Activity
185.200.118.41	32	dbc	None	2020-06-10 00:00:00	2021-06-10 00:00:00	None	Unaffiliated TO-S-2020-0601 Malicious Email Activity
185.200.118.43	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	GB TO-S-2020-0459 Malware Activity
185.200.118.44	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	GB TO-S-2020-0459 Malware Activity
185.200.118.48	32	dbc	None	2020-06-10 00:00:00	2021-06-10 00:00:00	None	Unaffiliated TO-S-2020-0601 Malicious Email Activity
185.200.118.49	32	dbc	None	2020-06-10 00:00:00	2021-06-10 00:00:00	None	US TO-S-2020-0601 Malicious Email Activity
185.200.118.50	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	GB TO-S-2020-0459 Malware Activity
185.200.118.51	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	GB TO-S-2020-0459 Malware Activity
185.200.118.58	32	dbc	None	2020-06-10 00:00:00	2021-06-10 00:00:00	None	Unaffiliated TO-S-2020-0601 Malicious Email Activity
185.200.118.66	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	GB TO-S-2020-0459 Malware Activity
185.200.118.67	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	GB TO-S-2020-0459 Malware Activity
185.200.118.70	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	GB TO-S-2020-0459 Malware Activity
185.200.118.72	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	GB TO-S-2020-0459 Malware Activity
185.200.118.74	32	dbc	None	2020-06-10 00:00:00	2021-06-10 00:00:00	None	Unaffiliated TO-S-2020-0601 Malicious Email Activity
185.200.118.76	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	GB TO-S-2020-0459 Malware Activity
185.200.118.77	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	GB TO-S-2020-0459 Malware Activity
185.200.118.80	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	GB TO-S-2020-0459 Malware Activity
185.200.118.82	32	dbc	None	2020-06-10 00:00:00	2021-06-10 00:00:00	None	Unaffiliated TO-S-2020-0601 Malicious Email Activity
185.200.118.84	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	GB TO-S-2020-0459 Malware Activity
185.200.118.86	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	GB TO-S-2020-0459 Malware Activity
185.200.118.88	32	dbc	None	2020-06-10 00:00:00	2021-06-10 00:00:00	None	Unaffiliated TO-S-2020-0601 Malicious Email Activity
185.200.118.89	32	dbc	None	2020-06-10 00:00:00	2021-06-10 00:00:00	None	Unaffiliated TO-S-2020-0601 Malicious Email Activity
185.200.45.121	32	TLM	None	2021-06-10 00:00:00	2021-12-10 00:00:00	None	HIVE CASE #5606 TO-S-2021-1338
185.201.10.1	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
185.201.10.74	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	US TO-S-2020-0698 Malicious Email Activity
185.201.10.89	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	US TO-S-2020-0493 Malware Activity
185.201.11.139	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
185.201.11.91	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	US TO-S-2020-0493 Malware Activity
185.201.11.97	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	US TO-S-2020-0493 Malware Activity
185.202.1.169	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	FR TO-S-2021-0876 Hive Case 4166 Malicious Web Application Activity
185.202.1.196	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	FR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
185.202.1.20	32	dbc	None	2020-06-10 00:00:00	2021-06-10 00:00:00	None	Unaffiliated TO-S-2020-0601 Malicious Email Activity
185.202.1.204	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	FR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
185.202.1.85	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	FR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
185.202.130.10	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	IT TO-S-2020-0331 Malicious Web Application Activity
185.202.130.4	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	IT TO-S-2020-0303 Malicious Email Activity
185.202.130.8	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	IT Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
185.202.2.147	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	FR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
185.202.245.22	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	IT TO-S-2020-0331 Malicious Web Application Activity
185.203.116.28	32	NAB	None	2021-05-11 00:00:00	2021-11-11 00:00:00	None	HIVE Case #5422 DARKSIDE Ransomware (IP=28,BG)
185.203.116.7	32	NAB	None	2021-05-11 00:00:00	2021-11-11 00:00:00	None	HIVE Case #5422 DARKSIDE Ransomware (IP=7,BG)
185.203.117.159	32	NAB	None	2021-05-11 00:00:00	2021-11-11 00:00:00	None	HIVE Case #5422 DARKSIDE Ransomware (IP=159,BG)
185.203.117.18	24	KD	None	2021-06-10 00:00:00	2021-09-09 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt- Web Attacks (IP=18,CY)
185.203.236.0	22	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	RU TO-S-2020-0698 Malicious Email Activity
185.203.240.129	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	NL Hive Case 4237 TO-S-2021-0910 Malware Activity
185.204.156.0	22	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	RU TO-S-2020-0303 Malicious Email Activity
185.205.12.216	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	US Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
185.205.204.128	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	GB TO-S-2020-0459 Malware Activity
185.205.236.0	22	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	UA TO-S-2020-0331 Malicious Web Application Activity
185.206.200.0	22	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	LB TO-S-2020-0303 Malicious Email Activity
185.206.214.72	32	jkc	None	2020-06-26 00:00:00	2021-06-26 00:00:00	None	Case # 3146 - IOC_ CTO 20-172 malicious callback IP (ip=72,NL)
185.206.225.154	32	dbc	None	2020-06-08 00:00:00	2021-06-08 00:00:00	None	NO TO-S-2020-0592 Malware Activity
185.206.225.173	32	dbc	None	2020-06-08 00:00:00	2021-06-08 00:00:00	None	NO TO-S-2020-0592 Malware Activity
185.206.236.0	22	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	IR TO-S-2020-0298 Malicious Email Activity
185.207.205.57	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	NL TO-S-2020-0303 Malicious Reconnaissance Activity
185.207.37.116	32	dbc	None	2020-09-23 00:00:00	2021-09-23 00:00:00	None	TR TO-S-2020-0826 Hive Case 3950 Malicious Email Activity
185.207.38.108	32	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	TR TO-S-2020-0838 Malicious Email Activity
185.208.226.142	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	HU TO-S-2021-0876 Hive Case 4166 Malware Activity
185.21.102.54	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	DE Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
185.210.39.125	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	PL Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
185.210.93.19	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	TR TO-S-2020-0535 Malware Activity
185.211.58.0	24	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	IR Hive Case 4237 TO-S-2021-0910 Malicious Web Application Activity
185.211.69.170	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	ES TO-S-2020-0303 Malicious Email Activity
185.211.70.70	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	ES TO-S-2020-0303 Malicious Email Activity
185.212.128.203	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	NL TO-S-2021-1007 Malicious Email Activity
185.212.130.27	32	TLM	None	2021-06-10 00:00:00	2021-12-10 00:00:00	None	HIVE CASE #5606 TO-S-2021-1338
185.212.131.16	32	dbc	None	2020-03-24 00:00:00	2021-03-24 00:00:00	None	NL TO-S-2020-0369 Malicious Email Activity
185.213.51.167	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	ES TO-S-2020-0331 Malicious Web Application Activity
185.214.10.114	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	NL Hive Case 4187 TO-S-2021-0898 Malicious Web Application Activity
185.214.10.25	24	RR	None	2021-06-13 00:00:00	2021-09-11 00:00:00	None	SERVER-OTHER Cisco IOS truncated NTP packet processing denial of service attempt - Web Attacks (IP=25,NL)
185.214.165.113	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=113,DK)
185.214.165.43	32	dbc	None	2020-09-23 00:00:00	2021-09-23 00:00:00	None	DK TO-S-2020-0826 Hive Case 3950 Malicious Email Activity
185.215.113.47	24	RR	None	2021-06-20 00:00:00	2021-09-18 00:00:00	None	SQL injection - Web Attacks (IP=47,GB)
185.215.214.176	24	RR	None	2021-05-24 00:00:00	2021-08-22 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=176,GB)
185.215.224.168	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
185.216.113.5	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=5,TR)
185.216.113.60	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	TR TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
185.216.113.72	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=72,TR)
185.216.119.0	24	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	HK Hive Case 4187 TO-S-2021-0898 Malicious Web Application Activity
185.216.132.162	24	SW	None	2021-09-17 00:00:00	2021-12-16 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - WebAttacks (IP=162, SY)
185.216.132.162	24	SW	None	2021-09-17 00:00:00	2021-12-16 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - WebAttacks (IP=162, SY)
185.216.140.146	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	NL Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
185.216.140.185	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	NL Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
185.216.140.43	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	NL TO-S-2020-0298 Malicious Email Activity
185.216.140.6	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	NL Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
185.216.176.232	32	wmp	None	2021-04-28 00:00:00	2021-07-28 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=232,DE)
185.216.211.93	32	srm	None	2021-03-30 00:00:00	2021-06-30 00:00:00	None	Firepower Suspicious Scan Activity (IP=93,LT)
185.217.160.0	22	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	IR TO-S-2020-0298 Malicious Email Activity
185.217.232.26	32	wmp	None	2021-05-10 00:00:00	2021-08-10 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=26,CZ)
185.218.190.207	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	ES Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
185.219.132.211	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	TR TO-S-2020-0750 Malicious Email Activity
185.219.168.0	24	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	CZ TO-S-2021-0876 Hive Case 4166 Malicious Web Application Activity
185.219.221.15	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	DE TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
185.219.221.73	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	DE Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
185.22.108.18	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	FR TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
185.22.152.0	22	dbc	None	2020-03-24 00:00:00	2021-03-24 00:00:00	None	RU TO-S-2020-0369 Malicious Email Activity
185.220.100.240	24	RB	None	2021-05-15 00:00:00	2021-08-13 00:00:00	None	SQL injection - 6hr web attacks (IP=240,DE)
185.220.100.241	24	RB	None	2021-05-15 00:00:00	2021-08-13 00:00:00	None	SQL injection - 6hr web attacks (IP=241,DE)
185.220.100.247	24	RB	None	2021-05-15 00:00:00	2021-08-13 00:00:00	None	SQL injection - 6hr web attacks (IP=247,DE)
185.220.100.248	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	DE TO-S-2021-1007 Malware Activity
185.220.101.131	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	DE TO-S-2021-1007 Malware Activity
185.220.101.134	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	DE TO-S-2021-1007 Malware Activity
185.220.101.143	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	DE TO-S-2021-1007 Malware Activity
185.220.101.146	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	DE TO-S-2021-1007 Malware Activity
185.220.101.16	32	FT	None	2021-01-29 00:00:00	2021-04-29 00:00:00	None	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00447 (IP=16,DE)
185.220.101.2	24	FT	None	2021-01-29 00:00:00	2021-04-29 00:00:00	None	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00444 (IP=2,DE)
185.220.101.206	32	NAB	None	2021-05-04 00:00:00	2021-11-04 00:00:00	None	HIVE Case #5344 TO-S-21-1245 (IP=206,DE)
185.220.101.5	24	FT	None	2021-01-29 00:00:00	2021-04-29 00:00:00	None	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00445 (IP=5,DE)
185.220.101.73	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	NL TO-S-2020-0331 Malware Activity
185.220.102.244	32	GM	None	2021-03-09 00:00:00	2021-06-07 00:00:00	None	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00637 (IP=244,DE)
185.220.102.247	32	GM	None	2021-03-09 00:00:00	2021-06-07 00:00:00	None	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00641 (IP=247,DE)
185.220.102.250	32	RW	None	2021-03-10 00:00:00	2021-06-10 00:00:00	None	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00664 (IP=250,DE)
185.220.102.6	32	RW	None	2021-03-10 00:00:00	2021-06-10 00:00:00	None	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00664 (IP=6,DE)
185.220.102.7	32	RW	None	2021-03-10 00:00:00	2021-06-10 00:00:00	None	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00664 (IP=7,DE)
185.220.102.8	24	RB	None	2021-05-15 00:00:00	2021-08-13 00:00:00	None	SQL injection - 6hr web attacks (IP=8,DE)
185.220.152.47	32	RR	None	2020-12-23 00:00:00	2021-03-23 00:00:00	None	Suspicious Traffic - TT# 21C00371 (IP=47,TR)
185.220.152.65	32	RR	None	2020-12-23 00:00:00	2021-03-23 00:00:00	None	Suspicious Traffic - TT# 21C00370 (IP=65,TR)
185.220.205.213	24	WR	None	2021-08-19 00:00:00	2021-11-17 00:00:00	None	ReputationDV Malware Event - TT# 21C01578 (IP=213,NL)
185.221.152.0	22	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	RU TO-S-2020-0322 Malware Activity
185.221.172.71	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	IT Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
185.221.174.36	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	IT TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
185.221.202.36	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=36,NL)
185.221.216.4	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	US TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
185.221.216.79	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	US TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
185.222.209.34	32	dbc	None	2020-03-24 00:00:00	2021-03-24 00:00:00	None	Unaffiliated TO-S-2020-0369 Malware Activity
185.222.209.54	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	GB TO-S-2020-0331 Malicious Web Application Activity
185.222.57.200	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	NL TO-S-2020-0459 Malicious Email Activity
185.222.58.152	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	NL TO-S-2020-0303 Malicious Email Activity
185.223.95.103	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	NL Hive Case 4187 TO-S-2021-0898 Malicious Web Application Activity
185.223.95.186	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	NL Hive Case 4187 TO-S-2021-0898 Malicious Web Application Activity
185.224.112.175	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	CZ TO-S-2020-0298 Malicious Email Activity
185.224.129.249	32	TLM	None	2021-06-17 00:00:00	2021-12-17 00:00:00	None	HIVE Case #5644 TO-S-2021-1352 (IP=249,NL)
185.224.134.0	24	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5637 TO-S-2021-1321 (IP=0,NL)
185.224.137.164	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	NL TO-S-2020-0331 Malicious Web Application Activity
185.224.138.134	32	dbc	None	2020-06-08 00:00:00	2021-06-08 00:00:00	None	NL TO-S-2020-0592 Malware Activity
185.224.138.182	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	NL TO-S-2020-0459 Malware Activity
185.224.138.19	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	NL TO-S-2020-0459 Malware Activity
185.224.138.194	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	NL TO-S-2020-0459 Malware Activity
185.224.170.2	24	BMP	None	2021-05-26 00:00:00	2021-08-26 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr Web Attacks (IP=2,NL) | updated by RR Block expiration extended with reason HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=2,NL)
185.226.232.46	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	ES TO-S-2020-0698 Malware Activity
185.226.90.201	24	BMP	None	2021-06-08 00:00:00	2021-09-06 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6hr Failed Logons (IP=201,AL)
185.227.138.68	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	TR TO-S-2020-0303 Malicious Email Activity
185.227.153.228	32	RW	None	2020-10-20 00:00:00	2021-01-20 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 21C00167 (IP=228,HK)
185.228.141.74	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=74,PL)
185.229.144.22	24	DT	None	2020-08-20 00:00:00	2021-05-11 00:00:00	None	Malicious Malware - Case 3436 (IP=22,DK) | updated by BMP Block was inactive. Reactivated on 20210512 with reason Malicious Malware - Case 3436 (IP=22,DK)
185.229.190.141	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	NL TO-S-2020-0303 Malicious Web Application Activity
185.23.200.159	24	GM	None	2021-01-03 00:00:00	2021-04-03 00:00:00	None	SERVER-WEBAPP vBulletin pre-authenticated command injection attempt - Sourcefire (IP=159,HK)
185.23.200.64	24	WR	None	2021-05-19 00:00:00	2021-08-17 00:00:00	None	SERVER-WEBAPP vBulletin pre-authenticated command injection attempt - 6hr web attacks (IP=64,PL)
185.23.200.64	24	SW	None	2021-05-19 00:00:00	2021-08-17 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt (IP=64,HK)
185.23.214.187	32	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	NL TO-S-2020-0838 Malicious Web Application Activity
185.230.125.181	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	CH TO-S-2020-0459 Malware Activity
185.230.125.38	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	CH TO-S-2020-0493 Malware Activity
185.230.126.24	32	RW	None	2020-10-30 00:00:00	2021-01-30 00:00:00	None	HTTP: Apache Struts OGNL Code Execution - TT# 21C00202 (IP=24,US)
185.230.160.252	32	srm	None	2021-02-02 00:00:00	2021-05-03 00:00:00	None	Firepwer Suspicious Scan Activity (IP=252,DE)
185.230.60.97	32	dbc	None	2020-06-08 00:00:00	2021-06-08 00:00:00	None	US TO-S-2020-0592 Malicious Email Activity
185.230.61.211	32	TLM	None	2021-07-29 00:00:00	2021-10-27 00:00:00	None	HIVE Case #5884 TO-S-2021-1435 (IP=211,US)
185.230.62.169	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	IE TO-S-2020-0331 Malicious Email Activity
185.230.80.237	24	AR	None	2021-09-10 00:00:00	2021-12-09 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt (1:46316:5) - SourceFire (IP=129,IT)
185.231.153.0	24	dbc	None	2020-03-24 00:00:00	2021-03-24 00:00:00	None	RU TO-S-2020-0369 Malicious Email Activity
185.231.200.230	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	NL TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
185.231.246.219	24	BMP	None	2021-06-02 00:00:00	2021-08-31 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt (1:28556:3) - SourceFire (IP=219,RU)
185.232.14.14	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=14,DE)
185.232.64.121	24	EE	None	2021-02-15 00:00:00	2021-08-15 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt (1:28556:3) - SourceFire (IP=121,RO) | updated by RW Block was inactive. Reactivated on 20201106 with reason PROTOCOL-DNS DNS query amplification attempt - Sourcefire (IP=121,EU) | updated by EE Block was i
185.232.64.121	24	RW	None	2021-03-13 00:00:00	2021-08-15 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt (1:28556:3) - SourceFire (IP=121,RO) | updated by RW Block was inactive. Reactivated on 20201106 with reason PROTOCOL-DNS DNS query amplification attempt - Sourcefire (IP=121,EU) | updated by EE Block was i
185.232.64.121	24	RB	None	2021-05-17 00:00:00	2021-08-15 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt (1:28556:3) - SourceFire (IP=121,RO) | updated by RW Block was inactive. Reactivated on 20201106 with reason PROTOCOL-DNS DNS query amplification attempt - Sourcefire (IP=121,EU) | updated by EE Block was i
185.232.64.121	24	KF	None	2020-06-22 00:00:00	2021-08-15 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt (1:28556:3) - SourceFire (IP=121,RO) | updated by RW Block was inactive. Reactivated on 20201106 with reason PROTOCOL-DNS DNS query amplification attempt - Sourcefire (IP=121,EU) | updated by EE Block was i
185.232.69.2	32	wmp	None	2021-03-09 00:00:00	2021-06-09 00:00:00	None	ArcSight ESM High Attacker (IP=2,AT)
185.232.92.94	32	wmp	None	2021-03-09 00:00:00	2021-06-09 00:00:00	None	Firepower Suspicious Scan Activity (IP=94,HK)
185.233.118.211	24	RW	None	2021-03-31 00:00:00	2021-06-30 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=211,UA)
185.233.184.0	22	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	RU Hive Case 4237 TO-S-2021-0910 Malware Activity
185.233.186.19	32	NAB	None	2020-10-30 00:00:00	2021-01-28 00:00:00	None	HIVE Case #4238 COLS-NA-TIP-20-0344 (IP=19,GB)
185.234.216.198	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	PL Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
185.234.216.20	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	IE TO-S-2020-0298 Malware Activity
185.234.217.175	32	dbc	None	2020-06-08 00:00:00	2021-06-08 00:00:00	None	IE TO-S-2020-0592 Malware Activity
185.234.217.183	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	PL Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
185.234.217.216	24	GM	None	2020-12-20 00:00:00	2021-03-20 00:00:00	None	SERVER-APACHE Apache Tomcat remote JSP file upload attempt - Sourcefire (IP=216,PL)
185.234.217.216	24	GM	None	2020-12-20 00:00:00	2021-03-20 00:00:00	None	SERVER-APACHE Apache Tomcat remote JSP file upload attempt - Sourcefire (IP=216,PL)
185.234.217.88	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	PL Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
185.234.219.28	24	RR	None	2020-12-22 00:00:00	2021-03-22 00:00:00	None	SERVER-APACHE Apache Tomcat remote JSP file upload attempt - SourceFire (IP=28,IL)
185.234.72.242	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=242,DE)
185.235.176.130	32	TLM	None	2021-06-17 00:00:00	2021-12-17 00:00:00	None	HIVE Case #5644 TO-S-2021-1352 (IP=130,NL)
185.236.11.13	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=13,NL)
185.236.11.34	24	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	TCP: SYN Host Sweep (IP=34,SC)
185.236.201.210	24	BMP	None	2021-02-16 00:00:00	2021-05-15 00:00:00	None	SERVER-WEBAPP Cisco Ultra Services Framework command injection attempt - 6hr Web Attacks (IP=210,CN)
185.236.201.83	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	CH TO-S-2020-0459 Malware Activity
185.236.203.247	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	DK TO-S-2020-0303 Malicious Reconnaissance Activity
185.237.144.62	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=62,DE)
185.238.0.233	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	NL Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
185.238.171.253	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	NL Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
185.238.3.76	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	NL Hive Case 4187 TO-S-2021-0898 Malicious Web Application Activity
185.238.47.0	24	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	IR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
185.238.73.207	24	BMP	None	2021-06-03 00:00:00	2021-09-01 00:00:00	None	SSH2 Failed Login Attempt - 6hr Failed Logons (IP=207,PL)
185.238.74.119	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=119,PL)
185.239.106.54	24	RW	None	2021-03-13 00:00:00	2021-06-13 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=54,IR)
185.239.236.66	24	RW	None	2021-05-08 00:00:00	2021-08-08 00:00:00	None	SERVER-APACHE Apache Struts remote code execution attempt - POST parameter - Sourcefire (IP=66,DE)
185.239.242.104	32	wmp	None	2021-01-29 00:00:00	2021-04-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=104,MD)
185.239.242.158	32	wmp	None	2021-01-29 00:00:00	2021-04-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=158,MD)
185.239.242.162	32	wmp	None	2021-01-19 00:00:00	2021-04-19 00:00:00	None	Suspicious Scan Activity (IP=162,MD)
185.239.242.178	24	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepwer Suspicious Scan Activity (IP=178,MD)
185.239.242.85	32	RW	None	2020-10-11 00:00:00	2021-01-11 00:00:00	None	Unauthorized Access-Probe / UDP: Host Sweep - TT# 21C00096 (IP=85,US)
185.239.243.32	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=32,US)
185.24.233.170	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	IE TO-S-2020-0303 Malicious Email Activity
185.241.236.206	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	ES TO-S-2020-0303 Malicious Email Activity
185.241.43.199	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	HK Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
185.241.53.179	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	NL Hive Case 4237 TO-S-2021-0910 Malware Activity
185.242.104.0	22	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	RU TO-S-2020-0303 Malicious Reconnaissance Activity
185.242.105.116	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	GB TO-S-2020-0698 Malicious Email Activity
185.242.7.7	24	DT	None	2021-02-04 00:00:00	2021-05-04 00:00:00	None	SQL injection - 6hr Web Attacks (IP=7,UK)
185.243.112.5	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	NL TO-S-2020-0331 Malware Activity
185.243.115.60	32	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	NL TO-S-2020-0315 Malware Activity
185.243.193.7	32	dbc	None	2020-03-24 00:00:00	2021-03-24 00:00:00	None	US TO-S-2020-0369 Malicious Email Activity
185.243.214.107	32	NAB	None	2021-05-11 00:00:00	2021-11-11 00:00:00	None	HIVE Case #5422 DARKSIDE Ransomware (IP=107,GR)
185.243.48.0	22	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	IR TO-S-2020-0331 Malicious Web Application Activity
185.244.212.0	24	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	AT Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
185.244.215.100	32	dbc	None	2020-06-10 00:00:00	2021-06-10 00:00:00	None	US TO-S-2020-0601 Malicious Reconnaissance Activity
185.244.28.0	22	dbc	None	2020-03-24 00:00:00	2021-03-24 00:00:00	None	SE TO-S-2020-0369 Malicious Email Activity
185.244.38.214	32	GM	None	2021-02-24 00:00:00	2021-06-24 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=214,US)
185.244.39.117	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	NL TO-S-2021-1007 Malware Activity
185.244.39.58	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	NL TO-S-2021-1007 Malware Activity
185.245.85.182	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	SK TO-S-2020-0303 Malicious Reconnaissance Activity
185.246.152.154	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	NL Hive Case 4187 TO-S-2021-0898 Malicious Web Application Activity
185.246.176.122	32	srm	None	2021-01-29 00:00:00	2021-04-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=122,ES)
185.246.207.52	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	PL TO-S-2020-0298 Malicious Email Activity
185.247.224.14	24	RB	None	2021-05-15 00:00:00	2021-08-13 00:00:00	None	SQL injection - 6hr web attacks (IP=14,SC)
185.247.224.14	32	GM	None	2021-03-09 00:00:00	2021-06-07 00:00:00	None	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00619 (IP=14,RO)
185.248.140.12	24	DT	None	2021-09-11 00:00:00	2021-12-10 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=12,DE)
185.248.160.44	32	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	NL TO-S-2020-0315 Malware Activity
185.248.160.99	32	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	NL TO-S-2020-0315 Malware Activity
185.25.116.0	22	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	UA TO-S-2020-0331 Malicious Web Application Activity
185.25.176.0	22	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	RU Hive Case 4237 TO-S-2021-0910 Malware Activity
185.25.23.64	32	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	GR TO-S-2020-0838 Malicious Email Activity
185.250.151.192	32	NAB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HIVE Case #5136 TO-S-21-1197 TO-S-21-1197.01 (IP=192,US)
185.250.221.184	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=184,US)
185.250.240.244	24	RW	None	2021-01-04 00:00:00	2021-04-04 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt - Sourcefire (IP=244,TR)
185.250.44.0	22	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	RU Hive Case 4237 TO-S-2021-0910 Malware Activity
185.251.248.0	23	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	HK TO-S-2020-0331 Malware Activity
185.251.44.136	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	PL TO-S-2020-0298 Malicious Email Activity
185.252.144.0	22	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	RU TO-S-2020-0303 Malicious Email Activity
185.253.218.233	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	UA TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
185.253.218.48	32	dbc	None	2020-05-13 00:00:00	2021-05-13 00:00:00	None	Unaffiliated TO-S-2020-0503 Malicious Email Activity
185.253.224.13	24	EE	None	2020-12-23 00:00:00	2021-03-23 00:00:00	None	FTP Login Failed - 6 HR FAILED LOGONS (IP=13,SP)
185.254.136.0	22	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	UA TO-S-2020-0331 Malicious Web Application Activity
185.255.130.14	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	US TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
185.255.132.0	22	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	RU TO-S-2020-0838 Malware Activity
185.255.47.154	24	Rw	None	2021-05-10 00:00:00	2021-08-10 00:00:00	None	FTP Login Failed - 6 hr failed logons (IP=154,IQ)
185.26.106.163	32	TLM	None	2021-07-29 00:00:00	2021-10-27 00:00:00	None	HIVE Case #5884 TO-S-2021-1435 (IP=163,FR)
185.26.168.0	22	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=0,RU)
185.27.116.0	22	TLM	None	2021-06-17 00:00:00	2021-12-17 00:00:00	None	HIVE Case #5644 TO-S-2021-1352 (IP=0,AE)
185.27.142.122	32	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	NL TO-S-2020-0838 Malicious Email Activity
185.27.72.131	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	IT Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
185.29.10.0	24	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,SE)
185.29.8.0	22	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,SE)
185.3.144.0	22	dbc	None	2020-09-17 00:00:00	2021-09-17 00:00:00	None	IL TO-S-2020-0805 Malicious activity
185.3.192.116	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	HR TO-S-2020-0303 Malicious Email Activity
185.30.124.158	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	PL Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
185.30.32.24	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	DE TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
185.30.68.249	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	IT TO-S-2020-0298 Malicious Email Activity
185.32.176.0	22	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	IL TO-S-2020-0331 Malware Activity
185.32.190.5	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	PT TO-S-2020-0303 Malicious Web Application Activity
185.32.222.173	32	RW	None	2021-03-10 00:00:00	2021-06-10 00:00:00	None	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00663 (IP=173,CH)
185.32.64.0	22	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	RU Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
185.33.0.0	22	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	AD TO-S-2021-0876 Hive Case 4166 Malware Activity
185.33.54.11	32	jkc	None	2021-04-21 00:00:00	2021-10-21 00:00:00	None	Case # 5273 IOC_TO-S-2021-1233 Malicious callback IP
185.33.87.9	32	dbc	None	2020-01-08 00:00:00	2021-01-08 00:00:00	None	US TO-S-2020-0236 Malicious Email Activity
185.34.14.156	24	RB	None	2021-03-18 00:00:00	2021-06-16 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - 6hr web attacks (IP=156,DK)
185.34.20.0	22	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	RU Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
185.34.33.2	32	tpr	None	2015-03-17 05:00:00	2021-06-07 00:00:00	None	corpslocks/TOR (ip=2, FR) | updated by jky with reason TO-S-2017-0381 GRIZZLY STEPPE indicators from JAR 16-20296A | updated | updated by RR Block was inactive. Reactivated on 20210309 with reason HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vuln
185.34.52.14	24	EE	None	2021-08-18 00:00:00	2021-11-15 00:00:00	None	HIVE Case #5918 IOC_LOKIBOT (IP=14,LT)
185.35.223.0	24	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5637 TO-S-2021-1321 (IP=0,KZ)
185.36.80.0	22	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	LT TO-S-2021-1007 Malicious Email Activity
185.37.228.160	32	TLM	None	2021-06-17 00:00:00	2021-12-17 00:00:00	None	HIVE Case #5644 TO-S-2021-1352 (IP=160,ES)
185.37.24.0	22	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	RS TO-S-2020-0303 Malicious Email Activity
185.37.70.34	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	NL TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
185.37.71.58	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	NL TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
185.38.175.72	32	GM	None	2021-03-09 00:00:00	2021-06-07 00:00:00	None	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00650 (IP=72,DK)
185.39.11.187	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	CH Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
185.39.196.0	22	TLM	None	2021-07-29 00:00:00	2021-10-27 00:00:00	None	HIVE Case #5884 TO-S-2021-1435 (IP=0,UA)
185.39.8.0	22	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	CH Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
185.4.132.183	32	GM	None	2021-03-09 00:00:00	2021-06-07 00:00:00	None	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00644 (IP=183,GR)
185.4.49.5	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=5,GB)
185.40.156.197	24	RR	None	2020-12-06 00:00:00	2021-03-06 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Web Attacks (IP=197,AZ)
185.40.234.240	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=240,DE)
185.40.56.154	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	NL Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
185.42.105.14	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	ES Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
185.42.105.186	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	ES Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
185.42.12.120	32	JKC	None	2020-06-11 00:00:00	2021-06-11 00:00:00	None	Malicious IP Hive Case 2987 COLS-NA TIP 20-0165 CTO 20-156 (ip=120, US)
185.42.223.39	24	GLM	None	2021-04-05 00:00:00	2021-07-04 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=39,GB)
185.42.96.0	22	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	TJ TO-S-2020-0298 Malicious Email Activity
185.43.5.129	24	BMP	None	2021-04-02 00:00:00	2021-07-01 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=129,RU)
185.44.23.214	32	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	NL TO-S-2020-0322 Malware Activity
185.44.76.84	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	GB TO-S-2020-0298 Malware Activity
185.45.114.220	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	NL TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
185.45.74.80	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	ES TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
185.46.120.226	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
185.46.55.85	32	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	TR TO-S-2020-0838 Malicious Email Activity
185.46.56.0	22	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	CH TO-S-2020-0322 Malware Activity
185.46.84.0	22	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	RU Hive Case 4237 TO-S-2021-0910 Malware Activity
185.47.245.202	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	ES Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
185.47.245.21	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	ES TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
185.47.54.123	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	HIVE Case #Firepower Firepower (IP=123,RU)
185.48.148.0	22	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	KZ Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
185.48.182.72	24	RB	None	2021-02-07 00:00:00	2021-05-08 00:00:00	None	BOT: SQL Injection - Danmec Bot SQL Injection Attack Detected - 6hr web Attacks (IP=72,TR)
185.49.104.0	22	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	IR TO-S-2020-0298 Malicious Email Activity
185.49.84.0	22	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	IR TO-S-2020-0750 Malicious Email Activity
185.49.97.250	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	IR TO-S-2020-0298 Malicious Email Activity
185.5.220.0	22	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	PS TO-S-2020-0493 Malware Activity
185.50.196.123	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	ES TO-S-2020-0459 Malware Activity
185.50.196.201	32	dbc	None	2020-09-23 00:00:00	2021-10-08 00:00:00	None	HIVE Case #3255 TO-S-2020-0661 COLS-NA-TIP-20-0207 (IP=201,ES) | updated by dbc Block was inactive. Reactivated on 20201008 with reason HIVE Case #4064 TO-S-2020-0859 (IP=201,ES)
185.50.196.201	32	wmp	None	2020-07-07 00:00:00	2021-10-08 00:00:00	None	HIVE Case #3255 TO-S-2020-0661 COLS-NA-TIP-20-0207 (IP=201,ES) | updated by dbc Block was inactive. Reactivated on 20201008 with reason HIVE Case #4064 TO-S-2020-0859 (IP=201,ES)
185.50.196.201	32	wmp	None	2020-08-20 00:00:00	2021-10-08 00:00:00	None	HIVE Case #3255 TO-S-2020-0661 COLS-NA-TIP-20-0207 (IP=201,ES) | updated by dbc Block was inactive. Reactivated on 20201008 with reason HIVE Case #4064 TO-S-2020-0859 (IP=201,ES)
185.50.196.212	32	jkc	None	2021-04-21 00:00:00	2021-10-21 00:00:00	None	Case # 5273 IOC_TO-S-2021-1233 Malicious callback IP
185.50.199.97	32	dbc	None	2020-04-08 00:00:00	2021-04-08 00:00:00	None	ES TO-S-2020-0419 Malicious Email Activity
185.50.25.0	24	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	RU TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
185.51.191.58	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	Unaffiliated TO-S-2020-0535 Malicious Email Activity
185.51.40.0	22	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	IR TO-S-2020-0303 Malicious Email Activity
185.51.65.218	24	BMP	None	2021-04-30 00:00:00	2021-07-29 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - 6hr Web Attacks (IP=218,HU)
185.51.8.107	32	TLM	None	2021-07-29 00:00:00	2021-10-27 00:00:00	None	HIVE Case #5884 TO-S-2021-1435 (IP=107,AT)
185.52.128.0	19	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	TH Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
185.52.132.0	22	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	RU TO-S-2020-0838 Malware Activity
185.52.230.50	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	DE TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
185.53.177.11	32	NAB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HIVE Case #5136 TO-S-21-1197 TO-S-21-1197.01 (IP=11,DE)
185.53.177.12	32	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5629 TO-S-2021-1303 (IP=12,DE)
185.53.177.30	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=30,DE)
185.53.177.31	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	DE TO-S-2020-0750 Malicious Email Activity
185.53.177.70	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=70,DE)
185.53.177.71	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=71,DE)
185.53.177.72	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	DE Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
185.53.177.73	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	DE Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
185.53.177.74	32	NAB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HIVE Case #5136 TO-S-21-1197 TO-S-21-1197.01 (IP=74,DE)
185.53.177.8	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	DE TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
185.53.177.9	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	DE Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
185.53.178.130	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	DE TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
185.53.178.22	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	DE TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
185.53.178.22	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	DE TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
185.53.178.22	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	DE TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
185.53.178.23	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=23,DE)
185.53.178.9	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=9,DE)
185.53.179.22	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=22,DE)
185.53.179.23	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	DE TO-S-2021-1007 Malicious Email Activity
185.53.179.7	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	DE TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
185.53.90.90	24	AR	None	2021-07-12 00:00:00	2021-10-10 00:00:00	None	SERVER-WEBAPP Axis Communications IP camera SSI command injection attempt - 6 Hr Web Attacks (IP=90,BZ)
185.54.93.129	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	NL TO-S-2020-0298 Malicious Email Activity
185.56.153.231	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	FR Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
185.56.182.82	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	ES TO-S-2020-0331 Malicious Web Application Activity
185.56.75.138	32	JKC	None	2020-06-11 00:00:00	2021-06-11 00:00:00	None	Malicious IP Hive Case 2987 COLS-NA TIP 20-0165 CTO 20-156 (ip=138, US)
185.56.80.0	22	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	SC Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
185.57.68.0	22	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	AM Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
185.58.52.0	22	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	AT TO-S-2020-0303 Malicious Email Activity
185.59.221.95	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	GB TO-S-2021-1007 Malware Activity
185.6.139.26	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=26,HU)
185.6.53.57	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	PL TO-S-2020-0298 Malicious Email Activity
185.60.134.135	24	EE	None	2021-04-02 00:00:00	2021-08-26 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attack (IP=135,RU) | updated by RR Block expiration extended with reason HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=135,RU) HTTP: ThinkPHP CMS Getshell Vulnerabili
185.60.134.135	24	RR	None	2021-05-28 00:00:00	2021-08-26 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attack (IP=135,RU) | updated by RR Block expiration extended with reason HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=135,RU) HTTP: ThinkPHP CMS Getshell Vulnerabili
185.60.217.28	32	NAB	None	2021-01-15 00:00:00	2021-04-15 00:00:00	None	HIVE Case #NA FP Security (IP=28,IE)
185.61.148.0	22	dbc	None	2019-12-17 00:00:00	2021-01-02 00:00:00	None	LV TO-S-2020-0187 Malicious Email Activity | updated by kmw Block expiration extended with reason LV TO-S-2020-0228 Malicious Web Application Activity
185.61.152.25	32	dbc	None	2020-06-08 00:00:00	2021-06-08 00:00:00	None	US TO-S-2020-0592 Malware Activity
185.61.152.64	32	NAB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HIVE Case #5136 TO-S-21-1197 TO-S-21-1197.01 (IP=64,GB)
185.61.154.32	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	GB TO-S-2021-0949 Hive Case 4363 Malicious Email Activity
185.62.188.204	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	NL TO-S-2020-0535 Malware Activity
185.62.23.7	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	ES TO-S-2020-0303 Malicious Email Activity
185.62.75.108	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	HR TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
185.64.247.4	24	EE	None	2021-02-06 00:00:00	2021-05-06 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - 6 HR Web Attacks (IP=4,GB)
185.64.48.0	22	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	AU TO-S-2020-0298 Malicious Email Activity
185.64.68.182	24	EE	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Webshell.Binary.php.FEC2 - Hive Case 5188 (IP=182,IT)
185.64.88.190	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	GB Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
185.65.132.0	22	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	NL TO-S-2020-0298 Malicious Email Activity
185.65.134.179	24	CR	None	2021-05-30 00:00:00	2021-08-28 00:00:00	None	FOX-SRT - IOC - XServer/Agent - Possible XServer Start SOCKS5 Proxy mode (ProxyTransmit) - Sourcefire (IP=179,NL)
185.65.134.179	24	CR	None	2021-05-30 00:00:00	2021-08-28 00:00:00	None	FOX-SRT - IOC - XServer/Agent - Possible XServer Start SOCKS5 Proxy mode (ProxyTransmit) - Sourcefire (IP=179,NL)
185.65.244.178	24	EE	None	2021-03-27 00:00:00	2021-06-25 00:00:00	None	SERVER WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=178,UA)
185.66.24.72	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	IT TO-S-2020-0331 Malicious Web Application Activity
185.66.250.77	32	dbc	None	2020-09-23 00:00:00	2021-09-23 00:00:00	None	NL TO-S-2020-0826 Hive Case 3950 Malicious Email Activity
185.66.40.35	32	kmw	None	2020-01-02 00:00:00	2021-01-02 00:00:00	None	ES TO-S-2020-0228 Malicious Email Activity
185.67.188.0	22	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	CZ Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
185.67.236.106	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	IT Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
185.68.109.166	32	dbc	None	2020-09-17 00:00:00	2021-09-17 00:00:00	None	ES TO-S-2020-0805 Malicious Email Activity
185.69.144.56	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	GB Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
185.69.153.208	24	DT	None	2021-03-20 00:00:00	2021-06-18 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=208,UA)
185.70.187.184	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	NL TO-S-2021-0876 Hive Case 4166 Malicious Web Application Activity
185.70.41.0	24	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	CH TO-S-2020-0322 Malware Activity
185.71.216.45	24	RR	None	2020-10-09 00:00:00	2021-01-07 00:00:00	None	HTTP SQL Injection Attempt - Web Attacks (IP=45,CY)
185.71.67.25	32	NAB	None	2021-03-12 00:00:00	2021-10-11 00:00:00	None	HIVE Case #NA FP Security (IP=25,RU) | updated by srm Block was inactive. Reactivated on 20210713 with reason HIVE Case #NA FP Security (IP=25,RU)
185.73.113.98	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=98,US)
185.74.38.147	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	IT TO-S-2020-0331 Malicious Web Application Activity
185.74.39.136	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	IT Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
185.74.68.0	22	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	CH TO-S-2020-0322 Malware Activity
185.75.163.49	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	PL Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
185.76.201.119	32	dbc	None	2020-09-23 00:00:00	2021-09-23 00:00:00	None	TR TO-S-2020-0826 Hive Case 3950 Malicious Service Distruption Activity
185.76.203.119	32	dbc	None	2020-09-23 00:00:00	2021-09-23 00:00:00	None	TR TO-S-2020-0826 Hive Case 3950 Malicious Service Distruption Activity
185.77.2.106	24	DT	None	2021-07-26 00:00:00	2021-10-24 00:00:00	None	POLICY-OTHER Adobe ColdFusion admin interface access attempt - SourceFire (IP=106,TR)
185.77.50.173	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	IT TO-S-2020-0331 Malicious Web Application Activity
185.78.136.0	22	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	UZ TO-S-2020-0298 Malicious Email Activity
185.78.36.0	22	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	BG TO-S-2020-0535 Malware Activity
185.79.236.0	22	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	RU TO-S-2020-0322 Malware Activity
185.8.232.145	32	srm	None	2021-01-29 00:00:00	2021-04-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=145,KZ)
185.81.157.123	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	FR TO-S-2020-0493 Malware Activity
185.81.157.15	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	FR TO-S-2021-1007 Malware Activity
185.81.157.17	24	RW	None	2021-05-02 00:00:00	2021-08-02 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt (1:28556:3) - SourceFire (IP=17,FR) | updated by EE Block expiration extended with reason Unauthorized Access-Probe - TT: 21C00474 (IP=17,FR) Unauthorized Access-Probe - TT: 21C00474 (IP=17,FR) | updated b
185.81.157.17	24	EE	None	2021-02-07 00:00:00	2021-08-02 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt (1:28556:3) - SourceFire (IP=17,FR) | updated by EE Block expiration extended with reason Unauthorized Access-Probe - TT: 21C00474 (IP=17,FR) Unauthorized Access-Probe - TT: 21C00474 (IP=17,FR) | updated b
185.81.157.17	24	EE	None	2021-01-10 00:00:00	2021-08-02 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt (1:28556:3) - SourceFire (IP=17,FR) | updated by EE Block expiration extended with reason Unauthorized Access-Probe - TT: 21C00474 (IP=17,FR) Unauthorized Access-Probe - TT: 21C00474 (IP=17,FR) | updated b
185.81.157.240	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	FR TO-S-2021-1007 Malware Activity
185.81.157.31	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	FR TO-S-2020-0459 Malware Activity
185.81.157.35	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	FR TO-S-2020-0459 Malware Activity
185.81.158.149	24	EE	None	2021-01-09 00:00:00	2021-04-09 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt (1:28556:3) - SourceFire (IP=149,FR)
185.82.124.0	22	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	LV TO-S-2020-0698 Malicious Email Activity
185.82.32.0	22	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	LB TO-S-2020-0331 Malicious Web Application Activity
185.82.66.0	24	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	IR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
185.82.78.122	32	TLM	None	2021-06-17 00:00:00	2021-12-17 00:00:00	None	HIVE Case #5644 TO-S-2021-1352 (IP=122,GB)
185.83.196.0	22	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	IR TO-S-2020-0331 Malicious Web Application Activity
185.85.190.88	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	TR TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
185.86.165.178	32	wmp	None	2020-08-26 00:00:00	2021-10-08 00:00:00	None	HIVE Case #3650 COLS-NA-TIP-20-0271 (IP=178,TR) | updated by wmp Block expiration extended with reason HIVE Case #3723 COLS-NA-TIP-20-0275 (IP=178,TR) | updated by dbc Block expiration extended with reason HIVE Case #4064 TO-S-2020-0859 (IP=178,TR)
185.86.166.195	32	TLM	None	2021-06-10 00:00:00	2021-12-10 00:00:00	None	HIVE CASE #5606 TO-S-2021-1338
185.87.187.128	32	TLM	None	2021-06-10 00:00:00	2021-12-10 00:00:00	None	HIVE CASE #5606 TO-S-2021-1338
185.87.187.148	32	dbc	None	2020-09-17 00:00:00	2021-09-17 00:00:00	None	NL TO-S-2020-0805 Malicious Email Activity
185.88.181.0	24	GED	None	2020-12-04 00:00:00	2021-03-04 00:00:00	None	HIVE Case #NA FP CIO Policy (IP=11,NL)
185.89.100.0	22	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	UA Hive Case 4237 TO-S-2021-0910 Malware Activity
185.89.102.155	32	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	NL TO-S-2020-0315 Malicious Web Application Activity
185.89.102.58	32	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	US TO-S-2020-0315 Malicious Web Application Activity
185.89.144.0	22	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	CH TO-S-2020-0322 Malware Activity
185.89.4.81	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	NL TO-S-2020-0698 Malware Activity
185.9.156.86	32	kmw	None	2020-01-02 00:00:00	2021-01-02 00:00:00	None	TR TO-S-2020-0228 Malicious Email Activity
185.90.131.82	24	KD	None	2021-08-03 00:00:00	2021-11-01 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt (1:19559:13) - Sourcefire (IP=82,DE)
185.90.210.162	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	ES TO-S-2020-0298 Malicious Email Activity
185.90.57.197	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	PT TO-S-2020-0331 Malicious Email Activity
185.91.165.237	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	CZ Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
185.92.184.0	22	jkc	None	2021-04-21 00:00:00	2021-10-21 00:00:00	None	Case # 5273 IOC_TO-S-2021-1233 Malicious callback IP
185.92.244.83	24	RT	None	2021-06-08 00:00:00	2021-09-06 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6HR web attacks (IP=83,ES)
185.93.1.0	24	NAB	None	2021-04-05 00:00:00	2021-07-04 00:00:00	None	HIVE Case #5201 TO-S-21-1209 (IP=0,US)
185.93.182.171	24	UA	None	2021-07-11 00:00:00	2021-10-09 00:00:00	None	SQL union select - possible sql injection attempt - GET parameter (1:13990:26) - Sourcefire (IP=171,ES)
185.93.2.0	24	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5629 TO-S-2021-1303 (IP=0,FR)
185.93.2.0	24	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5629 TO-S-2021-1303 (IP=0,FR)
185.93.2.76	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	FR TO-S-2020-0493 Malware Activity
185.93.53.42	32	jkc	None	2021-04-21 00:00:00	2021-10-21 00:00:00	None	Case # 5273 IOC_TO-S-2021-1233 Malicious callback IP
185.94.172.0	22	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	RU Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
185.94.189.182	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	FR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
185.94.212.0	22	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	RU TO-S-2020-0322 Malware Activity
185.94.230.127	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	NL TO-S-2020-0459 Malware Activity
185.94.230.83	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	NL Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
185.94.252.104	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	DE TO-S-2021-0876 Hive Case 4166 Malware Activity
185.94.252.12	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	DE TO-S-2021-0876 Hive Case 4166 Malware Activity
185.96.204.96	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	IT TO-S-2020-0303 Malicious Email Activity
185.96.6.106	32	wmp	None	2020-09-10 00:00:00	2021-10-21 00:00:00	None	HIVE Case #3826 COLS-NA-TIP-20-0285 (IP=106,NL) | updated by dbc Block expiration extended with reason NL TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
185.96.93.157	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	GB TO-S-2020-0459 Malware Activity
185.97.120.236	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	IT TO-S-2020-0298 Malicious Email Activity
185.97.123.12	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	IT TO-S-2020-0331 Malicious Web Application Activity
185.97.156.72	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=72,IT)
185.98.128.0	22	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	US TO-S-2020-0315 Malicious Email Activity
185.98.139.220	24	RR	None	2021-05-28 00:00:00	2021-08-26 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - Web Attacks (IP=220,FR)
185.99.133.249	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	NZ TO-S-2020-0331 Malware Activity
185.99.136.130	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	IE Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
185.99.187.166	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	ES TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
185.99.199.243	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=243,TR)
185.99.65.132	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	CZ TO-S-2020-0303 Malicious Email Activity
185.99.65.254	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	CZ TO-S-2020-0303 Malicious Email Activity
185.99.65.97	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	CZ TO-S-2020-0303 Malicious Email Activity
186.10.22.0	24	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=0,CL)
186.10.34.0	24	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	CL Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
186.10.84.196	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	CL TO-S-2020-0303 Malicious Email Activity
186.10.86.210	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	CL TO-S-2020-0303 Malicious Email Activity
186.103.141.250	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	CL TO-S-2021-0876 Hive Case 4166 Malware Activity
186.103.162.122	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	CL TO-S-2020-0298 Malicious Email Activity
186.103.188.94	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=94,CL)
186.106.102.219	24	RR	None	2021-01-07 00:00:00	2021-04-07 00:00:00	None	File /etc/passwd Access Attempt Detect - IPS Events (IP=219,UY)
186.106.120.0	24	nab	None	2021-01-06 00:00:00	2021-04-06 00:00:00	None	HIVE Case #4689 Hack the Army (IP=120,CL)
186.107.196.227	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	CL Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
186.109.152.0	21	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	AR TO-S-2021-0876 Hive Case 4166 Malware Activity
186.121.206.234	32	jkc	None	2020-06-26 00:00:00	2021-06-26 00:00:00	None	Case # 3146 - IOC_ CTO 20-172 malicious callback IP (ip=234,BO)
186.121.214.194	24	EE	None	2021-03-27 00:00:00	2021-06-25 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=194,BO)
186.122.30.33	24	RR	None	2021-05-31 00:00:00	2021-08-29 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=108,RU)
186.122.30.33	32	PS	None	2021-05-27 00:00:00	2021-08-25 00:00:00	None	Attempted Access - Inbound Brute Force - TT# 21C01227 (IP=33,AR)
186.128.233.163	24	GM	None	2021-04-23 00:00:00	2021-07-23 00:00:00	None	SQL injection - Web Attacks (IP=163,AR)
186.13.0.0	21	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	AR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
186.13.160.129	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	HIVE Case #Firepower Firepower (IP=129,AR)
186.14.94.0	23	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	VE Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
186.148.186.70	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	CO TO-S-2020-0331 Malicious Web Application Activity
186.15.186.194	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	CR TO-S-2020-0303 Malicious Email Activity
186.150.202.0	24	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	DM Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
186.150.202.228	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	DO TO-S-2020-0298 Malicious Email Activity
186.151.144.85	32	srm	None	2021-01-29 00:00:00	2021-04-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=85,GT)
186.154.221.154	24	GM	None	2020-11-29 00:00:00	2021-03-01 00:00:00	None	SERVER-WEBAPP ZyXEL P660HN ADSL Router viewlog.asp command injection attempt - Web Attacks (IP=154,CO)
186.154.224.0	20	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,CO)
186.155.15.190	24	RR	None	2021-03-02 00:00:00	2021-05-31 00:00:00	None	SQL injection - Web Attacks (IP=190,CO)
186.159.212.0	22	jkc	None	2021-04-21 00:00:00	2021-10-21 00:00:00	None	Case # 5273 IOC_TO-S-2021-1233 Malicious callback IP
186.170.28.0	24	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	CO TO-S-2021-0989 Hive Case # 4493 Unknown Malicious Activity
186.170.28.0	24	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	CO TO-S-2021-0989 Hive Case # 4493 Unknown Malicious Activity
186.170.28.0	24	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	CO TO-S-2021-0989 Hive Case # 4493 Unknown Malicious Activity
186.176.155.61	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	CR TO-S-2020-0303 Malicious Email Activity
186.179.14.241	24	FT	None	2021-03-01 00:00:00	2021-05-30 00:00:00	None	SQL injection - 6hr web attacks (IP=241,CL)
186.179.243.77	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=77,SR)
186.179.65.0	24	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	CR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
186.18.16.0	20	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	AR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
186.182.223.111	32	srm	None	2021-04-27 00:00:00	2021-07-26 00:00:00	None	Firepower Suspicious Scan Activity (IP=111,AR)
186.19.128.0	20	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	AR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
186.193.96.0	20	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	BR TO-S-2020-0535 Malware Activity
186.195.80.0	20	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	BR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
186.202.153.23	32	NAB	None	2020-10-30 00:00:00	2021-01-28 00:00:00	None	HIVE Case #4238 COLS-NA-TIP-20-0344 (IP=23,BR)
186.209.0.0	20	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	BR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
186.210.67.153	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	HIVE Case #Firepower Firepower (IP=153,BR)
186.210.95.191	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=191,BR)
186.219.222.13	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	BR TO-S-2020-0331 Malicious Web Application Activity
186.22.189.212	32	dbc	None	2020-01-08 00:00:00	2021-01-08 00:00:00	None	AR TO-S-2020-0236 Malicious Email Activity
186.220.252.150	24	ZH	None	2021-08-19 00:00:00	2021-11-17 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt (1:19559:13) - Sourcefire Rpt (IP=150,BR)
186.224.160.0	19	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	BR TO-S-2021-0876 Hive Case 4166 Malicious Web Application Activity
186.224.240.0	20	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	BR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
186.225.157.79	24	AR	None	2021-07-11 00:00:00	2021-10-09 00:00:00	None	SQL injection - 6 Hr Web Attack (IP=79,BR)
186.225.48.0	20	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	BR Hive Case 4187 TO-S-2021-0898 Malware Activity
186.226.32.0	20	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	BR TO-S-2020-0303 Malicious Email Activity
186.227.148.107	32	srm	None	2021-01-28 00:00:00	2021-04-28 00:00:00	None	Firepower Suspicious Scan Activity (IP=107,BR)
186.232.16.0	21	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	BR TO-S-2020-0298 Malicious Email Activity
186.232.180.0	22	NAB	None	2021-04-05 00:00:00	2021-07-04 00:00:00	None	HIVE Case #5201 TO-S-21-1209 (IP=0,BR)
186.232.8.0	21	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	BR TO-S-2020-0838 Malware Activity
186.233.160.0	21	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	BR TO-S-2020-0298 Malicious Email Activity
186.233.176.0	21	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	BR TO-S-2020-0298 Malicious Email Activity
186.233.187.107	24	BMP	None	2021-08-05 00:00:00	2021-11-03 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt (1:28556:3) - SourceFire (IP=107,BR)
186.235.48.0	21	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	BR TO-S-2020-0298 Malicious Email Activity
186.235.77.154	32	TLM	None	2021-06-10 00:00:00	2021-12-10 00:00:00	None	HIVE CASE #5606 TO-S-2021-1338
186.236.224.0	20	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	BR TO-S-2020-0303 Malicious Email Activity
186.24.12.0	22	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	VE TO-S-2021-0876 Hive Case 4166 Malware Activity
186.24.217.42	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=42,VE)
186.249.108.172	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	US TO-S-2020-0303 Malicious Email Activity
186.249.47.211	24	ZH	None	2021-07-03 00:00:00	2021-10-01 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=211,BR)
186.250.116.0	22	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	BR TO-S-2020-0331 Malicious Web Application Activity
186.250.176.0	21	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	BR TO-S-2020-0298 Malicious Email Activity
186.251.128.0	21	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	BR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
186.251.228.0	22	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	BR TO-S-2020-0298 Malicious Email Activity
186.251.72.0	22	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	BR TO-S-2020-0298 Malicious Email Activity
186.26.124.154	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=154,CR)
186.29.147.182	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=182,CO)
186.29.69.67	32	AR	None	2021-08-30 00:00:00	2021-11-28 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 21C01669 (IP=67,US)
186.29.69.67	24	RR	None	2021-06-20 00:00:00	2021-09-18 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - SourceFire (IP=67,CO)
186.32.16.0	23	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	CR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
186.33.104.138	24	EE	None	2020-12-07 00:00:00	2021-03-07 00:00:00	None	POLICY-OTHER SAP NetWeaver AS LM - SourceFire (IP=138,DR)
186.33.112.127	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=127,DO)
186.33.112.138	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=138,DO)
186.33.112.147	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=147,DO)
186.33.112.68	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=68,DO)
186.33.113.137	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=137,DO)
186.33.116.94	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=94,DO)
186.33.122.253	24	srm	None	2021-01-29 00:00:00	2021-04-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=253,DO)
186.33.123.27	24	GM	None	2020-12-25 00:00:00	2021-03-25 00:00:00	None	Generic URI Injection wget Attempt - Web Attacks (IP=27,DO)
186.33.126.86	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=86,DO)
186.33.216.141	24	RB	None	2021-04-12 00:00:00	2021-07-11 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Sourcefire (IP=141,AR)
186.33.71.57	24	KH	None	2021-09-22 00:00:00	2021-12-21 00:00:00	None	Generic URI Injection wget Attempt - Sourcefire (IP=57,DO)
186.33.77.26	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=26,DO)
186.35.198.21	24	RW	None	2021-03-10 00:00:00	2021-06-10 00:00:00	None	SQL injection - 6hr web attacks (IP=21,CL)
186.38.35.34	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	AR Hive Case 4237 TO-S-2021-0910 Malicious Reconnaissance Activity
186.4.125.48	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=48,AR)
186.42.113.6	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	EC TO-S-2020-0303 Malicious Email Activity
186.46.113.104	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	EC TO-S-2020-0493 Malware Activity
186.46.160.0	22	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	EC TO-S-2020-0298 Malicious Email Activity
186.46.204.0	24	TLM	None	2021-06-10 00:00:00	2021-12-10 00:00:00	None	HIVE CASE #5606 TO-S-2021-1338
186.46.234.26	32	jkc	None	2021-04-21 00:00:00	2021-10-21 00:00:00	None	Case # 5273 IOC_TO-S-2021-1233 Malicious callback IP
186.47.120.0	22	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	EC TO-S-2020-0298 Malicious Email Activity
186.47.16.252	24	GM	None	2021-03-24 00:00:00	2021-06-24 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=252,EC)
186.48.144.0	20	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,UY)
186.48.48.0	20	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	UY Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
186.49.11.21	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	UY TO-S-2020-0298 Malicious Email Activity
186.5.134.44	32	dbc	None	2020-01-08 00:00:00	2021-01-08 00:00:00	None	PA TO-S-2020-0236 Malicious Email Activity
186.5.31.90	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	EC TO-S-2020-0303 Malicious Email Activity
186.5.62.214	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	EC TO-S-2020-0298 Malicious Email Activity
186.50.16.0	20	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,UY)
186.52.160.0	20	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=0,UY)
186.52.213.74	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	US TO-S-2020-0303 Malicious Email Activity
186.54.128.0	20	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	UY TO-S-2020-0331 Malicious Web Application Activity
186.54.80.0	20	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	UY TO-S-2020-0331 Malicious Web Application Activity
186.58.168.178	32	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5629 TO-S-2021-1303 (IP=178,AR)
186.59.91.74	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	AR TO-S-2020-0303 Malicious Email Activity
186.64.116.25	32	NAB	None	2020-10-30 00:00:00	2021-01-28 00:00:00	None	HIVE Case #4238 COLS-NA-TIP-20-0344 (IP=25,CL)
186.67.208.78	32	dbc	None	2020-05-13 00:00:00	2021-05-13 00:00:00	None	CL TO-S-2020-0503 Malicious Email Activity
186.67.90.108	24	RB	None	2019-04-28 00:00:00	2021-08-11 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability (IP=108 CL) | updated by RR with reason SERVER-WEBAPP Drupal 8 remote code execution attempt - Web Attacks (IP=108,CL) | updated by CR Block was inactive. Reactivated on 20210511 with reason HTTP: ThinkPHP CM
186.69.215.191	24	BMP	None	2020-10-11 00:00:00	2021-01-09 00:00:00	None	OS-OTHER Bash CGI environment variable injection attempt - SourceFire (IP=191,EC)
186.7.117.94	24	RR	None	2021-05-02 00:00:00	2021-07-31 00:00:00	None	SERVER-WEBAPP Linksys E-series HNAP TheMoon remote code execution attempt - Web Attacks (IP=94,DO)
186.74.95.236	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	PA Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
186.77.202.239	24	RR	None	2021-06-20 00:00:00	2021-09-18 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - SourceFire (IP=239,NI)
186.79.168.255	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	CL TO-S-2020-0298 Malicious Email Activity
186.88.192.0	20	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	PA TO-S-2020-0298 Malicious Email Activity
186.94.32.126	24	WR	None	2021-06-26 00:00:00	2021-09-24 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6hr Failed Logons (IP=126,VE)
187.0.168.0	21	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	BR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
187.1.128.0	20	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	BR Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
187.1.172.157	24	EE	None	2021-03-27 00:00:00	2021-06-25 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=157,BR)
187.1.80.0	20	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5629 TO-S-2021-1303 (IP=0,BR)
187.102.16.0	20	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	BR TO-S-2020-0298 Malicious Email Activity
187.103.81.48	32	srm	None	2021-01-28 00:00:00	2021-04-28 00:00:00	None	Firepower Suspicious Scan Activity (IP=48,BR)
187.103.82.107	32	srm	None	2021-01-28 00:00:00	2021-04-28 00:00:00	None	Firepower Suspicious Scan Activity (IP=107,BR)
187.108.203.53	32	GM	None	2020-10-02 00:00:00	2021-01-02 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT # 21C00011 (IP=53,US)
187.108.64.0	20	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	BR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
187.111.208.0	20	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	BR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
187.111.224.0	19	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	BR Hive Case 4187 TO-S-2021-0898 Malware Activity
187.111.96.0	20	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,BR)
187.112.100.78	24	GM	None	2020-10-24 00:00:00	2021-01-24 00:00:00	None	SERVER-WEBAPP vBulletin pre-authenticated command injection attempt - Sourcefire (IP=30,CN)
187.120.159.170	32	TLM	None	2021-06-14 00:00:00	2021-12-14 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=170,BR)
187.120.208.0	20	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	BR TO-S-2020-0298 Malicious Email Activity
187.131.209.139	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	MX Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
187.131.31.213	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	MX Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
187.133.59.116	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	MX Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
187.134.128.214	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	MX Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
187.136.128.126	32	dbc	None	2020-01-08 00:00:00	2021-01-08 00:00:00	None	MX TO-S-2020-0236 Malicious Email Activity
187.136.141.116	32	dbc	None	2020-01-08 00:00:00	2021-01-08 00:00:00	None	MX TO-S-2020-0236 Malicious Email Activity
187.136.179.21	24	DT	None	2020-10-28 00:00:00	2021-01-26 00:00:00	None	Hello Peppa Scan - Recon - IPS Event (IP=214,MX)
187.136.46.13	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	MX TO-S-2020-0493 Malware Activity
187.137.134.251	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	MX Hive Case 4237 TO-S-2021-0910 Malware Activity
187.137.134.251	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	MX Hive Case 4237 TO-S-2021-0910 Malware Activity
187.137.36.117	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	MX TO-S-2020-0493 Malware Activity
187.137.73.91	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	MX TO-S-2020-0493 Malware Activity
187.138.18.2	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	MX TO-S-2020-0493 Malware Activity
187.138.211.165	24	RW	None	2021-03-10 00:00:00	2021-06-10 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - Sourcefire (IP=165,MX)
187.138.74.75	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	MX TO-S-2020-0493 Malware Activity
187.138.79.226	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	MX Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
187.140.10.242	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	MX TO-S-2020-0303 Malicious Email Activity
187.141.142.230	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	MX TO-S-2020-0303 Malicious Email Activity
187.141.176.40	32	dbc	None	2020-01-08 00:00:00	2021-01-08 00:00:00	None	MX TO-S-2020-0236 Malicious Email Activity
187.141.63.50	32	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5629 TO-S-2021-1303 (IP=50,MX)
187.144.198.145	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	MX TO-S-2020-0303 Malicious Email Activity
187.145.45.115	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	MX TO-S-2020-0303 Malicious Email Activity
187.146.119.84	24	RR	None	2021-05-24 00:00:00	2021-08-22 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - SourceFire (IP=84,MX)
187.147.119.181	24	EE	None	2021-02-11 00:00:00	2021-05-11 00:00:00	None	SERVER-WEBAPP LifeRay arbitrary Java object deserialization attempt - 6 HR Web Attacks (IP=181,MX)
187.147.76.247	24	KH	None	2021-09-05 00:00:00	2021-12-04 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6hr Failed Logons (IP=247,MX)
187.148.149.145	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	MX TO-S-2020-0298 Malicious Email Activity
187.151.22.194	32	RB	None	2020-10-27 00:00:00	2021-01-25 00:00:00	None	Unauthorized Access-Probe / UDP: Host Sweep - TT# 21C00184 (IP=194,MX)
187.155.217.138	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	MX TO-S-2020-0331 Malicious Web Application Activity
187.157.239.189	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=189,MX)
187.159.186.234	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	MX Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
187.16.96.0	19	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,BR)
187.161.171.118	32	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5629 TO-S-2021-1303 (IP=118,MX)
187.161.206.24	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	MX TO-S-2021-0876 Hive Case 4166 Malware Activity
187.162.248.237	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	MX TO-S-2021-0876 Hive Case 4166 Malware Activity
187.167.26.77	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	MX Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
187.17.0.0	24	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	BR Hive Case 4237 TO-S-2021-0910 Malware Activity
187.17.200.0	22	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	BR TO-S-2020-0331 Malicious Web Application Activity
187.170.150.115	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	MX TO-S-2020-0331 Malicious Web Application Activity
187.170.180.200	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	MX Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
187.172.217.217	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	MX TO-S-2020-0331 Malicious Web Application Activity
187.174.175.244	32	srm	None	2021-03-30 00:00:00	2021-06-30 00:00:00	None	Firepower Suspicious Scan Activity (IP=244,MX)
187.188.103.181	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	MX TO-S-2020-0298 Malicious Email Activity
187.188.107.173	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	MX TO-S-2020-0298 Malicious Email Activity
187.188.129.138	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	MX Hive Case 4237 TO-S-2021-0910 Malicious Reconnaissance Activity
187.188.143.13	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	MX TO-S-2020-0331 Malicious Web Application Activity
187.188.149.227	32	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	MX TO-S-2020-0838 Malware Activity
187.188.149.50	32	TLM	None	2021-07-29 00:00:00	2021-10-27 00:00:00	None	HIVE Case #5884 TO-S-2021-1435 (IP=50,MX)
187.188.153.78	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	MX TO-S-2020-0459 Malware Activity
187.188.161.194	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	MX TO-S-2020-0303 Malicious Email Activity
187.188.161.220	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	MX TO-S-2020-0303 Malicious Email Activity
187.188.175.208	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	MX TO-S-2020-0303 Malicious Email Activity
187.188.179.42	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	MX Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
187.188.190.48	24	RT	None	2021-06-29 00:00:00	2021-09-27 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire Report (IP=48,MX)
187.188.193.201	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	MX TO-S-2020-0298 Malicious Email Activity
187.188.209.134	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	AT TO-S-2020-0303 Malicious Email Activity
187.188.252.232	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	MX Hive Case 4237 TO-S-2021-0910 Malware Activity
187.188.26.239	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	MX Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
187.188.36.116	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	MX TO-S-2021-0989 Hive Case # 4493 Malware Activity
187.188.36.161	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	MX TO-S-2020-0303 Malicious Email Activity
187.188.42.172	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	MX Hive Case 4237 TO-S-2021-0910 Malicious Reconnaissance Activity
187.188.44.199	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	MX TO-S-2020-0331 Malicious Web Application Activity
187.188.50.211	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	MX TO-S-2020-0331 Malicious Web Application Activity
187.188.50.47	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	MX TO-S-2020-0298 Malicious Email Activity
187.188.50.76	24	DT	None	2021-03-30 00:00:00	2021-06-28 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=76,MX)
187.188.58.55	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	MX TO-S-2020-0298 Malicious Email Activity
187.188.80.25	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	MX TO-S-2020-0298 Malicious Email Activity
187.188.85.31	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	MX Hive Case 4237 TO-S-2021-0910 Malware Activity
187.188.87.71	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	MX TO-S-2020-0331 Malicious Web Application Activity
187.188.92.254	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	MX TO-S-2020-0331 Malicious Web Application Activity
187.188.93.96	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	MX Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
187.188.94.46	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	MX TO-S-2020-0331 Malicious Web Application Activity
187.189.124.55	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	MX TO-S-2020-0303 Malicious Email Activity
187.189.176.176	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	MX TO-S-2020-0331 Malicious Web Application Activity
187.189.193.120	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	MX TO-S-2020-0331 Malicious Web Application Activity
187.189.21.16	32	jkc	None	2021-04-21 00:00:00	2021-10-21 00:00:00	None	Case # 5273 IOC_TO-S-2021-1233 Malicious callback IP
187.189.223.97	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	MX TO-S-2020-0298 Malicious Email Activity
187.189.228.228	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	MX TO-S-2020-0298 Malicious Email Activity
187.189.233.248	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	MX TO-S-2020-0298 Malicious Email Activity
187.189.234.251	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	MX TO-S-2020-0331 Malicious Web Application Activity
187.189.235.42	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	MX TO-S-2020-0298 Malicious Email Activity
187.189.26.216	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	MX TO-S-2020-0298 Malicious Email Activity
187.189.26.73	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	MX TO-S-2020-0298 Malicious Email Activity
187.189.43.116	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	MX TO-S-2020-0331 Malicious Web Application Activity
187.189.45.139	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	MX TO-S-2020-0303 Malicious Email Activity
187.189.51.166	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	MX TO-S-2020-0331 Malicious Web Application Activity
187.189.62.102	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	MX TO-S-2020-0331 Malicious Web Application Activity
187.189.64.143	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	MX TO-S-2020-0331 Malicious Web Application Activity
187.189.64.242	32	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	MX TO-S-2020-0315 Malicious Web Application Activity
187.189.65.105	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	MX TO-S-2020-0303 Malicious Email Activity
187.189.93.151	24	DT	None	2021-07-01 00:00:00	2021-09-29 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - Failed Logons (IP=151,MX) | updated by DT Block was inactive. Reactivated on 20210701 with reason INDICATOR-SCAN SSH brute force login attempt - Failed Logons (IP=151,MX) INDICATOR-SCAN SSH brute force logi
187.189.93.151	24	DT	None	2021-07-01 00:00:00	2021-09-29 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - Failed Logons (IP=151,MX) | updated by DT Block was inactive. Reactivated on 20210701 with reason INDICATOR-SCAN SSH brute force login attempt - Failed Logons (IP=151,MX) INDICATOR-SCAN SSH brute force logi
187.19.160.0	20	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	BR TO-S-2020-0298 Malicious Email Activity
187.19.160.0	19	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	BR TO-S-2021-0876 Hive Case 4166 Malware Activity
187.190.116.112	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	MX TO-S-2020-0298 Malicious Email Activity
187.190.116.16	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	MX TO-S-2020-0303 Malicious Email Activity
187.190.129.186	32	NAB	None	2021-04-05 00:00:00	2021-07-04 00:00:00	None	HIVE Case #5201 TO-S-21-1209 (IP=186,MX)
187.190.150.91	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	MX TO-S-2020-0331 Malicious Web Application Activity
187.190.173.23	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	MX Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
187.190.236.214	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	MX TO-S-2020-0303 Malicious Email Activity
187.190.255.103	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	MX TO-S-2020-0298 Malicious Email Activity
187.190.255.190	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	MX TO-S-2020-0298 Malicious Email Activity
187.190.55.40	24	BMP	None	2021-01-18 00:00:00	2021-04-18 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6hr Failed Logons (IP=40,MX)
187.190.73.7	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	MX TO-S-2020-0298 Malicious Email Activity
187.190.81.25	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	MX TO-S-2020-0331 Malicious Web Application Activity
187.191.0.238	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	MX TO-S-2020-0331 Malicious Web Application Activity
187.191.113.5	24	GLM	None	2021-04-05 00:00:00	2021-07-04 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=5,BR)
187.191.44.202	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	MX Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
187.191.48.116	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	MX TO-S-2020-0750 Malicious Email Activity
187.191.62.105	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	MX TO-S-2020-0298 Malicious Email Activity
187.194.154.127	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	MX Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
187.194.182.34	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	MX Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
187.195.88.191	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	MX TO-S-2020-0303 Malicious Email Activity
187.200.71.158	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	MX Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
187.202.132.193	32	RB	None	2020-05-08 00:00:00	2021-10-21 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C02682 (IP=193,MX) | updated by dbc Block was inactive. Reactivated on 20201021 with reason MX TO-S-2021-0876 Hive Case 4166 Malicious Web Application Activity
187.202.134.102	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	MX Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
187.202.145.140	24	BMP	None	2021-05-04 00:00:00	2021-08-03 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=140,MX)
187.202.239.45	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	MX Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
187.202.254.108	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	MX Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
187.204.49.61	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	MX Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
187.206.223.99	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	MX Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
187.207.22.255	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	MX Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
187.207.95.218	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	MX TO-S-2020-0331 Malicious Web Application Activity
187.208.14.195	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	MX Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
187.208.207.6	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	MX Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
187.212.140.201	32	dbc	None	2020-01-08 00:00:00	2021-01-08 00:00:00	None	MX TO-S-2020-0236 Malicious Email Activity
187.212.158.16	32	DT	None	2021-04-16 00:00:00	2021-07-15 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6hr Failed Logons (IP=16,MX)
187.213.252.38	24	WR	None	2021-05-27 00:00:00	2021-08-25 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (1:42857:3) - SourceFire (IP=38,MX)
187.214.110.212	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	MX TO-S-2020-0331 Malicious Web Application Activity
187.214.231.100	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	MX Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
187.214.238.54	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	MX TO-S-2020-0298 Malicious Email Activity
187.214.71.181	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	MX TO-S-2020-0493 Malware Activity
187.218.240.83	24	EE	None	2020-11-19 00:00:00	2021-02-19 00:00:00	None	HTTP: PHPUnit Remote Code Exe Vul (CVE-2017-9841) - 6HR Web Attack (IP=20,MX)
187.221.65.96	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	MX TO-S-2021-0876 Hive Case 4166 Malicious Web Application Activity
187.226.180.77	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	MX TO-S-2020-0331 Malicious Web Application Activity
187.228.143.166	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	MX Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
187.228.6.163	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	MX Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
187.234.21.119	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	MX TO-S-2020-0493 Malware Activity
187.245.164.21	32	RR	None	2020-10-12 00:00:00	2021-01-12 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 21C00107 (IP=21,MX)
187.250.107.211	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	MX Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
187.250.121.53	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	MX TO-S-2020-0298 Malicious Email Activity
187.250.67.75	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	MX Hive Case 4237 TO-S-2021-0910 Malware Activity
187.3.137.105	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	BR TO-S-2020-0303 Malicious Email Activity
187.33.224.0	20	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	BR TO-S-2020-0750 Malicious Email Activity
187.44.82.3	24	RW	None	2021-04-02 00:00:00	2021-07-02 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr web attacks (IP=3,BR)
187.49.132.0	22	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	BR TO-S-2020-0298 Malicious Email Activity
187.56.9.158	24	BMP	None	2021-06-17 00:00:00	2021-09-15 00:00:00	None	SQL injection - 6hr Web Attacks (IP=158,BR)
187.56.9.158	32	wmp	None	2021-06-17 00:00:00	2021-09-17 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=158,BR)
187.56.9.158	32	wmp	None	2021-06-17 00:00:00	2021-09-17 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=158,BR) ArcSight ESM High Attacker Suspicious Scan Activity (IP=158,BR)
187.60.32.0	20	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	BR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
187.74.119.235	24	DT	None	2021-06-21 00:00:00	2021-09-19 00:00:00	None	SQL injection - Web Attacks (IP=235,BR)
187.84.58.144	24	RR	None	2021-06-06 00:00:00	2021-09-04 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=144,BR) | updated by RR Block expiration extended with reason HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=144,BR) HTTP: ThinkPHP CMS Getshell Vulner
187.84.58.144	24	BMP	None	2021-03-26 00:00:00	2021-09-04 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=144,BR) | updated by RR Block expiration extended with reason HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=144,BR) HTTP: ThinkPHP CMS Getshell Vulner
187.85.144.0	20	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	BR TO-S-2020-0303 Malicious Email Activity
187.85.160.0	20	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	BR TO-S-2020-0303 Malicious Email Activity
187.86.128.0	20	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	BR TO-S-2020-0303 Malicious Email Activity
187.87.138.165	24	BMP	None	2021-03-13 00:00:00	2021-06-11 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=165,BR)
187.94.112.0	20	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	BR TO-S-2020-0298 Malicious Email Activity
187.94.128.0	20	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	BR TO-S-2020-0315 Malicious Web Application Activity
188.0.13.202	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	RU TO-S-2020-0303 Malicious Email Activity
188.0.132.0	24	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	KZ Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
188.0.135.0	24	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	KZ TO-S-2021-0876 Hive Case 4166 Malware Activity
188.0.148.143	24	BMP	None	2021-05-11 00:00:00	2021-08-09 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - 6hr Web Attacks (IP=143,KZ)
188.0.24.0	22	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	RU Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
188.0.248.0	21	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	MD Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
188.11.61.14	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	IT Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
188.117.29.71	32	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	FI TO-S-2020-0838 Malicious Email Activity
188.118.217.215	32	kmw	None	2020-01-02 00:00:00	2021-01-02 00:00:00	None	AT TO-S-2020-0228 Malicious Email Activity
188.119.148.103	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	RO TO-S-2020-0298 Malicious Email Activity
188.119.24.7	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	TR TO-S-2020-0298 Malicious Email Activity
188.119.30.75	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	TR TO-S-2020-0298 Malicious Email Activity
188.119.30.80	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	TR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
188.119.30.82	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	TR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
188.12.160.27	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	IT TO-S-2020-0303 Malicious Email Activity
188.120.100.110	24	AR	None	2021-07-19 00:00:00	2021-10-17 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6 Hr Failed Logon (IP=110,RS)
188.120.128.0	19	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	IL Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
188.120.243.70	24	DT	None	2021-04-05 00:00:00	2021-07-04 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=70,RU)
188.123.122.6	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	SK TO-S-2020-0298 Malicious Email Activity
188.124.32.0	20	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	RU TO-S-2020-0322 Malware Activity
188.125.72.138	32	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	GB TO-S-2020-0322 Malware Activity
188.125.72.139	32	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	GB TO-S-2020-0322 Malware Activity
188.125.72.167	32	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	GB TO-S-2020-0322 Malware Activity
188.127.250.111	24	ZH	None	2021-08-28 00:00:00	2021-11-26 00:00:00	None	SQL injection - 6hr Web Attacks (IP=111,RU)
188.127.37.0	24	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5629 TO-S-2021-1303 (IP=0,KZ)
188.129.228.15	24	RR	None	2021-01-05 00:00:00	2021-04-05 00:00:00	None	FTP Login Failed - Failed Logons (IP=15,GE)
188.131.147.44	24	RT	None	2021-06-10 00:00:00	2021-09-08 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6 HR WebAttack (IP=44,CN)
188.131.246.195	32	RT	None	2021-09-26 00:00:00	2021-12-25 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 21C01958 (IP=195,US)
188.135.12.0	22	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	OM TO-S-2021-0876 Hive Case 4166 Malware Activity
188.137.121.170	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	PL TO-S-2020-0298 Malicious Email Activity
188.138.184.130	32	srm	None	2021-04-28 00:00:00	2021-07-27 00:00:00	None	Firepower Suspicious Scan Activity (IP=130,MD)
188.138.202.194	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	MD Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
188.14.12.178	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	IT Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
188.142.203.236	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	HU TO-S-2020-0298 Malicious Email Activity
188.143.110.185	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	HU Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
188.143.220.152	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=152,RU)
188.148.253.219	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	SE TO-S-2020-0331 Malicious Web Application Activity
188.15.136.91	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	IT Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
188.15.23.69	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	IT TO-S-2020-0493 Malware Activity
188.150.126.176	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	SE TO-S-2020-0303 Malicious Email Activity
188.151.30.1	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	SE TO-S-2020-0459 Malware Activity
188.16.148.210	32	wmp	None	2021-04-26 00:00:00	2021-07-26 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=210,RU)
188.162.141.136	24	SW	None	2021-07-24 00:00:00	2021-10-22 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - Failed Logons (IP=136, RU)
188.162.143.0	24	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5637 TO-S-2021-1321 (IP=0,RU)
188.162.163.57	32	jkc	None	2020-06-26 00:00:00	2021-06-26 00:00:00	None	Case # 3146 - IOC_ CTO 20-172 malicious callback IP (ip=57,RU)
188.162.32.0	19	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5629 TO-S-2021-1303 (IP=0,RU)
188.163.109.153	32	jkc	None	2020-06-26 00:00:00	2021-06-26 00:00:00	None	Case # 3146 - IOC_ CTO 20-172 malicious callback IP (ip=153,UA)
188.163.61.95	32	jkc	None	2020-06-26 00:00:00	2021-06-26 00:00:00	None	Case # 3146 - IOC_ CTO 20-172 malicious callback IP (ip=95,UA)
188.165.214.49	24	DT	None	2021-03-30 00:00:00	2021-06-28 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=49,FR)
188.165.228.188	24	DT	None	2021-02-02 00:00:00	2021-05-02 00:00:00	None	SERVER-WEBAPP Wordpress File Manager plugin elFinder remote code execution attempt - 6hr Web Attacks (IP=188,FR)
188.165.232.202	32	jkc	None	2020-06-26 00:00:00	2021-06-26 00:00:00	None	Case # 3146 - IOC_ CTO 20-172 malicious callback IP (ip=202,FR)
188.165.44.111	24	KH	None	2021-08-17 00:00:00	2021-11-15 00:00:00	None	Possible Cross-site Scripting
188.165.44.111	24	KH	None	2021-08-17 00:00:00	2021-11-15 00:00:00	None	Possible Cross-site Scripting Attack - FE IPS (IP=111,FR)
188.166.111.78	32	wmp	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=78,NL)
188.166.111.78	32	wmp	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=78,NL)
188.166.111.78	32	wmp	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=78,NL)
188.166.113.86	32	wmp	None	2021-05-13 00:00:00	2021-08-13 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=86,NL)
188.166.118.238	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	NL TO-S-2020-0459 Malware Activity
188.166.120.219	32	srm	None	2021-05-17 00:00:00	2021-08-15 00:00:00	None	Firepower Suspicious Scan Activity (IP=219,NL)
188.166.120.54	32	wmp	None	2021-02-03 00:00:00	2021-05-03 00:00:00	None	Firepower Suspicious Scan Activity (IP=54,NL)
188.166.121.160	32	RW	None	2021-03-25 00:00:00	2021-06-25 00:00:00	None	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - TT# 21C00752 (IP=160,NL)
188.166.122.74	24	EE	None	2021-03-15 00:00:00	2021-06-13 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attack (IP=74,NL)
188.166.126.105	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	NL TO-S-2020-0298 Malicious Email Activity
188.166.126.191	32	wmp	None	2021-02-09 00:00:00	2021-05-09 00:00:00	None	Firepower Suspicious Scan Activity (IP=191,NL)
188.166.13.91	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	srm Firepwer Suspicious Scan Activity (IP=91,NL)
188.166.148.236	32	srm	None	2021-03-30 00:00:00	2021-06-30 00:00:00	None	Firepower Suspicious Scan Activity (IP=236,GB)
188.166.154.56	24	RT	None	2021-05-27 00:00:00	2021-08-25 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire Report (IP=56,UK)
188.166.166.93	24	CR	None	2021-01-06 00:00:00	2021-04-06 00:00:00	None	Masscan TCP Port Scanner - IPS Events (IP=93,DE)
188.166.167.19	24	RB	None	2021-05-07 00:00:00	2021-08-05 00:00:00	None	SQL injection - Sourcefire (IP=19,DE)
188.166.167.19	32	wmp	None	2021-05-07 00:00:00	2021-08-07 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=19,DE)
188.166.173.139	32	srm	None	2021-03-30 00:00:00	2021-06-30 00:00:00	None	Firepower Suspicious Scan Activity (IP=139,GB)
188.166.178.151	24	RB	None	2021-04-01 00:00:00	2021-06-30 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - 6hr web attacks (IP=151,SG)
188.166.186.127	32	NAB	None	2020-11-12 00:00:00	2021-11-19 00:00:00	None	HIVE Case #4296 COLS-NA-TIP-20-0347 (IP=127,SG) | updated by dbc Block expiration extended with reason SG TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
188.166.210.139	24	EE	None	2021-03-22 00:00:00	2021-06-20 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attack(IP=139,SG)
188.166.213.174	24	RW	None	2021-04-10 00:00:00	2021-07-10 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Sourcefire (IP=174,SG)
188.166.214.59	24	RB	None	2021-03-29 00:00:00	2021-06-27 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - 6hr web attacks (IP=59,SG)
188.166.215.1	32	srm	None	2021-03-30 00:00:00	2021-06-30 00:00:00	None	Firepower Suspicious Scan Activity (IP=1,SG)
188.166.222.248	24	KD	None	2021-06-16 00:00:00	2021-09-15 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=248,SG)
188.166.224.21	24	CR	None	2021-05-11 00:00:00	2021-08-11 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt_Sourcefire (IP=21,SG)
188.166.228.49	24	RR	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=49,SG)
188.166.234.53	24	RB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=53,SG)
188.166.238.42	24	GLM	None	2021-04-05 00:00:00	2021-07-04 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=42,SG)
188.166.240.124	32	GM	None	2021-02-24 00:00:00	2021-06-24 00:00:00	None	SERVER-WEBAPP JBoss JMX console access attempt - Sourcefire (IP=124,US)
188.166.240.124	24	RB	None	2021-02-24 00:00:00	2021-05-25 00:00:00	None	OS-OTHER Bash CGI environment variable injection attempt - 6hr web attacks (IP=124,SG)
188.166.243.242	24	RW	None	2021-05-08 00:00:00	2021-08-08 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=242,SG)
188.166.246.99	32	RW	None	2021-08-18 00:00:00	2021-11-16 00:00:00	None	MULTIPLE UNRECOGNIZED TECHNIQUES; FORWARD TO DEV TEAM (IP=99,US)
188.166.247.224	32	srm	None	2021-05-19 00:00:00	2021-08-17 00:00:00	None	Firepower Suspicious Scan Activity (IP=224,SG)
188.166.249.33	32	wmp	None	2021-04-23 00:00:00	2021-07-23 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=33,SG)
188.166.252.204	24	EE	None	2021-03-28 00:00:00	2021-06-26 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=204,SG)
188.166.254.118	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	SG TO-S-2020-0459 Malware Activity
188.166.255.60	24	BMP	None	2021-03-25 00:00:00	2021-06-23 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=60,SG)
188.166.26.92	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepwer Suspicious Scan Activity (IP=92,NL)
188.166.30.79	24	GM	None	2021-04-02 00:00:00	2021-07-02 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=79,NL)
188.166.32.64	32	wmp	None	2021-02-08 00:00:00	2021-05-08 00:00:00	None	Firepower Suspicious Scan Activity (IP=64,NL)
188.166.37.185	24	FT	None	2021-03-20 00:00:00	2021-06-18 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=185,NL)
188.166.39.60	24	EE	None	2021-04-06 00:00:00	2021-07-05 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire (IP=60,NL)
188.166.41.205	24	RT	None	2021-05-27 00:00:00	2021-08-25 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire Report (IP=205,NL)
188.166.59.229	24	BMP	None	2021-01-11 00:00:00	2021-04-11 00:00:00	None	Backdoor.TROCHILUS - Hive Case 4744 (IP=229,NL)
188.166.74.239	24	RB	None	2021-03-29 00:00:00	2021-06-27 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - 6hr web attacks (IP=239,NL)
188.166.77.78	24	RW	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr web attacks (IP=78,NL)
188.166.77.78	24	RW	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Sourcefire (IP=78,NL)
188.166.79.64	32	wmp	None	2021-02-03 00:00:00	2021-05-03 00:00:00	None	Firepower Suspicious Scan Activity (IP=64,NL)
188.166.82.23	32	srm	None	2021-04-30 00:00:00	2021-07-30 00:00:00	None	Firepower Suspicious Scan Activity (IP=23,NL)
188.166.9.236	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	NL TO-S-2020-0298 Malware Activity
188.166.91.178	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	srm Firepwer Suspicious Scan Activity (IP=178,NL)
188.166.91.210	32	wmp	None	2021-03-11 00:00:00	2021-06-11 00:00:00	None	ArcSight High Attacker (IP=210,NL)
188.166.95.211	24	EE	None	2021-03-28 00:00:00	2021-06-26 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=211,NL)
188.166.97.56	32	RW	None	2021-03-10 00:00:00	2021-06-10 00:00:00	None	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00664 (IP=56,NL)
188.166.98.147	32	DT	None	2021-04-23 00:00:00	2021-07-23 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=156,NL)
188.169.167.227	32	srm	None	2021-01-29 00:00:00	2021-04-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=227,GE)
188.169.167.74	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=74,GE)
188.169.179.151	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=151,GE)
188.169.179.220	32	srm	None	2021-01-29 00:00:00	2021-04-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=220,GE)
188.169.199.218	32	srm	None	2021-04-27 00:00:00	2021-07-26 00:00:00	None	Firepower Suspicious Scan Activity (IP=218,GE)
188.169.199.47	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=47,GE)
188.169.199.59	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=59,GE)
188.169.199.86	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=86,GE)
188.169.20.48	24	GM	None	2021-01-26 00:00:00	2021-04-26 00:00:00	None	Generic URI Injection wget Attempt - FireEye CMS (IP=48,GE)
188.169.229.254	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	US TO-S-2020-0303 Malicious Email Activity
188.169.36.224	32	srm	None	2021-01-29 00:00:00	2021-04-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=224,GE)
188.169.40.90	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	GE TO-S-2020-0331 Malicious Web Application Activity
188.169.45.177	24	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepwer Suspicious Scan Activity (IP=177,GE)
188.169.61.12	24	GM	None	2020-11-03 00:00:00	2021-02-03 00:00:00	None	Generic URI Injection wget Attempt - FireEye CMS (IP=12,GE)
188.169.64.88	24	GM	None	2020-11-12 00:00:00	2021-02-12 00:00:00	None	Generic URI Injection wget Attempt - FireEye CMS (IP=88,GE)
188.169.89.165	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	US TO-S-2020-0303 Malicious Email Activity
188.177.57.214	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=214,DK)
188.181.94.39	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	DK TO-S-2020-0298 Malicious Email Activity
188.184.37.205	32	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	CH TO-S-2020-0322 Malware Activity
188.184.64.34	32	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	CH TO-S-2020-0322 Malware Activity
188.185.119.118	32	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	CH TO-S-2020-0322 Malware Activity
188.185.82.144	32	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	CH TO-S-2020-0322 Malware Activity
188.185.83.117	32	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	CH TO-S-2020-0322 Malware Activity
188.185.85.196	32	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	CH TO-S-2020-0322 Malware Activity
188.190.76.160	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	UA TO-S-2020-0298 Malicious Email Activity
188.191.160.0	21	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	RU Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
188.191.232.0	21	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,UA)
188.191.28.0	22	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	UA Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
188.193.187.159	24	RB	None	2021-05-15 00:00:00	2021-08-13 00:00:00	None	SERVER-WEBAPP Terramaster TOS command injection attempt - 6hr web attacks (IP=159,DE)
188.199.128.211	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	SI Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
188.2.217.94	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	RS TO-S-2021-0876 Hive Case 4166 Malware Activity
188.203.224.70	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	NL TO-S-2020-0459 Malware Activity
188.203.224.70	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	NL TO-S-2020-0459 Malware Activity
188.209.98.115	24	EE	None	2020-12-31 00:00:00	2021-03-31 00:00:00	None	SERVER-WEBAPP vBulletin pre-authenticated command injection attempt - 6hr Web attacks (IP=115,RO)
188.213.49.146	24	EE	None	2021-01-14 00:00:00	2021-04-14 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt (1:28556:3) - SourceFire (IP=146,RO)
188.214.30.76	24	EE	None	2021-07-01 00:00:00	2021-09-29 00:00:00	None	HIVE Case #5743 IOC_ Russian GRU Conducting Global Brute Force (IP=76,RO)
188.215.230.2	32	wmp	None	2020-06-19 00:00:00	2021-03-04 00:00:00	None	HIVE Case #3038 CTO-20-168 (IP=2,FR) | updated by srm Block was inactive. Reactivated on 20201204 with reason HIVE Case #4468 COLS-NA-TIP-20-0391 (IP=2,FR)
188.215.230.2	32	wmp	None	2020-09-03 00:00:00	2021-03-04 00:00:00	None	HIVE Case #3038 CTO-20-168 (IP=2,FR) | updated by srm Block was inactive. Reactivated on 20201204 with reason HIVE Case #4468 COLS-NA-TIP-20-0391 (IP=2,FR)
188.215.244.0	23	dbc	None	2020-09-17 00:00:00	2021-09-17 00:00:00	None	RO TO-S-2020-0805 Malicious Email Activity
188.216.5.54	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	IT TO-S-2020-0459 Malware Activity
188.217.238.230	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	IT TO-S-2020-0493 Malware Activity
188.217.244.81	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	IT Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
188.22.192.186	24	RW	None	2021-05-02 00:00:00	2021-08-02 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - Web attacks (IP=186,AT)
188.223.70.176	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	GB Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
188.225.96.0	19	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	RU Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
188.226.133.180	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	NL TO-S-2020-0459 Malware Activity
188.227.186.13	32	FT	None	2021-02-25 00:00:00	2021-08-06 00:00:00	None	Unauthorized Access-Probe - TT# 21C00530 (IP=13,GB) | updated by CR Block expiration extended with reason Unauthorized Access-Probe - 21C01130 (IP=13,US)
188.23.173.198	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	AT Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
188.24.25.68	32	wmp	None	2021-04-19 00:00:00	2021-07-19 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=68,RO)
188.241.58.103	32	NAB	None	2020-10-30 00:00:00	2021-01-28 00:00:00	None	HIVE Case #4238 COLS-NA-TIP-20-0344 (IP=103,RO)
188.241.60.50	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	ES TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
188.241.68.121	32	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	SE TO-S-2020-0315 Malicious Email Activity
188.242.167.159	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=159,RU)
188.243.178.215	32	jkc	None	2020-06-26 00:00:00	2021-06-26 00:00:00	None	Case # 3146 - IOC_ CTO 20-172 malicious callback IP (ip=215,RU)
188.247.130.80	32	dbc	None	2020-06-08 00:00:00	2021-06-08 00:00:00	None	Unafiliated TO-S-2020-0592 Malicious Email Activity
188.247.75.136	32	wmp	None	2021-06-22 00:00:00	2021-09-22 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=136,JO)
188.247.75.202	32	wmp	None	2021-06-15 00:00:00	2021-09-15 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=202,JO)
188.247.79.1	24	CR	None	2021-06-29 00:00:00	2021-09-27 00:00:00	None	ESM High Attacker Suspicious Scan Activity (IP=1,JO)
188.250.249.131	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	PT TO-S-2020-0303 Malicious Email Activity
188.251.16.198	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	PT TO-S-2020-0698 Malware Activity
188.251.213.180	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	PT TO-S-2021-0876 Hive Case 4166 Malware Activity
188.26.223.213	24	KH	None	2021-07-30 00:00:00	2021-10-28 00:00:00	None	SQL injection - Web Attacks (IP=213,ES)
188.3.139.158	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	TR TO-S-2020-0535 Malware Activity
188.3.72.75	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	TR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
188.3.86.184	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	TR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
188.36.121.165	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	IT Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
188.4.35.246	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	GR TO-S-2020-0298 Malicious Email Activity
188.40.183.21	24	RR	None	2021-09-07 00:00:00	2021-12-06 00:00:00	None	SERVER-WEBAPP Atlassian Confluence OGNL injection remote code execution attempt - Web Attacks (IP=21,DE)
188.40.236.83	24	CR	None	2021-05-31 00:00:00	2021-08-29 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=83,DE)
188.48.202.123	24	RR	None	2021-06-19 00:00:00	2021-09-17 00:00:00	None	SERVER-WEBAPP Linksys E-series HNAP TheMoon remote code execution attempt - SourceFire (IP=123,SA)
188.50.224.0	19	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,SA)
188.53.80.0	20	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	SA Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
188.54.70.15	24	CR	None	2021-05-18 00:00:00	2021-08-16 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=15,SA)
188.59.201.233	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	TR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
188.64.184.32	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	GB TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
188.65.16.0	22	dbc	None	2020-01-08 00:00:00	2021-01-08 00:00:00	None	CN TO-S-2020-0236 Malicious Email Activity
188.65.46.186	24	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=186,PL)
188.65.46.186	32	CR	None	2021-07-09 00:00:00	2021-10-07 00:00:00	None	High Attacker Suspicious Scan Activity - ArcSight ESM (IP=186,PL)
188.68.0.12	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	US Hive Case 4237 TO-S-2021-0910 Malware Activity
188.68.0.63	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	US Hive Case 4237 TO-S-2021-0910 Malware Activity
188.68.36.155	32	wmp	None	2020-08-20 00:00:00	2021-10-08 00:00:00	None	HIVE Case #3601 COLS-NA-TIP-20-0260 (IP=155,DE) | updated by dbc Block expiration extended with reason HIVE Case #4064 TO-S-2020-0859 (IP=155,DE)
188.70.10.204	24	CR	None	2021-06-29 00:00:00	2021-09-27 00:00:00	None	ESM High Attacker Suspicious Scan Activity (IP=201,KW)
188.72.205.231	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	NL TO-S-2020-0535 Malware Activity
188.75.129.130	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	CZ TO-S-2021-0876 Hive Case 4166 Malicious Web Application Activity
188.75.143.162	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	CZ TO-S-2020-0303 Malicious Email Activity
188.75.224.0	19	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	RU Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
188.79.4.175	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	ES TO-S-2020-0493 Malware Activity
188.80.168.152	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	PT TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
188.81.133.92	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	PT TO-S-2020-0298 Malicious Email Activity
188.81.220.190	24	ZH	None	2021-06-18 00:00:00	2021-09-16 00:00:00	None	File /etc/passwd Access Attempt Detect- IPS Events (IP=190,PT)
188.82.115.119	24	BMP	None	2021-04-17 00:00:00	2021-07-17 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - 6hr Web Attacks (IP=119,PT)
188.82.123.197	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	PT TO-S-2020-0331 Malicious Web Application Activity
188.83.220.2	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	PT TO-S-2021-0876 Hive Case 4166 Malware Activity
188.9.242.178	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	IT TO-S-2020-0459 Malware Activity
188.93.208.0	21	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	RU TO-S-2020-0535 Malicious Email Activity
188.93.231.14	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	PT TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
188.93.234.31	32	dbc	None	2020-09-23 00:00:00	2021-09-23 00:00:00	None	PT TO-S-2020-0826 Hive Case 3950 Malicious Email Activity
188.94.32.0	21	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	RU Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
188.95.58.54	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	CZ TO-S-2020-0298 Malicious Email Activity
189.1.128.0	20	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	BR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
189.1.160.0	20	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	BR TO-S-2020-0303 Malicious Email Activity
189.113.131.44	24	RW	None	2021-05-08 00:00:00	2021-09-03 00:00:00	None	SSH2 Failed Login Attempt - 6 hr failed logons (IP=44,BR) | updated by RR Block expiration extended with reason SSH2 Failed Login Attempt - Failed Logons (IP=44,BR)
189.115.110.221	24	DT	None	2021-09-30 00:00:00	2021-12-29 00:00:00	None	Adobe ColdFusion Administrator Access Restriction - Web Attacks (IP=221,BR)
189.126.192.0	20	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	BR Hive Case 4187 TO-S-2021-0898 Malware Activity
189.127.32.0	20	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	BR TO-S-2020-0298 Malicious Email Activity
189.129.211.223	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	MX TO-S-2020-0459 Malware Activity
189.129.7.75	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	MX Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
189.129.8.76	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	MX Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
189.129.93.21	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	MX Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
189.130.173.90	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	MX Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
189.131.9.218	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	MX TO-S-2020-0303 Malicious Email Activity
189.132.152.110	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	MX Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
189.132.159.36	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	MX TO-S-2020-0298 Malicious Email Activity
189.132.3.101	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	MX TO-S-2020-0298 Malicious Email Activity
189.132.76.152	24	GM	None	2021-01-12 00:00:00	2021-04-12 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Sourcefire (IP=152,MX)
189.134.147.57	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	MX Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
189.134.24.137	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	MX TO-S-2020-0303 Malicious Email Activity
189.135.91.169	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	MX TO-S-2020-0331 Malicious Web Application Activity
189.139.1.196	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	MX TO-S-2020-0493 Malware Activity
189.139.124.253	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	MX TO-S-2020-0493 Malware Activity
189.141.25.1	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	MX Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
189.142.80.213	24	UA	None	2021-05-27 00:00:00	2021-08-25 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr Web Attacks (IP=213,MX)
189.144.26.86	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	MX Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
189.144.38.66	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	MX Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
189.145.213.40	24	GM	None	2021-03-29 00:00:00	2021-06-29 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=40,CN)
189.146.250.28	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	MX Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
189.147.39.11	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	MX Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
189.147.73.80	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	MX TO-S-2020-0298 Malicious Email Activity
189.148.57.143	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	MX Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
189.148.96.25	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	MX Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
189.151.149.42	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	MX TO-S-2020-0303 Malicious Email Activity
189.152.123.80	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	MX TO-S-2020-0298 Malicious Email Activity
189.152.218.160	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	MX Hive Case 4237 TO-S-2021-0910 Malware Activity
189.152.92.198	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=198,MX)
189.153.141.148	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	MX TO-S-2020-0331 Malicious Web Application Activity
189.153.153.211	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	MX TO-S-2020-0331 Malicious Web Application Activity
189.154.127.97	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	MX Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
189.154.181.246	32	TLM	None	2021-06-10 00:00:00	2021-12-10 00:00:00	None	HIVE CASE #5606 TO-S-2021-1338
189.155.9.184	24	BMP	None	2021-01-19 00:00:00	2021-04-19 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=184,MX)
189.156.19.233	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	MX Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
189.156.87.156	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	MX Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
189.157.163.253	32	TLM	None	2021-06-17 00:00:00	2021-12-17 00:00:00	None	HIVE Case #5644 TO-S-2021-1352 (IP=253,MX)
189.16.26.133	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=133,BR)
189.161.154.181	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	MX TO-S-2020-0298 Malicious Email Activity
189.162.123.139	24	EE	None	2021-01-13 00:00:00	2021-04-13 00:00:00	None	SSH2 Failed Login Attempt - 6 HR Failed Logons (IP=139,MX)
189.162.189.159	24	BMP	None	2021-03-27 00:00:00	2021-06-25 00:00:00	None	SSH2 Failed Login Attempt - 6hr Failed Logons (IP=159,MX)
189.162.41.196	24	KH	None	2021-07-26 00:00:00	2021-10-24 00:00:00	None	SSH2 Failed Login Attempt - Failed Logons (IP=196,MX)
189.162.72.0	21	TLM	None	2021-07-29 00:00:00	2021-10-27 00:00:00	None	HIVE Case #5884 TO-S-2021-1435 (IP=0,MX)
189.163.37.75	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	MX TO-S-2020-0298 Malicious Email Activity
189.164.70.56	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	MX Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
189.166.33.198	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	MX Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
189.167.213.177	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	MX Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
189.168.26.203	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	MX Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
189.170.114.143	32	TLM	None	2021-06-10 00:00:00	2021-12-10 00:00:00	None	HIVE CASE #5606 TO-S-2021-1338
189.171.30.232	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	MX TO-S-2020-0459 Malware Activity
189.172.159.165	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	MX TO-S-2020-0331 Malicious Web Application Activity
189.173.171.52	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	MX TO-S-2020-0303 Malicious Email Activity
189.173.32.35	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=35,MX)
189.175.57.138	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	MX Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
189.179.164.229	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	MX TO-S-2020-0493 Malware Activity
189.180.147.82	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	MX Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
189.180.156.202	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	MX TO-S-2020-0331 Malicious Web Application Activity
189.183.167.186	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	MX Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
189.183.74.227	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	MX Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
189.186.112.66	24	RW	None	2021-02-28 00:00:00	2021-05-28 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - Sourcefire (IP=66,MX)
189.186.146.30	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	MX TO-S-2020-0298 Malicious Email Activity
189.186.40.0	21	TLM	None	2021-07-29 00:00:00	2021-10-27 00:00:00	None	HIVE Case #5884 TO-S-2021-1435 (IP=0,MX)
189.186.74.127	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	MX Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
189.189.159.235	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	MX Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
189.190.26.127	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	MX Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
189.190.53.12	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	MX TO-S-2020-0303 Malicious Email Activity
189.195.41.98	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	MX TO-S-2020-0493 Malware Activity
189.197.60.26	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	MX TO-S-2020-0459 Malware Activity
189.2.177.210	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	BR TO-S-2021-0876 Hive Case 4166 Malware Activity
189.20.158.170	32	TLM	None	2021-07-29 00:00:00	2021-10-27 00:00:00	None	HIVE Case #5884 TO-S-2021-1435 (IP=170,BR)
189.201.249.154	24	GM	None	2020-10-25 00:00:00	2021-01-25 00:00:00	None	Generic URI Injection wget Attempt - FireEye CMS (IP=154,BR)
189.201.250.184	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=184,BR)
189.202.201.129	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	MX TO-S-2020-0331 Malicious Web Application Activity
189.203.141.212	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	MX Hive Case 4237 TO-S-2021-0910 Malware Activity
189.203.162.70	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	MX TO-S-2020-0303 Malicious Email Activity
189.203.164.135	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	MX TO-S-2020-0331 Malicious Web Application Activity
189.203.184.57	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	MX TO-S-2020-0298 Malicious Email Activity
189.203.77.217	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	MX TO-S-2020-0303 Malicious Email Activity
189.204.26.203	24	DT	None	2021-02-20 00:00:00	2021-05-21 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=203,MX)
189.204.46.243	24	BMP	None	2020-10-19 00:00:00	2021-01-17 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr Web Attacks (IP=243,MX)
189.209.115.106	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	MX Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
189.210.26.164	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	MX Hive Case 4237 TO-S-2021-0910 Malware Activity
189.212.199.126	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	MX TO-S-2021-0876 Hive Case 4166 Malware Activity
189.213.227.180	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	MX Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
189.220.249.67	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	MX Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
189.222.244.225	24	FT	None	2020-11-09 00:00:00	2021-02-09 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt - 6hr web attacks (IP=225,MX)
189.222.46.74	24	EE	None	2021-03-22 00:00:00	2021-06-20 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attack(IP=74,MX)
189.222.85.208	24	DT	None	2021-03-30 00:00:00	2021-06-28 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=208,MX)
189.222.94.241	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	MX Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
189.223.125.247	24	DT	None	2021-04-24 00:00:00	2021-07-24 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - 6hr web attacks (IP=208,JP)
189.223.199.163	24	EE	None	2021-04-19 00:00:00	2021-07-19 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt (1:50182:1) - Sourcefire (IP=163,MX) | updated by RW Block expiration extended with reason INDICATOR-SCAN PHP backdoor scan attempt - Sourcefire (IP=163,MX)
189.223.208.162	24	RB	None	2021-01-18 00:00:00	2021-04-18 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt - Sourcefire (IP=162,MX)
189.223.225.50	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=50,MX)
189.225.195.217	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	MX Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
189.225.40.252	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	MX Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
189.226.49.84	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	MX Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
189.229.67.46	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	MX Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
189.232.168.54	24	RR	None	2020-10-27 00:00:00	2021-01-25 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt (1:37078:4) - SourceFire (IP=54,MX)
189.232.99.3	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	MX Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
189.235.146.162	32	RW	None	2020-10-18 00:00:00	2021-01-18 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=162,MX)
189.235.243.234	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	MX Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
189.236.253.169	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	MX Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
189.236.68.207	24	CR	None	2021-05-11 00:00:00	2021-08-11 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability_Web Attack report (IP=207,MX)
189.237.109.242	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	MX TO-S-2020-0459 Malware Activity
189.237.238.28	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	MX Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
189.240.58.174	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	MX Hive Case 4237 TO-S-2021-0910 Malware Activity
189.240.75.229	24	EE	None	2021-03-27 00:00:00	2021-06-25 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=229,MX)
189.242.21.50	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	MX Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
189.242.236.227	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	MX Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
189.242.32.114	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	MX Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
189.243.122.208	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	MX TO-S-2020-0331 Malicious Web Application Activity
189.248.159.241	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	MX Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
189.249.88.56	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	MX Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
189.252.120.153	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	MX Hive Case 4237 TO-S-2021-0910 Malware Activity
189.254.131.226	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	MX TO-S-2020-0459 Malware Activity
189.254.204.50	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	MX Hive Case 4237 TO-S-2021-0910 Malware Activity
189.254.22.162	32	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5629 TO-S-2021-1303 (IP=162,MX)
189.254.230.67	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	MX TO-S-2020-0298 Malicious Email Activity
189.254.255.67	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=67,MX)
189.26.111.18	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	BR TO-S-2020-0298 Malicious Email Activity
189.26.54.85	24	CR	None	2021-05-06 00:00:00	2021-08-04 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability - 6 hr web attack (IP=85,BR)
189.28.32.0	19	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	BR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
189.3.92.210	24	KD	None	2021-06-03 00:00:00	2021-09-04 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability- Web Attacks (IP=210,BR)
189.31.188.70	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	BR TO-S-2020-0303 Malicious Email Activity
189.37.74.8	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	BR TO-S-2020-0535 Malicious Email Activity
189.39.112.0	20	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	BR TO-S-2021-0989 Hive Case # 4493 Unknown Malicious Activity
189.45.16.0	20	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	BR TO-S-2020-0298 Malicious Email Activity
189.47.234.21	24	RW	None	2020-12-09 00:00:00	2021-03-09 00:00:00	None	SERVER-WEBAPP Oracle WebLogic Server command injection attempt - 6hr web attacks (IP=21,BR)
189.50.148.197	24	DT	None	2021-08-31 00:00:00	2021-11-29 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - Failed Logons (IP=197,BR)
189.50.224.0	19	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	BR TO-S-2021-0876 Hive Case 4166 Malicious Web Application Activity
189.55.192.23	24	GM	None	2021-03-24 00:00:00	2021-06-24 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=23,BR)
189.59.81.193	24	AR	None	2021-09-11 00:00:00	2021-12-10 00:00:00	None	SQL injection - Web Attacks (IP=193,BR)
189.74.36.5	24	BMP	None	2021-04-10 00:00:00	2021-07-10 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=5,BR)
189.76.80.0	20	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	BR TO-S-2020-0298 Malicious Email Activity
189.79.209.13	24	CR	None	2021-01-06 00:00:00	2021-04-06 00:00:00	None	Nuclei Vulnerability Scanner - IPS Events (IP=13,BR)
189.8.0.0	19	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,BR)
189.83.1.38	32	jkc	None	2021-04-21 00:00:00	2021-10-21 00:00:00	None	Case # 5273 IOC_TO-S-2021-1233 Malicious callback IP
189.85.40.2	24	GM	None	2020-11-21 00:00:00	2021-02-21 00:00:00	None	Generic URI Injection wget Attempt - FireEye CMS (IP=2,CO)
189.85.89.106	24	DT	None	2021-01-11 00:00:00	2021-04-11 00:00:00	None	SERVER-WEBAPP LifeRay arbitrary Java object deserialization attempt - SourceFire (IP=106,BR)
189.9.36.2	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=2,BR)
189.90.16.0	20	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	BR TO-S-2020-0838 Malware Activity
190.0.33.166	24	RB	None	2021-08-04 00:00:00	2021-11-02 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=166,CO)
190.102.251.81	32	RW	None	2021-02-09 00:00:00	2021-05-09 00:00:00	None	Unauthorized Access-Probe - TT# 21C00481 (IP=81,CL)
190.103.192.0	20	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	AR TO-S-2020-0303 Malicious Email Activity
190.104.146.0	23	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	PY TO-S-2020-0331 Malicious Web Application Activity
190.104.149.202	24	SW	None	2021-08-01 00:00:00	2021-10-30 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=202, PY)
190.104.190.23	32	dbc	None	2020-01-08 00:00:00	2021-01-08 00:00:00	None	PY TO-S-2020-0236 Malicious Email Activity
190.104.28.0	22	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5629 TO-S-2021-1303 (IP=0,BO)
190.104.30.0	23	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	BO Hive Case 4237 TO-S-2021-0910 Malware Activity
190.104.32.0	20	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	AR TO-S-2020-0298 Malicious Email Activity
190.106.78.226	24	GM	None	2021-04-02 00:00:00	2021-07-02 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=226,CR)
190.107.176.120	32	NAB	None	2020-10-28 00:00:00	2021-01-26 00:00:00	None	HIVE Case #4192 COLS-NA-TIP-20-0322 (IP=120,CL)
190.11.132.0	22	TLM	None	2021-07-29 00:00:00	2021-10-27 00:00:00	None	HIVE Case #5884 TO-S-2021-1435 (IP=0,AR)
190.11.83.109	24	BMP	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=109,BO)
190.110.108.60	24	EE	None	2021-03-10 00:00:00	2021-06-10 00:00:00	None	SERVER-WEBAPP LifeRay arbitrary Java object deserialization attempt - 6 HR Web Attack (IP=60,CL)
190.110.112.11	32	dbc	None	2020-01-08 00:00:00	2021-01-08 00:00:00	None	AR TO-S-2020-0236 Malicious Email Activity
190.110.160.0	20	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	CL Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
190.110.182.2	32	srm	None	2021-03-30 00:00:00	2021-06-30 00:00:00	None	Firepower Suspicious Scan Activity (IP=2,AR)
190.110.233.0	24	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	AR TO-S-2020-0331 Malicious Web Application Activity
190.113.156.193	24	BMP	None	2021-03-27 00:00:00	2021-06-25 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - 6hr Web Attacks (IP=193,AR)
190.114.240.0	21	dbc	None	2020-01-08 00:00:00	2021-01-08 00:00:00	None	VE TO-S-2020-0236 Malicious Email Activity
190.115.16.0	20	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	BZ TO-S-2021-0876 Hive Case 4166 Malware Activity
190.115.189.39	24	DT	None	2021-03-21 00:00:00	2021-06-19 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=79,HT)
190.119.192.9	24	RB	None	2021-02-24 00:00:00	2021-05-25 00:00:00	None	SERVER-WEBAPP JBoss JMX console access attempt - 6hr web attacks (IP=9,PE)
190.12.52.0	24	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	EC TO-S-2020-0331 Malicious Web Application Activity
190.12.72.0	23	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	PE Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
190.120.252.0	22	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,VE)
190.122.112.0	20	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	DM Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
190.122.144.0	20	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	AR TO-S-2020-0331 Malicious Web Application Activity
190.124.28.0	22	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	VE Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
190.124.46.243	32	TLM	None	2021-07-29 00:00:00	2021-10-27 00:00:00	None	HIVE Case #5884 TO-S-2021-1435 (IP=243,US)
190.124.60.0	24	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	AR Hive Case 4187 TO-S-2021-0898 Malware Activity
190.128.154.222	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	PY Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
190.128.173.0	24	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	PY TO-S-2021-0876 Hive Case 4166 Malware Activity
190.128.214.0	24	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	PY TO-S-2020-0298 Malicious Email Activity
190.128.225.146	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	PY TO-S-2020-0298 Malicious Email Activity
190.129.71.212	24	BB	None	2021-07-31 00:00:00	2021-10-29 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=212,BO)
190.130.12.139	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	HN TO-S-2020-0298 Malicious Email Activity
190.130.2.200	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	HN TO-S-2020-0298 Malicious Email Activity
190.130.27.39	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	HN TO-S-2020-0303 Malicious Email Activity
190.130.27.70	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	HN TO-S-2020-0298 Malicious Email Activity
190.130.4.159	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	HN TO-S-2020-0298 Malicious Email Activity
190.131.220.101	24	DT	None	2021-01-24 00:00:00	2021-04-24 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=101,CO)
190.131.224.0	22	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	CO Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
190.131.229.126	24	RR	None	2021-02-18 00:00:00	2021-05-19 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=126,CO)
190.131.240.0	24	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	CO TO-S-2020-0838 Malware Activity
190.133.248.26	24	EE	None	2021-04-02 00:00:00	2021-07-01 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=26,UY)
190.135.82.34	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	US TO-S-2020-0303 Malicious Email Activity
190.135.99.172	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	UY TO-S-2020-0298 Malicious Email Activity
190.136.216.0	21	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	AR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
190.139.97.217	32	kmw	None	2020-01-02 00:00:00	2021-01-02 00:00:00	None	AU TO-S-2020-0228 Malicious Web Application Activity
190.14.251.148	24	DT	None	2021-07-01 00:00:00	2021-09-29 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - Failed Logons (IP=148,CO) | updated by DT Block was inactive. Reactivated on 20210701 with reason INDICATOR-SCAN SSH brute force login attempt - Failed Logons (IP=148,CO)
190.14.38.114	24	RW	None	2021-06-24 00:00:00	2021-09-24 00:00:00	None	Callback IP identified in MAS - Hive Case 5551 (IP=114,PA)
190.141.117.41	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=41,PA)
190.141.95.158	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	PA TO-S-2021-0876 Hive Case 4166 Malicious Web Application Activity
190.143.128.0	19	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	GT Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
190.144.226.250	24	RR	None	2021-04-23 00:00:00	2021-07-23 00:00:00	None	SERVER-WEBAPP Liferay arbitrary Java object deserialization attempt - Web Attacks (IP=250,CO)
190.148.48.147	32	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	GT TO-S-2020-0838 Malware Activity
190.148.50.7	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	US TO-S-2020-0303 Malicious Email Activity
190.15.194.84	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	AR TO-S-2020-0298 Malicious Email Activity
190.152.185.0	24	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,EC)
190.153.178.44	24	RR	None	2021-04-01 00:00:00	2021-06-30 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=44,CL)
190.160.48.0	20	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	CL TO-S-2021-0876 Hive Case 4166 Malware Activity
190.160.80.0	20	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	CL Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
190.161.30.247	24	UA	None	2021-08-16 00:00:00	2021-11-14 00:00:00	None	SQL injection - 6hr Web Attacks (IP=247,CL)
190.163.24.0	21	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	CL TO-S-2021-0876 Hive Case 4166 Malware Activity
190.163.56.0	21	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	CL TO-S-2020-0298 Malicious Email Activity
190.164.32.0	19	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	CL Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
190.164.6.183	24	RR	None	2020-10-12 00:00:00	2021-01-10 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=183,CL)
190.164.64.0	19	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	CL TO-S-2021-0876 Hive Case 4166 Malware Activity
190.166.204.173	32	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5629 TO-S-2021-1303 (IP=173,DO)
190.171.164.98	24	BMP	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=98,CL)
190.180.78.56	24	RT	None	2021-07-21 00:00:00	2021-10-19 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6HR Failed Logon (IP=56,BO)
190.180.78.56	24	RT	None	2021-07-21 00:00:00	2021-10-19 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6HR Failed Logon (IP=56,BO)
190.181.15.0	24	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	BO Hive Case 4187 TO-S-2021-0898 Malware Activity
190.181.25.90	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	BO TO-S-2020-0298 Malicious Email Activity
190.181.68.0	24	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,AR)
190.182.69.0	24	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	CO TO-S-2020-0298 Malicious Email Activity
190.184.144.0	24	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	CO TO-S-2020-0331 Malicious Web Application Activity
190.185.167.129	32	jkc	None	2021-04-21 00:00:00	2021-10-21 00:00:00	None	Case # 5273 IOC_TO-S-2021-1233 Malicious callback IP
190.186.159.50	32	srm	None	2021-05-17 00:00:00	2021-08-15 00:00:00	None	Firepower Suspicious Scan Activity (IP=50,BO)
190.186.159.50	24	GM	None	2019-04-13 00:00:00	2021-09-06 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability (IP=50,BO) | updated by GM Block was inactive. Reactivated on 20200301 with reason HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=50,BO) | updated by BMP Block was inactive. Reactiva
190.186.90.77	32	srm	None	2021-04-30 00:00:00	2021-07-30 00:00:00	None	Firepower Suspicious Scan Activity (IP=77,BO)
190.187.1.146	24	BMP	None	2021-04-11 00:00:00	2021-07-10 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=146,PE)
190.187.252.94	24	RB	None	2021-03-30 00:00:00	2021-06-28 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Sourcefire (IP=94,PE)
190.190.0.0	19	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	AR TO-S-2021-0876 Hive Case 4166 Malware Activity
190.190.128.0	19	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	AR TO-S-2021-0876 Hive Case 4166 Malware Activity
190.191.17.103	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	AR TO-S-2020-0303 Malicious Email Activity
190.195.128.0	19	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	AR TO-S-2021-0876 Hive Case 4166 Malware Activity
190.196.0.0	19	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,CL)
190.196.149.9	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	CL TO-S-2020-0298 Malicious Email Activity
190.197.75.190	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	BZ TO-S-2020-0331 Malicious Web Application Activity
190.2.132.224	24	DT	None	2020-12-17 00:00:00	2021-03-17 00:00:00	None	OS-OTHER Bash CGI environment variable injection attempt - 6hr Web Attacks (IP=224,NL)
190.2.133.224	32	wmp	None	2021-04-29 00:00:00	2021-07-29 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=224,NL)
190.2.138.12	24	AR	None	2021-07-10 00:00:00	2021-10-08 00:00:00	None	SQL injection - 6 Hr Web Attack (IP=12,NL)
190.2.138.14	24	AR	None	2021-07-10 00:00:00	2021-10-08 00:00:00	None	SQL injection - 6 Hr Web Attack (IP=14,NL)
190.2.138.17	24	AR	None	2021-07-10 00:00:00	2021-10-08 00:00:00	None	SQL injection - 6 Hr Web Attack (IP=17,NL)
190.205.111.122	32	wmp	None	2021-03-09 00:00:00	2021-06-09 00:00:00	None	ArcSight ESM High Attacker (IP=122,VE)
190.208.20.82	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=82,CL)
190.208.29.242	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	CL TO-S-2020-0331 Malicious Web Application Activity
190.208.59.53	32	srm	None	2021-04-20 00:00:00	2021-07-19 00:00:00	None	Firepower Suspicious Scan Activity (IP=53,CL)
190.210.183.116	24	RW	None	2021-04-02 00:00:00	2021-07-02 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr web attacks (IP=116,AR)
190.210.196.0	22	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	AR Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
190.210.204.169	24	BMP	None	2021-03-27 00:00:00	2021-06-25 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=169,AR)
190.210.214.130	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=130,AR)
190.210.248.0	22	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	AR TO-S-2020-0298 Malicious Email Activity
190.210.255.135	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	AR TO-S-2020-0303 Malicious Email Activity
190.210.8.0	22	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	AR TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
190.211.110.60	24	RT	None	2021-06-15 00:00:00	2021-09-13 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6hr Failed Logons (IP=60,CR)
190.211.40.0	21	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	CL Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
190.212.140.6	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	NI TO-S-2021-0876 Hive Case 4166 Malware Activity
190.213.177.39	32	srm	None	2021-01-29 00:00:00	2021-04-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=39,TT)
190.214.24.0	21	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	EC TO-S-2020-0750 Malicious Email Activity
190.214.45.98	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	EC TO-S-2020-0303 Malicious Email Activity
190.214.48.0	21	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	EC Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
190.214.52.142	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	EC TO-S-2020-0303 Malicious Email Activity
190.215.57.118	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	CL Hive Case 4237 TO-S-2021-0910 Malware Activity
190.215.79.45	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	CL TO-S-2020-0298 Malicious Email Activity
190.218.24.0	22	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,PA)
190.219.0.0	19	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	PA Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
190.219.192.0	19	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,PA)
190.22.241.159	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	CL Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
190.220.164.0	23	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	AR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
190.221.11.130	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	AR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
190.221.151.226	32	TLM	None	2021-07-29 00:00:00	2021-10-27 00:00:00	None	HIVE Case #5884 TO-S-2021-1435 (IP=226,AR)
190.221.82.0	23	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	AR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
190.224.40.0	21	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	AR TO-S-2020-0331 Malicious Web Application Activity
190.227.150.101	32	TLM	None	2021-06-14 00:00:00	2021-12-14 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=101,AR)
190.237.204.189	24	KD	None	2021-09-05 00:00:00	2021-12-04 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt (1:19559:13)- Source Fire (IP=189,PE)
190.24.240.0	20	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	CO TO-S-2021-0876 Hive Case 4166 Malware Activity
190.241.28.35	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	CR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
190.242.60.133	32	BMP	None	2020-05-10 00:00:00	2021-01-05 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C02701 (IP=133,CO) | updated by GM Block was inactive. Reactivated on 20201005 with reason HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759
190.254.23.229	24	ZH	None	2021-06-01 00:00:00	2021-08-30 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - Sourcefire Report (IP=229,CO)
190.26.18.218	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	US TO-S-2020-0303 Malicious Email Activity
190.27.173.66	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	US TO-S-2020-0303 Malicious Email Activity
190.27.240.0	20	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	CO Hive Case 4237 TO-S-2021-0910 Malicious Reconnaissance Activity
190.3.168.0	21	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	CL TO-S-2021-1007 Malicious Email Activity
190.31.180.92	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	AR TO-S-2021-0876 Hive Case 4166 Malicious Web Application Activity
190.31.192.0	21	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	AR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
190.35.225.36	32	srm	None	2021-01-29 00:00:00	2021-04-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=36,PA)
190.4.192.0	19	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	CL Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
190.4.60.6	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	US TO-S-2020-0303 Malicious Email Activity
190.4.88.0	21	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	CR TO-S-2021-1007 Malicious Email Activity
190.41.152.33	32	dbc	None	2020-01-08 00:00:00	2021-01-08 00:00:00	None	PE TO-S-2020-0236 Malicious Email Activity
190.44.167.5	24	RR	None	2020-10-20 00:00:00	2021-01-18 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=5,CL)
190.44.167.5	24	RB	None	2020-10-20 00:00:00	2021-01-18 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Sourcefire (IP=5,CL)
190.45.128.0	20	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	CL Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
190.45.240.0	20	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	CL TO-S-2020-0331 Malicious Web Application Activity
190.5.199.0	24	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	CO TO-S-2020-0331 Malicious Web Application Activity
190.52.32.0	21	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	AR TO-S-2020-0331 Malicious Web Application Activity
190.53.144.0	24	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	SV TO-S-2021-0876 Hive Case 4166 Malware Activity
190.53.40.10	24	BMP	None	2020-10-19 00:00:00	2021-01-18 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=10,SV) | updated by RR Block expiration extended with reason SERVER-WEBAPP PHPUnit PHP remote code execution attempt - SourceFire (IP=10,NI)
190.54.18.202	32	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	CL TO-S-2020-0838 Malware Activity
190.55.176.0	20	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	AR TO-S-2021-0876 Hive Case 4166 Malware Activity
190.55.240.0	20	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	AR Hive Case 4187 TO-S-2021-0898 Malware Activity
190.57.224.0	19	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	AR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
190.57.71.0	24	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,SV)
190.6.193.0	24	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	HN TO-S-2021-0876 Hive Case 4166 Malware Activity
190.60.31.116	24	RW	None	2021-04-10 00:00:00	2021-07-10 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Sourcefire (IP=116,CO)
190.61.250.0	24	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,CO)
190.64.80.0	20	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	UY TO-S-2020-0331 Malicious Web Application Activity
190.66.23.12	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=12,CO)
190.7.16.0	22	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	AR TO-S-2020-0331 Malicious Web Application Activity
190.73.12.149	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=149,VE)
190.77.128.0	19	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	VE TO-S-2020-0750 Malicious Email Activity
190.8.32.201	24	RT	None	2021-05-24 00:00:00	2021-08-22 00:00:00	None	FTP Login Failed - 6hr Failed Logons(IP=201,DO)
190.82.44.172	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	CL TO-S-2020-0331 Malicious Web Application Activity
190.83.32.0	22	jkc	None	2021-04-21 00:00:00	2021-10-21 00:00:00	None	Case # 5273 IOC_TO-S-2021-1233 Malicious callback IP
190.83.61.5	24	RR	None	2021-07-29 00:00:00	2021-10-27 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - SourceFire (IP=5,PE)
190.88.233.106	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	CW TO-S-2020-0298 Malicious Email Activity
190.88.251.173	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	CW TO-S-2020-0459 Malware Activity
190.90.160.0	24	NAB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HIVE Case #5136 TO-S-21-1197 TO-S-21-1197.01 (IP=0,CO)
190.90.19.0	24	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	CO Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
190.90.196.0	24	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	CO TO-S-2020-0331 Malicious Web Application Activity
190.92.46.0	24	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	HN TO-S-2020-0331 Malicious Web Application Activity
190.94.135.21	24	GM	None	2020-11-01 00:00:00	2021-02-01 00:00:00	None	SERVER-WEBAPP Tomato router web interface bruteforce scan attempt - Sourcefire (IP=21,EC)
190.94.149.29	24	EE	None	2021-03-15 00:00:00	2021-06-13 00:00:00	None	SERVER-WEBAPP Tomato router web interface bruteforce scan attempt - Web Attack (IP=29,EC)
190.94.210.90	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	US TO-S-2020-0303 Malicious Email Activity
190.97.165.0	24	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	PA TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
190.99.54.0	24	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	SV TO-S-2020-0331 Malicious Web Application Activity
191.102.120.0	24	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	CO Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
191.102.192.0	19	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	CO Hive Case 4237 TO-S-2021-0910 Malware Activity
191.102.56.0	22	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	CR TO-S-2020-0303 Malicious Email Activity
191.115.58.62	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	CL TO-S-2020-0303 Malicious Email Activity
191.116.11.251	24	DT	None	2021-07-01 00:00:00	2021-09-29 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt (1:19559:13) - Source Fire (IP=251,CL)
191.136.96.0	19	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	BR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
191.137.80.0	20	NAB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HIVE Case #5136 TO-S-21-1197 TO-S-21-1197.01 (IP=0,BR)
191.162.224.49	24	EE	None	2021-03-10 00:00:00	2021-06-10 00:00:00	None	HTTP SQL Injection Attempt - 6 HR Web Attack (IP=49,BR)
191.17.27.217	24	DT	None	2021-06-21 00:00:00	2021-09-19 00:00:00	None	SSH User Authentication Brute Force Attempt - 6HR Failed Logons (IP=217,BR)
191.19.137.180	24	RW	None	2021-07-17 00:00:00	2021-10-15 00:00:00	None	Web server exploit attempt - Fireeye Web (IP=180,BR)
191.19.66.146	24	SW	None	2021-10-01 00:00:00	2021-12-30 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - WebAttacks (IP=146,BR)
191.208.24.138	32	dbc	None	2020-01-08 00:00:00	2021-01-08 00:00:00	None	BR TO-S-2020-0236 Malicious Email Activity
191.232.38.25	24	BMP	None	2021-09-07 00:00:00	2021-12-06 00:00:00	None	HTTP: Apache Struts ConversionErrorInterceptor OGNL ScriptInjection - TT# 21C01766 (IP=25,BR)
191.233.142.3	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	HIVE Case #Firepower Firepower (IP=3,BR)
191.235.71.131	32	GM	None	2020-10-05 00:00:00	2021-01-05 00:00:00	None	Unauthorized Access-Probe / UDP: Host Sweep - TT # 21C00030 (IP=131,US)
191.240.200.0	21	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	BR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
191.240.253.164	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	BR TO-S-2020-0331 Malicious Web Application Activity
191.241.64.0	20	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	BR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
191.242.160.0	20	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	BR TO-S-2020-0298 Malicious Email Activity
191.242.191.212	24	RR	None	2021-09-22 00:00:00	2021-12-21 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - SourceFire (IP=212,BR)
191.252.202.230	24	RR	None	2021-05-20 00:00:00	2021-08-18 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - SourceFire (IP=230,BR)
191.253.24.0	21	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	BR TO-S-2020-0298 Malicious Email Activity
191.254.195.35	24	RT	None	2021-07-07 00:00:00	2021-10-05 00:00:00	None	SERVER-WEBAPP Apache Unomi OGNL MVEL2 remote command execution attempt (1:56990:1) - SourceFire Report (IP=35,BR)
191.31.101.250	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=250,BR)
191.31.171.93	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	BR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
191.33.200.13	24	RR	None	2021-09-22 00:00:00	2021-12-21 00:00:00	None	SQL injection - Web Attacks (IP=13,BR)
191.33.249.230	24	KH	None	2021-09-11 00:00:00	2021-12-10 00:00:00	None	SQL injection - 6hr Web Attacks (IP=230,BR)
191.36.136.0	21	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	BR TO-S-2020-0303 Malicious Email Activity
191.36.200.0	24	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	BR TO-S-2020-0331 Malicious Web Application Activity
191.37.0.0	21	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	BR TO-S-2020-0331 Malicious Web Application Activity
191.37.12.0	22	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	BR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
191.37.203.187	24	SW	None	2021-05-26 00:00:00	2021-08-24 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell
191.40.92.121	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	BR Hive Case 4237 TO-S-2021-0910 Malware Activity
191.5.208.0	21	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	BR TO-S-2020-0303 Malicious Email Activity
191.5.215.79	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	BR TO-S-2020-0303 Malicious Email Activity
191.5.240.0	20	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	BR TO-S-2020-0303 Malicious Email Activity
191.5.32.0	20	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	BR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
191.7.160.0	21	dbc	None	2020-10-22 00:00:00	2021-10-22 00:00:00	None	BR TO-S-2021-0903 Correction from TO-S-2021-0898 Malicious Email Activity
191.7.215.0	24	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	BR TO-S-2020-0298 Malicious Email Activity
191.83.142.56	24	FT	None	2021-03-19 00:00:00	2021-06-19 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=56,AR)
191.96.150.86	32	ZH	None	2021-08-29 00:00:00	2021-11-27 00:00:00	None	Adobe ColdFusion Administrator Access Restriction - 6hr Web attacks (IP=86,US)
191.96.206.50	32	KD	None	2021-06-03 00:00:00	2021-09-04 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2)- Source Fire (IP=50,US)
191.96.232.248	32	RR	None	2020-12-07 00:00:00	2021-03-07 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=248,US)
191.96.67.153	24	BMP	None	2021-04-18 00:00:00	2021-07-18 00:00:00	None	HTTP: SQL Injection - Exploit - 6hr
191.97.32.0	20	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	AR TO-S-2020-0298 Malicious Email Activity
191.98.168.113	24	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=113,PE)
191.99.160.58	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	EC TO-S-2021-0876 Hive Case 4166 Malware Activity
192.0.66.2	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	US TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
192.0.78.24	32	TLM	None	2021-06-10 00:00:00	2021-12-10 00:00:00	None	HIVE CASE #5606 TO-S-2021-1338
192.0.78.25	32	dbc	None	2020-03-24 00:00:00	2021-03-24 00:00:00	None	US TO-S-2020-0369 Malicious Email Activity
192.111.144.50	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
192.117.0.0	19	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	IL Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
192.119.116.146	32	NAB	None	2020-11-25 00:00:00	2021-02-23 00:00:00	None	HIVE Case #4400 COLS-NA-TIP-20-0376 (IP=146,US)
192.119.15.37	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	US TO-S-2020-0303 Malware Activity
192.119.15.38	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	US TO-S-2020-0303 Malware Activity
192.119.15.40	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	US TO-S-2020-0303 Malware Activity
192.119.15.42	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	US TO-S-2020-0303 Malware Activity
192.119.66.66	32	dbc	None	2020-05-22 00:00:00	2021-05-27 00:00:00	None	Unafilliated TO-S-2020-0559 Malicious Email Activity | updated by dbc Block expiration extended with reason Unafilliated TO-S-2020-0559.01 Malicious Email Activity
192.119.77.82	32	dbc	None	2020-01-08 00:00:00	2021-01-08 00:00:00	None	US TO-S-2020-0236 Malicious Email Activity
192.12.112.0	22	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	BR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
192.124.249.10	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	US TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
192.124.249.32	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=32,US)
192.124.249.7	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=7,US)
192.124.249.70	32	NAB	None	2020-10-30 00:00:00	2021-01-28 00:00:00	None	HIVE Case #4238 COLS-NA-TIP-20-0344 (IP=70,US)
192.129.175.98	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	US TO-S-2020-0698 Malicious Email Activity
192.135.90.169	24	CR	None	2021-05-30 00:00:00	2021-08-28 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - Sourcefire (IP=169,PK)
192.138.189.160	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	US TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
192.140.80.0	22	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	BR TO-S-2020-0303 Malicious Email Activity
192.142.159.120	24	EE	None	2020-12-07 00:00:00	2021-03-07 00:00:00	None	Force Login Attempt - 6hr Failed Logons (IP=120,PK)
192.144.166.192	32	srm	None	2021-03-30 00:00:00	2021-06-30 00:00:00	None	Firepower Suspicious Scan Activity (IP=192,CN)
192.144.172.196	24	RR	None	2020-11-21 00:00:00	2021-02-19 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - SourceFire (IP=196,CN)
192.144.183.119	24	DT	None	2020-10-07 00:00:00	2021-01-07 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=119,CN)
192.144.184.206	24	DT	None	2020-12-23 00:00:00	2021-03-23 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=206,CN)
192.144.187.50	32	srm	None	2021-03-30 00:00:00	2021-06-30 00:00:00	None	Firepower Suspicious Scan Activity (IP=50,CN)
192.144.207.37	32	RW	None	2020-10-11 00:00:00	2021-01-11 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - IR# 21C00095 (IP=37,CN)
192.144.37.33	24	BB	None	2021-07-06 00:00:00	2021-10-04 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=33,RU)
192.144.84.127	24	CR	None	2021-05-05 00:00:00	2021-08-05 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - FirePower report (IP=127,BG)
192.145.116.123	32	RW	None	2021-01-26 00:00:00	2021-04-26 00:00:00	None	Self Report/ Suspicious Errors - TT# 21C00438 (IP=123,US)
192.145.12.0	22	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	RU TO-S-2021-0876 Hive Case 4166 Malicious Web Application Activity
192.145.124.238	24	EE	None	2021-01-09 00:00:00	2021-04-09 00:00:00	None	POLICY-OTHER SAP NetWeaver AS LM Configuration Wizard access detected (1:54573:1) - SourceFire (IP=238,ES)
192.145.125.42	24	EE	None	2021-07-01 00:00:00	2021-09-29 00:00:00	None	HIVE Case #5743 IOC_ Russian GRU Conducting Global Brute Force (IP=42,DE)
192.145.127.190	24	RB	None	2021-01-09 00:00:00	2021-04-09 00:00:00	None	SERVER-WEBAPP NUUO NVRmini upgrade_handle.php command injection attempt - Sourcefire (IP=190,IT)
192.145.127.42	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	IT Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
192.145.232.145	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
192.145.233.102	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	US TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
192.145.239.33	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	US TO-S-2020-0493 Malware Activity
192.151.148.226	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	US TO-S-2020-0698 Malicious Email Activity
192.151.155.100	32	NAB	None	2020-10-28 00:00:00	2021-11-03 00:00:00	None	HIVE Case #4192 COLS-NA-TIP-20-0322 (IP=100,US) | updated by dbc Block expiration extended with reason US Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
192.151.159.178	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	US TO-S-2020-0535 Malware Activity
192.154.198.22	24	RW	None	2020-12-10 00:00:00	2021-03-10 00:00:00	None	SERVER-WEBAPP Mantis Bug Tracker password reset attempt - Sourcefire (IP=22,BR)
192.154.230.114	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
192.154.231.194	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=194,US)
192.155.89.29	32	RT	None	2021-07-23 00:00:00	2021-10-21 00:00:00	None	Adobe ColdFusion Administrator Access Restriction - 6HR Web Attack (IP=29,US)
192.155.90.197	32	BMP	None	2021-06-04 00:00:00	2021-09-02 00:00:00	None	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - TT# 21C01260 (IP=197,US)
192.157.56.139	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	US Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
192.158.238.96	32	dbc	None	2020-06-10 00:00:00	2021-07-29 00:00:00	None	US TO-S-2020-0601 Malicious Email Activity | updated by dbc Block expiration extended with reason US TO-S-2020-0698 Malicious Email Activity
192.159.60.163	32	NAB	None	2021-05-04 00:00:00	2021-11-04 00:00:00	None	HIVE Case #5344 TO-S-21-1245 (IP=163,US)
192.160.102.166	32	RW	None	2021-03-10 00:00:00	2021-06-10 00:00:00	None	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00664 (IP=166,CA)
192.161.48.107	32	NAB	None	2021-03-19 00:00:00	2021-06-17 00:00:00	None	HIVE Case #NA FP Security (IP=107,US)
192.161.54.41	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	US TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
192.162.140.0	22	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	UA TO-S-2020-0750 Malicious Email Activity
192.162.174.252	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	PL Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
192.162.69.147	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	FR TO-S-2020-0303 Malicious Email Activity
192.163.192.213	32	jkc	None	2021-04-21 00:00:00	2021-10-21 00:00:00	None	Case # 5273 IOC_TO-S-2021-1233 Malicious callback IP
192.163.194.166	32	TLM	None	2021-06-10 00:00:00	2021-12-10 00:00:00	None	HIVE CASE #5606 TO-S-2021-1338
192.163.194.239	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	US TO-S-2020-0493 Malware Activity
192.163.195.2	32	TLM	None	2021-06-17 00:00:00	2021-12-17 00:00:00	None	HIVE Case #5644 TO-S-2021-1352 (IP=2,US)
192.163.200.137	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
192.163.202.93	32	NAB	None	2021-04-05 00:00:00	2021-07-04 00:00:00	None	HIVE Case #5201 TO-S-21-1209 (IP=93,US)
192.163.203.93	32	NAB	None	2021-04-05 00:00:00	2021-07-04 00:00:00	None	HIVE Case #5201 TO-S-21-1209 (IP=93,US)
192.163.209.106	32	NAB	None	2020-11-30 00:00:00	2021-02-28 00:00:00	None	HIVE Case #4428 COLS-NA-TIP-20-0389 (IP=106,US)
192.163.211.28	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=28,US)
192.163.221.191	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malware Activity
192.163.244.95	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
192.169.152.219	32	dbc	None	2020-09-17 00:00:00	2021-09-17 00:00:00	None	US TO-S-2020-0805 Malicious Email Activity
192.169.154.145	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
192.169.164.79	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	US TO-S-2020-0535 Malicious Email Activity
192.169.173.144	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	US TO-S-2020-0750 Malicious Email Activity
192.169.180.26	32	NAB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HIVE Case #5136 TO-S-21-1197 TO-S-21-1197.01 (IP=26,US)
192.169.201.143	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
192.169.218.12	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
192.169.220.85	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
192.169.221.188	32	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	US TO-S-2020-0838 Malicious Email Activity
192.169.231.213	32	CW	None	2019-07-25 00:00:00	2021-04-23 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt_SourceFire (IP=13,US) | updated by CR with reason SERVER-WEBAPP Drupal 8 remote code execution attempt_web attacks (IP=213,US) | updated by RR with reason HTTP: Joomla HTTP Header Unauthenticated Remote Code Ex
192.169.80.154	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
192.169.81.138	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
192.175.107.4	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	CA TO-S-2020-0459 Malware Activity
192.175.111.243	24	RR	None	2021-08-31 00:00:00	2021-11-29 00:00:00	None	SERVER-OTHER OpenSSL TLSv1.1 heartbeat read overrun attempt - SourceFire (IP=243,CA)
192.175.117.103	24	RR	None	2021-03-06 00:00:00	2021-06-04 00:00:00	None	INDICATOR-COMPROMISE PHP backdoor communication attempt - SourceFire (IP=103,CA)
192.175.117.105	24	FT	None	2021-03-05 00:00:00	2021-06-03 00:00:00	None	SERVER-WEBAPP LifeRay arbitrary Java object deserialization attempt - 6 HR Web Attacks (IP=105,CA)
192.184.0.216	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=216,US)
192.185.0.218	32	TLM	None	2021-07-29 00:00:00	2021-10-27 00:00:00	None	HIVE Case #5884 TO-S-2021-1435 (IP=218,US)
192.185.102.22	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=22,US)
192.185.104.232	32	wmp	None	2020-09-15 00:00:00	2021-10-21 00:00:00	None	HIVE Case #3853 TO-S-2020-0804 COLS-NA-TIP-20-0291 (IP=232,US) | updated by dbc Block expiration extended with reason US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
192.185.104.50	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=50,US)
192.185.104.70	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
192.185.105.220	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	US TO-S-2020-0535 Malicious Email Activity
192.185.105.9	32	TLM	None	2021-07-29 00:00:00	2021-10-27 00:00:00	None	HIVE Case #5884 TO-S-2021-1435 (IP=9,US)
192.185.106.14	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	Unaffiliated TO-S-2020-0535 Malicious Email Activity
192.185.107.186	32	jkc	None	2021-04-21 00:00:00	2021-10-21 00:00:00	None	Case # 5273 IOC_TO-S-2021-1233 Malicious callback IP
192.185.108.215	32	NAB	None	2020-11-10 00:00:00	2021-02-08 00:00:00	None	HIVE Case #4282 COLS-NA-TIP-20-0345 (IP=215,US)
192.185.108.85	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=85,US)
192.185.109.57	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	US TO-S-2021-1007 Malicious Email Activity
192.185.110.227	32	kmw	None	2020-01-02 00:00:00	2021-01-02 00:00:00	None	US TO-S-2020-0228 Malicious Email Activity
192.185.112.211	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	US TO-S-2020-0698 Malicious Email Activity
192.185.113.201	32	dbc	None	2020-06-08 00:00:00	2021-06-08 00:00:00	None	US TO-S-2020-0592 Malware Activity
192.185.113.23	32	jkc	None	2021-04-21 00:00:00	2021-10-21 00:00:00	None	Case # 5273 IOC_TO-S-2021-1233 Malicious callback IP
192.185.114.100	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=100,US)
192.185.114.200	32	TLM	None	2021-07-29 00:00:00	2021-10-27 00:00:00	None	HIVE Case #5884 TO-S-2021-1435 (IP=200,US)
192.185.115.125	32	wmp	None	2020-07-17 00:00:00	2021-09-17 00:00:00	None	HIVE Case #3353 TO-S-2020-0682 COLS-NA-TIP-20-0223 (IP=125,US) | updated by dbc Block expiration extended with reason US TO-S-2020-0805 Malicious Email Activity
192.185.117.217	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=217,US)
192.185.12.228	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=228,US)
192.185.12.23	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=23,US)
192.185.12.234	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=234,US)
192.185.121.133	32	dbc	None	2015-05-13 05:00:00	2021-10-30 00:00:00	None	Malicious.URL CMS=439394510 (IP=133, US) | updated by NAB Block was inactive. Reactivated on 20210430 with reason HIVE Case #5320 TO-S-21-1247 (IP=133,US)
192.185.121.48	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=48,US)
192.185.122.49	32	wmp	None	2020-07-17 00:00:00	2021-09-17 00:00:00	None	HIVE Case #3353 TO-S-2020-0682 COLS-NA-TIP-20-0223 (IP=49,US) | updated by dbc Block expiration extended with reason US TO-S-2020-0805 Malicious Email Activity
192.185.122.5	32	wmp	None	2020-07-17 00:00:00	2021-09-17 00:00:00	None	HIVE Case #3353 TO-S-2020-0682 COLS-NA-TIP-20-0223 (IP=5,US) | updated by dbc Block expiration extended with reason US TO-S-2020-0805 Malicious Email Activity
192.185.122.7	32	wmp	None	2020-07-15 00:00:00	2021-09-17 00:00:00	None	HIVE Case #3341 COLS-NA-TIP-20-0219 (IP=7,US) | updated by dbc Block expiration extended with reason US TO-S-2020-0805 Malicious Email Activity
192.185.123.214	32	dbc	None	2020-04-08 00:00:00	2021-04-08 00:00:00	None	US TO-S-2020-0419 Malicious Email Activity
192.185.129.116	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	US TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
192.185.129.121	32	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	US TO-S-2020-0838 Malicious Email Activity
192.185.129.139	32	dbc	None	2019-03-28 00:00:00	2021-01-28 00:00:00	None	US TO-S-2019-0546 Malicious Web Application Activity | updated by NAB Block was inactive. Reactivated on 20201030 with reason HIVE Case #4238 COLS-NA-TIP-20-0344 (IP=139,US)
192.185.129.252	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	US TO-S-2020-0303 Malicious Web Application Activity
192.185.129.4	32	dbc	None	2019-04-08 00:00:00	2021-03-09 00:00:00	None	US TO-S-2019-0577 Malicious Email Activity | updated by NAB Block was inactive. Reactivated on 20201209 with reason HIVE Case #4509 COLS-NA-TIP-20-0396 (IP=4,US)
192.185.129.5	32	wmp	None	2020-08-20 00:00:00	2021-09-23 00:00:00	None	HIVE Case #3601 COLS-NA-TIP-20-0260 (IP=5,US) | updated by dbc Block expiration extended with reason US TO-S-2020-0826 Hive Case 3950 Malicious Email Activity
192.185.129.53	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	US TO-S-2020-0698 Malicious Email Activity
192.185.129.60	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	US Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
192.185.129.82	32	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	US TO-S-2020-0838 Malicious Email Activity
192.185.129.84	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	US Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
192.185.130.11	32	NAB	None	2021-04-05 00:00:00	2021-07-04 00:00:00	None	HIVE Case #5201 TO-S-21-1209 (IP=11,US)
192.185.130.146	32	jkc	None	2021-04-21 00:00:00	2021-10-21 00:00:00	None	Case # 5273 IOC_TO-S-2021-1233 Malicious callback IP
192.185.130.155	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	US TO-S-2020-0331 Malicious Email Activity
192.185.130.21	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	US TO-S-2020-0750 Malicious Email Activity
192.185.130.212	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=212,US)
192.185.130.220	32	dbc	None	2020-06-08 00:00:00	2021-06-08 00:00:00	None	US TO-S-2020-0592 Malicious Email Activity
192.185.130.221	32	jkc	None	2021-04-21 00:00:00	2021-10-21 00:00:00	None	Case # 5273 IOC_TO-S-2021-1233 Malicious callback IP
192.185.130.227	32	TLM	None	2021-07-29 00:00:00	2021-10-27 00:00:00	None	HIVE Case #5884 TO-S-2021-1435 (IP=227,US)
192.185.130.71	32	NAB	None	2021-04-05 00:00:00	2021-07-04 00:00:00	None	HIVE Case #5201 TO-S-21-1209 (IP=71,US)
192.185.130.80	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	US TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
192.185.131.135	32	wmp	None	2020-08-20 00:00:00	2021-10-08 00:00:00	None	HIVE Case #3601 COLS-NA-TIP-20-0260 (IP=135,US) | updated by dbc Block expiration extended with reason HIVE Case #4064 TO-S-2020-0859 (IP=135,US)
192.185.131.54	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	US TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
192.185.131.63	32	NAB	None	2020-11-12 00:00:00	2021-11-19 00:00:00	None	HIVE Case #4301 COLS-NA-TIP-20-3049 (IP=63,US) | updated by dbc Block expiration extended with reason US TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
192.185.134.62	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=62,US)
192.185.137.219	32	NAB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HIVE Case #5136 TO-S-21-1197 TO-S-21-1197.01 (IP=219,US)
192.185.140.144	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	US TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
192.185.141.117	32	dbc	None	2020-09-01 00:00:00	2021-09-01 00:00:00	None	US HIVE Case #3744 TO-S-2020-0772 Malicious Email Activity
192.185.141.131	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=131,US)
192.185.141.142	32	TLM	None	2021-06-17 00:00:00	2021-12-17 00:00:00	None	HIVE Case #5644 TO-S-2021-1352 (IP=142,US)
192.185.141.147	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=147,US)
192.185.143.196	32	NAB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HIVE Case #5136 TO-S-21-1197 TO-S-21-1197.01 (IP=196,US)
192.185.143.2	32	NAB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HIVE Case #5136 TO-S-21-1197 TO-S-21-1197.01 (IP=2,US)
192.185.144.192	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	US TO-S-2021-1007 Malicious Email Activity
192.185.144.73	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
192.185.144.87	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	US Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
192.185.146.109	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	US TO-S-2021-1007 Malicious Email Activity
192.185.146.227	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
192.185.146.240	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
192.185.146.25	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
192.185.147.1	32	TLM	None	2021-07-29 00:00:00	2021-10-27 00:00:00	None	HIVE Case #5884 TO-S-2021-1435 (IP=1,US)
192.185.147.203	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
192.185.148.210	32	NAB	None	2021-04-05 00:00:00	2021-07-04 00:00:00	None	HIVE Case #5201 TO-S-21-1209 (IP=210,US)
192.185.150.99	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	US Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
192.185.152.173	32	dbc	None	2020-05-13 00:00:00	2021-05-13 00:00:00	None	Unaffiliated TO-S-2020-0503 Malicious Email Activity
192.185.152.202	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
192.185.153.129	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	US TO-S-2020-0698 Malicious Email Activity
192.185.153.99	32	JKC	None	2021-06-08 00:00:00	2021-06-08 00:00:00	None	Malicious IP Hive Case 2977 TIPPER 20-0172 (ip=99, US)
192.185.154.196	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	US TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
192.185.154.25	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	US Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
192.185.156.59	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
192.185.156.87	32	wmp	None	2020-08-05 00:00:00	2021-10-08 00:00:00	None	HIVE Case #3445 COLS-NA-TIP-20-0243 (IP=87,US) | updated by wmp Block expiration extended with reason HIVE Case #3649 COLS-NA-TIP-20-0268 (IP=87,US) | updated by dbc Block expiration extended with reason HIVE Case #4064 TO-S-2020-0859 (IP=87,US)
192.185.157.191	32	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5629 TO-S-2021-1303 (IP=191,US)
192.185.158.115	32	TLM	None	2021-06-17 00:00:00	2021-12-17 00:00:00	None	HIVE Case #5644 TO-S-2021-1352 (IP=115,US)
192.185.158.230	32	TLM	None	2021-06-10 00:00:00	2021-12-10 00:00:00	None	HIVE CASE #5606 TO-S-2021-1338
192.185.159.244	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=244,US)
192.185.16.190	32	jkc	None	2021-04-21 00:00:00	2021-10-21 00:00:00	None	Case # 5273 IOC_TO-S-2021-1233 Malicious callback IP
192.185.16.228	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=228,US)
192.185.160.45	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	US TO-S-2020-0331 Malicious Email Activity
192.185.162.211	32	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	US TO-S-2020-0838 Malicious Email Activity
192.185.163.19	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	US TO-S-2020-0698 Malicious Email Activity
192.185.165.90	32	NAB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HIVE Case #5136 TO-S-21-1197 TO-S-21-1197.01 (IP=90,US)
192.185.165.91	32	NAB	None	2021-04-05 00:00:00	2021-07-04 00:00:00	None	HIVE Case #5201 TO-S-21-1209 (IP=91,US)
192.185.165.97	32	NAB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HIVE Case #5136 TO-S-21-1197 TO-S-21-1197.01 (IP=97,US)
192.185.166.227	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=227,US)
192.185.167.110	32	jkc	None	2021-04-21 00:00:00	2021-10-21 00:00:00	None	Case # 5273 IOC_TO-S-2021-1233 Malicious callback IP
192.185.167.112	32	jkc	None	2021-04-21 00:00:00	2021-10-21 00:00:00	None	Case # 5273 IOC_TO-S-2021-1233 Malicious callback IP
192.185.167.135	32	jkc	None	2021-04-21 00:00:00	2021-10-21 00:00:00	None	Case # 5273 IOC_TO-S-2021-1233 Malicious callback IP
192.185.167.137	32	jkc	None	2021-04-21 00:00:00	2021-10-21 00:00:00	None	Case # 5273 IOC_TO-S-2021-1233 Malicious callback IP
192.185.167.194	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=194,US)
192.185.167.57	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	US TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
192.185.169.181	32	wmp	None	2020-08-20 00:00:00	2021-10-08 00:00:00	None	HIVE Case #3601 COLS-NA-TIP-20-0260 (IP=181,US) | updated by dbc Block expiration extended with reason HIVE Case #4064 TO-S-2020-0859 (IP=181,US)
192.185.17.114	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=114,US)
192.185.17.126	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
192.185.171.4	32	dbc	None	2020-09-01 00:00:00	2021-09-01 00:00:00	None	US HIVE Case #3744 TO-S-2020-0772 Malicious Email Activity
192.185.173.162	32	dbc	None	2020-03-24 00:00:00	2021-03-24 00:00:00	None	US TO-S-2020-0369 Malicious Email Activity
192.185.173.184	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	US TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
192.185.173.249	32	NAB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HIVE Case #5136 TO-S-21-1197 TO-S-21-1197.01 (IP=249,US)
192.185.173.43	32	dbc	None	2020-09-23 00:00:00	2021-09-23 00:00:00	None	US TO-S-2020-0826 Hive Case 3950 Malicious Email Activity
192.185.174.59	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=59,US)
192.185.175.68	32	wmp	None	2020-08-26 00:00:00	2021-10-08 00:00:00	None	HIVE Case #3650 COLS-NA-TIP-20-0271 (IP=68,US) | updated by dbc Block expiration extended with reason HIVE Case #4064 TO-S-2020-0859 (IP=68,US)
192.185.185.204	32	TLM	None	2021-06-17 00:00:00	2021-12-17 00:00:00	None	HIVE Case #5644 TO-S-2021-1352 (IP=204,US)
192.185.185.210	32	TLM	None	2021-06-10 00:00:00	2021-12-10 00:00:00	None	HIVE CASE #5606 TO-S-2021-1338
192.185.185.216	32	TLM	None	2021-06-10 00:00:00	2021-12-10 00:00:00	None	HIVE CASE #5606 TO-S-2021-1338
192.185.185.218	32	TLM	None	2021-06-10 00:00:00	2021-12-10 00:00:00	None	HIVE CASE #5606 TO-S-2021-1338
192.185.186.18	32	jkc	None	2021-04-21 00:00:00	2021-10-21 00:00:00	None	Case # 5273 IOC_TO-S-2021-1233 Malicious callback IP
192.185.187.123	32	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5637 TO-S-2021-1321 (IP=123,US)
192.185.188.170	32	NAB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HIVE Case #5136 TO-S-21-1197 TO-S-21-1197.01 (IP=170,US)
192.185.189.166	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	US TO-S-2020-0331 Malicious Email Activity
192.185.189.62	32	NAB	None	2021-04-05 00:00:00	2021-07-04 00:00:00	None	HIVE Case #5201 TO-S-21-1209 (IP=62,US)
192.185.190.240	32	NAB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HIVE Case #5136 TO-S-21-1197 TO-S-21-1197.01 (IP=240,US)
192.185.20.36	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	US TO-S-2020-0750 Malicious Email Activity
192.185.21.198	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
192.185.22.201	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
192.185.225.215	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	US TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
192.185.227.40	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	US TO-S-2021-1007 Malicious Email Activity
192.185.23.100	32	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	US TO-S-2020-0838 Malicious Email Activity
192.185.24.170	32	dbc	None	2020-04-08 00:00:00	2021-04-08 00:00:00	None	US TO-S-2020-0419 Malicious Email Activity
192.185.24.60	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
192.185.25.228	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
192.185.25.241	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
192.185.26.18	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	US TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
192.185.27.18	32	TLM	None	2021-06-17 00:00:00	2021-12-17 00:00:00	None	HIVE Case #5644 TO-S-2021-1352 (IP=18,US)
192.185.3.132	32	dbc	None	2020-03-24 00:00:00	2021-03-24 00:00:00	None	US TO-S-2020-0369 Malicious Email Activity
192.185.30.218	32	NAB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HIVE Case #5136 TO-S-21-1197 TO-S-21-1197.01 (IP=218,US)
192.185.31.203	32	kmw	None	2020-01-02 00:00:00	2021-01-02 00:00:00	None	US TO-S-2020-0228 Malicious Email Activity
192.185.32.234	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	US Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
192.185.32.25	32	dbc	None	2020-03-24 00:00:00	2021-03-24 00:00:00	None	US TO-S-2020-0369 Malicious Email Activity
192.185.32.98	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
192.185.33.202	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=202,US)
192.185.38.10	32	jkc	None	2021-04-21 00:00:00	2021-10-21 00:00:00	None	Case # 5273 IOC_TO-S-2021-1233 Malicious callback IP
192.185.38.177	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=177,US)
192.185.39.231	32	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	US TO-S-2020-0838 Malicious Email Activity
192.185.39.71	32	NAB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HIVE Case #5136 TO-S-21-1197 TO-S-21-1197.01 (IP=71,US)
192.185.4.30	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	US TO-S-2020-0493 Malware Activity
192.185.41.180	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=180,US)
192.185.41.182	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	US TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
192.185.41.192	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	US TO-S-2020-0698 Malware Activity
192.185.48.196	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
192.185.48.205	32	NAB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HIVE Case #5136 TO-S-21-1197 TO-S-21-1197.01 (IP=205,US)
192.185.48.219	32	NAB	None	2020-10-30 00:00:00	2021-01-28 00:00:00	None	HIVE Case #4238 COLS-NA-TIP-20-0344 (IP=219,US)
192.185.52.114	32	TLM	None	2021-06-10 00:00:00	2021-12-10 00:00:00	None	HIVE CASE #5606 TO-S-2021-1338
192.185.55.159	32	wmp	None	2020-08-20 00:00:00	2021-10-08 00:00:00	None	HIVE Case #3601 COLS-NA-TIP-20-0260 (IP=159,US) | updated by dbc Block expiration extended with reason HIVE Case #4064 TO-S-2020-0859 (IP=159,US)
192.185.56.35	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	US TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
192.185.6.41	32	wmp	None	2018-07-24 05:00:00	2021-02-20 00:00:00	None	possible sql injection attempt (IP=41,US) | updated by dbc Block was inactive. Reactivated on 20200220 with reason US TO-S-2020-0303 Malicious Web Application Activity
192.185.70.244	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=244,US)
192.185.73.159	32	dbc	None	2020-06-08 00:00:00	2021-06-08 00:00:00	None	US TO-S-2020-0592 Malware Activity
192.185.73.57	32	dbc	None	2020-04-08 00:00:00	2021-04-08 00:00:00	None	US TO-S-2020-0419 Malicious Email Activity
192.185.73.72	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	US TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
192.185.73.80	32	dbc	None	2020-03-24 00:00:00	2021-03-24 00:00:00	None	US TO-S-2020-0369 Malicious Email Activity
192.185.76.60	32	NAB	None	2020-10-30 00:00:00	2021-01-28 00:00:00	None	HIVE Case #4238 COLS-NA-TIP-20-0344 (IP=60,US)
192.185.78.138	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	US TO-S-2021-1007 Malicious Email Activity
192.185.78.189	32	NAB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HIVE Case #5136 TO-S-21-1197 TO-S-21-1197.01 (IP=189,US)
192.185.78.52	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	US TO-S-2020-0698 Malicious Email Activity
192.185.78.9	32	TLM	None	2021-06-17 00:00:00	2021-12-17 00:00:00	None	HIVE Case #5644 TO-S-2021-1352 (IP=9,US)
192.185.79.119	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	US TO-S-2020-0698 Malware Activity
192.185.79.20	32	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	US TO-S-2020-0315 Malicious Web Application Activity
192.185.79.67	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
192.185.81.166	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
192.185.81.61	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
192.185.82.140	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
192.185.83.204	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
192.185.84.191	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	US TO-S-2020-0698 Malicious Email Activity
192.185.87.235	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	US Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
192.185.87.251	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	US Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
192.185.88.21	32	NAB	None	2020-10-30 00:00:00	2021-01-28 00:00:00	None	HIVE Case #4238 COLS-NA-TIP-20-0344 (IP=21,US)
192.185.90.221	32	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5637 TO-S-2021-1321 (IP=221,US)
192.185.92.174	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	US TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
192.185.93.202	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	US TO-S-2020-0698 Malicious Email Activity
192.185.93.235	32	NAB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HIVE Case #5136 TO-S-21-1197 TO-S-21-1197.01 (IP=235,US)
192.185.93.242	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=242,US)
192.185.94.10	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	US TO-S-2020-0535 Malicious Email Activity
192.185.96.78	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
192.185.97.253	32	srm	None	2020-12-16 00:00:00	2021-03-16 00:00:00	None	HIVE Case #4560 COLS-NA-TIP-20-0406 (IP=253,US)
192.185.98.49	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	US TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
192.185.98.9	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=9,US)
192.185.98.93	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	US Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
192.185.99.185	32	jkc	None	2021-04-21 00:00:00	2021-10-21 00:00:00	None	Case # 5273 IOC_TO-S-2021-1233 Malicious callback IP
192.186.211.6	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
192.186.212.71	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
192.186.230.227	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	US TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
192.186.252.194	32	dbc	None	2020-06-08 00:00:00	2021-06-08 00:00:00	None	Unafiliated TO-S-2020-0592 Malicious Email Activity
192.187.111.219	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	US Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
192.187.111.220	32	NAB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HIVE Case #5136 TO-S-21-1197 TO-S-21-1197.01 (IP=220,US)
192.190.85.105	32	TLM	None	2021-06-17 00:00:00	2021-12-17 00:00:00	None	HIVE Case #5644 TO-S-2021-1352 (IP=105,US)
192.196.156.103	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=103,US)
192.196.159.143	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
192.198.90.194	32	wmp	None	2020-06-19 00:00:00	2021-08-24 00:00:00	None	HIVE Case #3038 CTO-20-168 (IP=194,US) | updated by dbc Block expiration extended with reason US TO-S-2020-0750 Malicious Email Activity
192.199.242.210	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	US TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
192.200.102.58	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
192.200.97.34	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
192.210.191.163	32	wmp	None	2021-02-12 00:00:00	2021-05-12 00:00:00	None	Firepower Suspicious Scan Activity (IP=163,US)
192.210.199.68	32	dbc	None	2020-06-10 00:00:00	2021-06-10 00:00:00	None	Unaffiliated TO-S-2020-0601 Malicious Email Activity
192.210.203.117	32	NAB	None	2020-10-30 00:00:00	2021-01-28 00:00:00	None	HIVE Case #4238 COLS-NA-TIP-20-0344 (IP=117,US)
192.210.213.178	32	dbc	None	2020-01-08 00:00:00	2021-01-08 00:00:00	None	US TO-S-2020-0236 Malware Activity
192.210.213.228	32	wmp	None	2020-08-26 00:00:00	2021-10-08 00:00:00	None	HIVE Case #3650 COLS-NA-TIP-20-0271 (IP=228,US) | updated by dbc Block expiration extended with reason HIVE Case #4064 TO-S-2020-0859 (IP=228,US)
192.210.217.94	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malware Activity
192.210.232.70	32	EE	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire (IP=70,US)
192.210.232.91	32	EE	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire (IP=91,US)
192.210.238.10	32	dbc	None	2020-05-13 00:00:00	2021-06-10 00:00:00	None	Unaffiliated TO-S-2020-0503 Malicious Email Activity | updated by dbc Block expiration extended with reason Unaffiliated TO-S-2020-0601 Malicious Email Activity
192.210.238.27	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	US TO-S-2020-0698 Malicious Email Activity
192.210.238.6	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	US TO-S-2020-0698 Malicious Email Activity
192.210.238.9	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	US TO-S-2020-0331 Malicious Email Activity
192.227.132.201	32	dbc	None	2020-09-17 00:00:00	2021-09-17 00:00:00	None	US TO-S-2020-0805 Malicious Email Activity
192.227.137.68	32	EE	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire (IP=68,US)
192.227.137.69	32	EE	None	2021-03-19 00:00:00	2021-06-17 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire (IP=69,US)
192.227.185.0	24	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5637 TO-S-2021-1321 (IP=0,US)
192.227.209.162	32	TLM	None	2021-06-10 00:00:00	2021-12-10 00:00:00	None	HIVE CASE #5606 TO-S-2021-1338
192.227.215.42	32	dlb	None	2015-04-21 05:00:00	2021-05-07 00:00:00	None	TCP Host Sweeps (IP=42, US) | updated by RB Block was inactive. Reactivated on 20210206 with reason Unauthorized Access-Probe/UDP: Host Sweep - TT# 21C00472 (IP=42,US)
192.227.223.178	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	US TO-S-2020-0698 Malware Activity
192.227.223.181	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	US TO-S-2021-1007 Malware Activity
192.227.223.185	32	GM	None	2020-12-25 00:00:00	2021-03-25 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=185,US)
192.227.230.72	32	ged	None	2016-06-03 05:00:00	2021-07-15 00:00:00	None	ET SCAN Potential SSH Scan (IP=72, US) | updated by wmp Block was inactive. Reactivated on 20210415 with reason McAfee IDS Report Suspicious Scan Activity (IP=72,US)
192.227.246.24	32	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	US TO-S-2020-0315 Malware Activity
192.227.247.177	32	NAB	None	2020-11-27 00:00:00	2021-12-11 00:00:00	None	HIVE Case #4410 COLS-NA-TIP-20-0383 (IP=177,US) | updated by jkc Block expiration extended with reason US TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
192.232.196.172	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
192.232.199.233	32	kmw	None	2020-01-02 00:00:00	2021-01-02 00:00:00	None	US TO-S-2020-0228 Malicious Email Activity
192.232.211.204	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
192.232.216.129	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=129,US)
192.232.219.91	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=91,US)
192.232.221.72	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
192.232.223.60	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	US TO-S-2020-0698 Malicious Email Activity
192.232.236.162	32	wmp	None	2020-08-25 00:00:00	2021-10-08 00:00:00	None	HIVE Case #3649 COLS-NA-TIP-20-0268 (IP=162,US) | updated by dbc Block expiration extended with reason HIVE Case #4064 TO-S-2020-0859 (IP=162,US)
192.232.246.92	32	dbc	None	2020-09-01 00:00:00	2021-09-01 00:00:00	None	US HIVE Case #3744 TO-S-2020-0772 Malicious Email Activity
192.236.160.236	32	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5629 TO-S-2021-1303 (IP=236,US)
192.236.163.32	32	TLM	None	2021-06-17 00:00:00	2021-12-17 00:00:00	None	HIVE Case #5644 TO-S-2021-1352 (IP=32,US)
192.236.163.99	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
192.236.177.74	32	FT	None	2020-10-18 00:00:00	2021-01-18 00:00:00	None	Known Attack Tool User Agent V2 / BOT: Muieblackcat Traffic Detected I - TT# 21C00144 (IP=74,US)
192.236.178.252	32	NAB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HIVE Case #5136 TO-S-21-1197 TO-S-21-1197.01 (IP=252,US)
192.236.178.58	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=58,US)
192.236.192.176	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	US TO-S-2021-1007 Malicious Email Activity
192.236.192.3	32	CR	None	2019-12-27 00:00:00	2021-08-24 00:00:00	None	Unauthorized Access-Probe - TT# 20C01252 (IP=3,US) | updated by wmp Block was inactive. Reactivated on 20200713 with reason HIVE Case #3322 CTO-20-193 (IP=3,US) | updated by dbc Block expiration extended with reason US TO-S-2020-0750 Malware Activity
192.236.192.4	32	CR	None	2019-12-27 00:00:00	2021-08-24 00:00:00	None	Unauthorized Access-Probe - TT# 20C01250 (IP=4,US) | updated by dbc Block was inactive. Reactivated on 20200824 with reason US TO-S-2020-0750 Malware Activity
192.236.194.247	32	dbc	None	2020-03-24 00:00:00	2021-03-24 00:00:00	None	US TO-S-2020-0369 Malicious Email Activity
192.236.199.243	32	TLM	None	2021-07-29 00:00:00	2021-10-27 00:00:00	None	HIVE Case #5884 TO-S-2021-1435 (IP=243,US)
192.237.207.230	32	dbc	None	2020-09-01 00:00:00	2021-09-01 00:00:00	None	US HIVE Case #3744 TO-S-2020-0772 Malicious Email Activity
192.237.207.231	32	dbc	None	2020-09-01 00:00:00	2021-09-01 00:00:00	None	US HIVE Case #3744 TO-S-2020-0772 Malicious Email Activity
192.240.54.36	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	US TO-S-2020-0493 Malware Activity
192.241.129.133	32	RW	None	2021-03-25 00:00:00	2021-06-25 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr web attacks (IP=133,US)
192.241.131.136	32	MLJ	None	2018-02-20 06:00:00	2021-05-07 00:00:00	None	SQL 1 = 1 - possible sql injection attempt (IP=136,US) | updated by BMP Block was inactive. Reactivated on 20200130 with reason SQL 1 = 1 - possible sql injection attempt - SourceFire (IP=136,US) | updated by RW Block expiration extended with reason S
192.241.134.66	24	RR	None	2021-05-20 00:00:00	2021-08-18 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - SourceFire (IP=66,US)
192.241.134.66	32	BMP	None	2021-04-02 00:00:00	2021-07-01 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=6,US)
192.241.137.198	32	ZH	None	2021-06-27 00:00:00	2021-09-25 00:00:00	None	SERVER-WEBAPP generic SQL select statement possible sql injection - ABC Report (IP=198,US)
192.241.140.59	32	DT	None	2021-04-23 00:00:00	2021-07-23 00:00:00	None	HTTP: Apache Struts2 Remote Command Execution Vulnerability - TT# 21C01071 (IP=59,US)
192.241.141.182	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
192.241.143.52	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malware Activity
192.241.146.193	32	RR	None	2021-05-14 00:00:00	2021-08-12 00:00:00	None	SQL injection - Web Attacks (IP=193,US)
192.241.146.230	32	wmp	None	2020-07-29 00:00:00	2021-10-08 00:00:00	None	HIVE Case #3421 COLS-NA-TIP-20-0234 (IP=230,US) | updated by dbc Block expiration extended with reason HIVE Case #4064 TO-S-2020-0859 (IP=230,US)
192.241.146.84	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malware Activity
192.241.151.214	32	EE	None	2021-03-19 00:00:00	2021-06-17 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attack (IP=214,US)
192.241.155.243	32	BMP	None	2021-03-10 00:00:00	2021-09-10 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=243,US) | updated by ZH Block was inactive. Reactivated on 20210612 with reason SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - Sourcefire Rpt (IP=243,US)
192.241.182.18	32	wmp	None	2020-08-26 00:00:00	2021-10-21 00:00:00	None	HIVE Case #3650 COLS-NA-TIP-20-0271 (IP=18,US) | updated by dbc Block expiration extended with reason US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
192.241.182.50	32	NAB	None	2020-10-30 00:00:00	2021-11-19 00:00:00	None	HIVE Case #4238 COLS-NA-TIP-20-0344 (IP=50,US) | updated by dbc Block expiration extended with reason US TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
192.241.206.12	32	wmp	None	2021-01-14 00:00:00	2021-04-14 00:00:00	None	Suspicious Scan Activity (IP=12,US)
192.241.207.37	32	wmp	None	2021-06-08 00:00:00	2021-09-08 00:00:00	None	McAfee IDS Suspicious Scan Activity (IP=37,US)
192.241.208.108	32	wmp	None	2021-04-15 00:00:00	2021-07-15 00:00:00	None	McAfee IDS Report Suspicious Scan Activity (IP=108,US)
192.241.209.196	32	RT	None	2021-06-18 00:00:00	2021-09-16 00:00:00	None	Malicious Activity - TT# 21C01336 (IP=196,US)
192.241.210.174	32	wmp	None	2021-05-21 00:00:00	2021-08-21 00:00:00	None	McAfee IDS Suspicious Scan Activity (IP=174,US)
192.241.211.97	32	RT	None	2021-06-18 00:00:00	2021-09-16 00:00:00	None	Malicious Activity - TT# 21C01336 (IP=97,US)
192.241.212.97	32	wmp	None	2021-02-12 00:00:00	2021-05-12 00:00:00	None	Imperva Suspicious Scan Activity (IP=97,US)
192.241.214.121	32	wmp	None	2021-05-11 00:00:00	2021-08-11 00:00:00	None	McAfee IDS Suspicious Scan Activity (IP=121,US)
192.241.214.159	32	wmp	None	2021-04-28 00:00:00	2021-07-28 00:00:00	None	McAfee IDS Suspicious Scan Activity (IP=159,US)
192.241.214.180	32	RT	None	2021-06-18 00:00:00	2021-09-16 00:00:00	None	Malicious Activity - TT# 21C01336 (IP=180,US)
192.241.214.48	32	wmp	None	2021-04-29 00:00:00	2021-07-29 00:00:00	None	McAfee IDS Suspicious Scan Activity (IP=48,US)
192.241.214.9	32	RT	None	2021-06-18 00:00:00	2021-09-16 00:00:00	None	Malicious Activity - TT# 21C01336 (IP=9,US)
192.241.215.18	32	wmp	None	2021-06-30 00:00:00	2021-09-30 00:00:00	None	McAfee IDS Suspicious Scan Activity (IP=18,US)
192.241.215.98	32	wmp	None	2021-04-27 00:00:00	2021-07-27 00:00:00	None	McAfee IDS Suspicious Scan Activity (IP=98,US)
192.241.216.251	32	wmp	None	2021-05-05 00:00:00	2021-08-05 00:00:00	None	McAfee IDS Suspicious Scan Activity (IP=251,US)
192.241.217.101	32	wmp	None	2021-05-07 00:00:00	2021-08-07 00:00:00	None	McAfee IDS Suspicious Scan Activity (IP=101,US)
192.241.217.174	32	RT	None	2021-07-30 00:00:00	2021-10-28 00:00:00	None	SERVER-WEBAPP Microsoft Exchange Server server side request forgery attempt (1:57244:4) - Sourcefire Report (IP=174,US)
192.241.217.180	32	wmp	None	2021-05-04 00:00:00	2021-08-04 00:00:00	None	McAfee IDS Suspicious Scan Activity (IP=180,US)
192.241.217.91	32	wmp	None	2021-05-10 00:00:00	2021-08-10 00:00:00	None	McAfee IDS Suspicious Scan Activity (IP=91,US)
192.241.218.229	32	wmp	None	2021-06-14 00:00:00	2021-09-14 00:00:00	None	McAfee IDS Suspicious Scan Activity (IP=229,US)
192.241.219.56	32	wmp	None	2021-03-05 00:00:00	2021-06-05 00:00:00	None	McAfee Suspicious Scan Activity (IP=56,US)
192.241.219.71	32	wmp	None	2021-06-15 00:00:00	2021-09-15 00:00:00	None	McAfee IDS Suspicious Scan Activity (IP=71,US)
192.241.219.80	32	wmp	None	2021-04-26 00:00:00	2021-07-26 00:00:00	None	McAfee IDS Report Suspicious Scan Activity (IP=80,US)
192.241.220.134	32	AR	None	2021-05-18 00:00:00	2021-08-16 00:00:00	None	Unauthorized Access-Probe - TT# 21C01189 (IP=134,US)
192.241.220.183	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malware Activity
192.241.220.251	32	wmp	None	2021-03-01 00:00:00	2021-06-01 00:00:00	None	Firepower Suspicious Scan Activity (IP=251,US)
192.241.220.59	32	wmp	None	2021-05-14 00:00:00	2021-08-14 00:00:00	None	McAfee IDS Suspicious Scan Activity (IP=59,US)
192.241.221.109	32	EE	None	2021-04-19 00:00:00	2021-07-19 00:00:00	None	HBSS High Attacker Suspicious Scan Activity (IP=109,US)
192.241.221.93	32	wmp	None	2021-05-06 00:00:00	2021-08-06 00:00:00	None	McAfee IDS Suspicious Scan Activity (IP=93,US)
192.241.222.72	32	RT	None	2021-06-18 00:00:00	2021-09-16 00:00:00	None	Malicious Activity - TT# 21C01336 (IP=72,US)
192.241.222.91	24	DT	None	2021-02-15 00:00:00	2021-05-15 00:00:00	None	Unauthorized Access-Probe / UDP: Host Sweep - TT# 21C00502 (IP=91,US)
192.241.223.119	32	wmp	None	2021-02-09 00:00:00	2021-05-09 00:00:00	None	Imperva Suspicious Scan Activity (IP=119,US)
192.241.225.82	32	wmp	None	2021-01-08 00:00:00	2021-04-08 00:00:00	None	Suspicious Scan Activity (IP=82,US)
192.241.228.246	32	wmp	None	2021-03-08 00:00:00	2021-06-08 00:00:00	None	McAfee Suspicious Scan Activity (IP=246,US)
192.241.231.241	32	RT	None	2021-06-18 00:00:00	2021-09-16 00:00:00	None	Malicious Activity - TT# 21C01336 (IP=241,US)
192.241.237.61	32	RT	None	2021-06-18 00:00:00	2021-09-16 00:00:00	None	Malicious Activity - TT# 21C01336 (IP=61,US)
192.241.238.101	32	KF	None	2020-03-31 00:00:00	2021-09-16 00:00:00	None	TCP: SYN Host Sweep - ARCSight Sauron (IP=101,US) | updated by RT Block was inactive. Reactivated on 20210618 with reason Malicious Activity - TT# 21C01336 (IP=101,US)
192.241.238.245	32	RR	None	2020-04-10 00:00:00	2021-09-16 00:00:00	None	TCP: SYN Host Sweep- ARCSight Sauron (IP=245,US) | updated by RT Block was inactive. Reactivated on 20210618 with reason Malicious Activity - TT# 21C01336 (IP=245,US)
192.241.239.78	32	RT	None	2021-06-18 00:00:00	2021-09-16 00:00:00	None	Malicious Activity - TT# 21C01336 (IP=78,US)
192.241.239.81	32	RT	None	2021-06-18 00:00:00	2021-09-16 00:00:00	None	Malicious Activity - TT# 21C01336 (IP=81,US)
192.241.254.112	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	US TO-S-2020-0298 Malware Activity
192.241.255.149	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	US TO-S-2020-0298 Malware Activity
192.245.157.71	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=71,US)
192.248.155.158	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=158,GB)
192.248.162.79	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=79,GB)
192.248.179.243	24	DT	None	2021-06-23 00:00:00	2021-09-21 00:00:00	None	SQL injection - Web Attacks (IP=243,DE)
192.248.40.141	24	EE	None	2021-04-07 00:00:00	2021-07-06 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - Sourcefire (IP=141,LK)
192.248.41.23	24	KH	None	2021-07-26 00:00:00	2021-10-24 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=23,LK)
192.249.115.198	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=198,US)
192.249.115.22	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	US Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
192.249.115.83	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	US Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
192.249.118.159	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
192.249.119.102	32	NAB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HIVE Case #5136 TO-S-21-1197 TO-S-21-1197.01 (IP=102,US)
192.249.119.53	32	jkc	None	2021-04-21 00:00:00	2021-10-21 00:00:00	None	Case # 5273 IOC_TO-S-2021-1233 Malicious callback IP
192.249.120.109	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	US Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
192.249.120.140	32	dbc	None	2020-09-17 00:00:00	2021-09-17 00:00:00	None	US TO-S-2020-0805 Malicious Email Activity
192.249.121.136	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	US TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
192.249.121.96	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	US Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
192.249.125.100	32	wmp	None	2020-08-26 00:00:00	2021-10-08 00:00:00	None	HIVE Case #3650 COLS-NA-TIP-20-0271 (IP=100,US) | updated by dbc Block expiration extended with reason HIVE Case #4064 TO-S-2020-0859 (IP=100,US)
192.250.224.179	32	wmp	None	2020-08-20 00:00:00	2021-10-08 00:00:00	None	HIVE Case #3601 COLS-NA-TIP-20-0260 (IP=179,US) | updated by dbc Block expiration extended with reason HIVE Case #4064 TO-S-2020-0859 (IP=179,US)
192.250.225.178	32	NAB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HIVE Case #5136 TO-S-21-1197 TO-S-21-1197.01 (IP=178,US)
192.254.134.1	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	US TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
192.254.165.218	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=218,US)
192.254.174.136	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=136,US)
192.254.176.18	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
192.254.181.24	32	TLM	None	2021-06-10 00:00:00	2021-12-10 00:00:00	None	HIVE CASE #5606 TO-S-2021-1338
192.254.185.156	32	NAB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HIVE Case #5136 TO-S-21-1197 TO-S-21-1197.01 (IP=156,US)
192.254.185.185	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	US TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
192.254.185.238	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	US TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
192.254.186.250	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	US TO-S-2020-0535 Malware Activity
192.254.188.63	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=63,US)
192.254.190.141	32	jkc	None	2021-04-21 00:00:00	2021-10-21 00:00:00	None	Case # 5273 IOC_TO-S-2021-1233 Malicious callback IP
192.254.190.20	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
192.254.207.43	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	US TO-S-2020-0493 Malware Activity
192.254.224.77	32	dbc	None	2020-09-23 00:00:00	2021-09-23 00:00:00	None	US TO-S-2020-0826 Hive Case 3950 Malicious Email Activity
192.254.225.27	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	US TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
192.254.232.55	32	dbc	None	2020-05-13 00:00:00	2021-05-13 00:00:00	None	Unaffiliated TO-S-2020-0503 Malicious Email Activity
192.254.233.216	32	TLM	None	2021-06-14 00:00:00	2021-12-14 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=216,US)
192.254.234.149	32	dbc	None	2020-09-23 00:00:00	2021-09-23 00:00:00	None	US TO-S-2020-0826 Hive Case 3950 Malicious Email Activity
192.254.234.60	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	Unaffiliated TO-S-2020-0535 Malicious Email Activity
192.254.234.95	32	TLM	None	2021-06-14 00:00:00	2021-12-14 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=95,US)
192.254.235.21	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	US TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
192.254.236.175	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	US Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
192.254.236.95	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
192.254.245.21	32	TLM	None	2021-06-10 00:00:00	2021-12-10 00:00:00	None	HIVE CASE #5606 TO-S-2021-1338
192.254.74.90	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
192.255.166.72	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	US Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
192.255.235.31	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	US TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
192.255.235.43	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	US TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
192.26.8.4	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=4,US)
192.3.136.107	32	dbc	None	2020-04-08 00:00:00	2021-04-08 00:00:00	None	US TO-S-2020-0419 Malicious Email Activity
192.3.136.119	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	US TO-S-2020-0535 Malicious Email Activity
192.3.138.170	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=170,US)
192.3.138.58	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	US TO-S-2020-0331 Malicious Email Activity
192.3.141.157	32	NAB	None	2021-05-11 00:00:00	2021-11-11 00:00:00	None	HIVE Case #5422 DARKSIDE Ransomware (IP=157,US)
192.3.152.134	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	US TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
192.3.178.130	32	wmp	None	2021-06-02 00:00:00	2021-09-02 00:00:00	None	McAfee IDS Suspicious Scan Activity (IP=130,US)
192.3.189.147	32	RW	None	2021-05-08 00:00:00	2021-08-08 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=147,US)
192.3.199.196	32	NAB	None	2020-10-30 00:00:00	2021-11-19 00:00:00	None	HIVE Case #4238 COLS-NA-TIP-20-0344 (IP=196,US) | updated by dbc Block expiration extended with reason US TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
192.3.201.45	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=45,US)
192.3.201.55	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	US Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
192.3.204.115	32	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	US TO-S-2020-0315 Malicious Web Application Activity
192.3.204.117	32	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	US TO-S-2020-0315 Malicious Email Activity
192.3.31.212	32	dbc	None	2020-06-04 00:00:00	2021-06-04 00:00:00	None	US TO-S-2020-0587 Malicious Email Activity
192.3.41.204	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	US TO-S-2021-1007 Malware Activity
192.3.7.147	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
192.3.70.17	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	US TO-S-2020-0303 Malicious Web Application Activity
192.3.73.34	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
192.3.81.110	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	US TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
192.30.89.67	32	dbc	None	2020-03-24 00:00:00	2021-03-24 00:00:00	None	CA TO-S-2020-0369 Malware Activity
192.34.128.70	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
192.35.168.0	23	RR	None	2020-12-30 00:00:00	2021-04-01 00:00:00	None	scanning activity against our CDAP server - - TT# 21C00378 (IP=0,US)
192.42.116.20	32	DT	None	2021-03-14 00:00:00	2021-06-14 00:00:00	None	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00688 (IP=20,NL)
192.42.116.22	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	NL TO-S-2020-0331 Malware Activity
192.42.116.25	32	EE	None	2021-03-10 00:00:00	2021-06-08 00:00:00	None	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00666 (IP=25,NL)
192.46.212.17	32	BMP	None	2021-07-03 00:00:00	2021-10-01 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=17,US)
192.51.188.0	24	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,JP)
192.53.123.127	24	EE	None	2021-04-12 00:00:00	2021-07-11 00:00:00	None	SERVER-WEBAPP generic SQL select statement possible sql injection (1:41817:2) - Sourcefire (IP=127,CA)
192.53.166.137	32	NAB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HIVE Case #5136 TO-S-21-1197 TO-S-21-1197.01 (IP=137,US)
192.55.55.39	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	US TO-S-2020-0303 Malicious Web Application Activity
192.64.112.77	32	NAB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HIVE Case #5136 TO-S-21-1197 TO-S-21-1197.01 (IP=77,US)
192.64.113.157	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	US TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
192.64.113.199	32	jkc	None	2021-04-21 00:00:00	2021-10-21 00:00:00	None	Case # 5273 IOC_TO-S-2021-1233 Malicious callback IP
192.64.114.188	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	US TO-S-2020-0698 Malicious Email Activity
192.64.114.212	32	wmp	None	2020-08-26 00:00:00	2021-10-08 00:00:00	None	HIVE Case #3650 COLS-NA-TIP-20-0271 (IP=212,US) | updated by dbc Block expiration extended with reason HIVE Case #4064 TO-S-2020-0859 (IP=212,US)
192.64.117.153	32	NAB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HIVE Case #5136 TO-S-21-1197 TO-S-21-1197.01 (IP=153,US)
192.64.117.217	32	TLM	None	2021-07-29 00:00:00	2021-10-27 00:00:00	None	HIVE Case #5884 TO-S-2021-1435 (IP=217,US)
192.64.117.47	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=47,US)
192.64.118.49	32	NAB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HIVE Case #5136 TO-S-21-1197 TO-S-21-1197.01 (IP=49,US)
192.64.119.119	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	US TO-S-2020-0535 Malware Activity
192.64.119.126	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	US TO-S-2020-0535 Malware Activity
192.64.119.145	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	US TO-S-2020-0535 Malware Activity
192.64.119.146	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	US TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
192.64.119.168	32	dbc	None	2020-09-17 00:00:00	2021-09-17 00:00:00	None	US TO-S-2020-0805 Malicious Email Activity
192.64.119.203	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	US TO-S-2020-0750 Malicious Email Activity
192.64.119.214	32	TLM	None	2021-07-29 00:00:00	2021-10-27 00:00:00	None	HIVE Case #5884 TO-S-2021-1435 (IP=214,US)
192.64.119.221	32	dbc	None	2020-09-17 00:00:00	2021-09-17 00:00:00	None	US TO-S-2020-0805 Malicious Email Activity
192.64.119.223	32	TLM	None	2021-06-17 00:00:00	2021-12-17 00:00:00	None	HIVE Case #5644 TO-S-2021-1352 (IP=223,US)
192.64.119.231	32	dbc	None	2020-04-08 00:00:00	2021-04-08 00:00:00	None	US TO-S-2020-0419 Malicious Email Activity
192.64.119.254	32	dbc	None	2019-04-29 00:00:00	2021-01-28 00:00:00	None	US TO-S-2019-0631 Malicious Email Activity | updated by NAB Block was inactive. Reactivated on 20201030 with reason HIVE Case #4238 COLS-NA-TIP-20-0344 (IP=254,US)
192.64.119.28	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	US TO-S-2020-0535 Malware Activity
192.64.119.37	32	wmp	None	2020-09-25 00:00:00	2021-11-03 00:00:00	None	HIVE Case #3980 COLS-NA-TIP-20-0305 (IP=37,US) | updated by dbc Block expiration extended with reason US Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
192.64.119.42	32	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	US TO-S-2020-0315 Malicious Web Application Activity
192.64.119.8	32	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	US TO-S-2020-0838 Malicious Email Activity
192.64.119.80	32	wmp	None	2020-09-15 00:00:00	2021-10-21 00:00:00	None	HIVE Case #3853 TO-S-2020-0804 COLS-NA-TIP-20-0291 (IP=80,US) | updated by dbc Block expiration extended with reason US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
192.64.119.86	32	NAB	None	2021-04-05 00:00:00	2021-07-04 00:00:00	None	HIVE Case #5201 TO-S-21-1209 (IP=86,US)
192.64.119.93	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	US TO-S-2020-0535 Malware Activity
192.66.38.56	32	TLM	None	2021-07-29 00:00:00	2021-10-27 00:00:00	None	HIVE Case #5884 TO-S-2021-1435 (IP=56,DK)
192.69.235.197	32	dbc	None	2020-09-17 00:00:00	2021-09-17 00:00:00	None	US TO-S-2020-0805 Malicious Email Activity
192.71.244.0	24	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5637 TO-S-2021-1321 (IP=0,SI)
192.72.22.0	24	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	TW TO-S-2020-0303 Malicious Email Activity
192.74.229.244	32	dbc	None	2020-06-10 00:00:00	2021-06-10 00:00:00	None	US TO-S-2020-0601 Malware Activity
192.81.129.103	32	RR	None	2021-05-14 00:00:00	2021-08-12 00:00:00	None	SQL injection - Web Attacks (IP=103,US)
192.81.134.226	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
192.81.170.5	32	NAB	None	2021-01-12 00:00:00	2021-04-12 00:00:00	None	HIVE Case #NA FP Security (IP=5,CA)
192.81.211.160	32	BMP	None	2021-03-30 00:00:00	2021-06-28 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=160,US)
192.81.212.131	32	BMP	None	2021-03-25 00:00:00	2021-06-23 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=131,US)
192.81.212.192	32	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	US TO-S-2020-0315 Malicious Web Application Activity
192.81.220.8	24	EE	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attack (IP=8,NL)
192.82.64.227	32	wmp	None	2021-03-11 00:00:00	2021-09-17 00:00:00	None	ArcSight High Attacker (IP=227,MN) | updated by wmp Block was inactive. Reactivated on 20210617 with reason ArcSight ESM High Attacker Suspicious Scan Activity (IP=227,MN)
192.95.21.244	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	CA Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
192.95.4.184	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	CA TO-S-2021-0876 Hive Case 4166 Malware Activity
192.99.111.1	24	RW	None	2021-03-25 00:00:00	2021-06-25 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Sourcefire (IP=1,CA)
192.99.137.205	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	CA TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
192.99.144.232	24	BMP	None	2021-09-22 00:00:00	2021-12-21 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - WebAttacks (IP=232,CA)
192.99.147.163	32	NAB	None	2020-10-30 00:00:00	2021-01-28 00:00:00	None	HIVE Case #4238 COLS-NA-TIP-20-0344 (IP=163,CA)
192.99.154.125	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	CA TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
192.99.166.2	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	CA Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
192.99.175.186	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	CA Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
192.99.188.171	32	DT	None	2021-02-10 00:00:00	2021-05-10 00:00:00	None	Unauthorized Access-Probe / UDP Host Sweep - TT# 21C00482 (IP=171,CA)
192.99.20.96	32	NAB	None	2020-10-30 00:00:00	2021-11-19 00:00:00	None	HIVE Case #4238 COLS-NA-TIP-20-0344 (IP=96,CA) | updated by dbc Block expiration extended with reason CA TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
192.99.221.77	24	EE	None	2021-06-29 00:00:00	2021-09-27 00:00:00	None	HIVE Case #5669 IOC_ Nobelium (IP=77,AE)
192.99.24.62	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	CA TO-S-2020-0493 Malware Activity
192.99.246.11	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	CA TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
192.99.246.133	24	RW	None	2021-03-10 00:00:00	2021-08-16 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=133,CA) | updated by UA Block expiration extended with reason SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Sourcefire (IP=133,CA)
192.99.34.142	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	CA TO-S-2021-0876 Hive Case 4166 Malicious Web Application Activity
192.99.63.2	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	CA TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
192.99.68.159	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	CA TO-S-2020-0298 Malicious Email Activity
192.99.7.198	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	CA TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
192.99.83.15	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	CA Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
192.99.83.26	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	CA Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
192.99.92.112	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	CA TO-S-2020-0493 Malware Activity
193.0.9.10	24	ABC	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	UDP: Port Scan (IP=10,NL)
193.10.247.98	24	DT	None	2020-10-21 00:00:00	2021-01-21 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Sourcefire (IP=98,SE)
193.104.227.0	24	TLM	None	2021-06-17 00:00:00	2021-12-17 00:00:00	None	HIVE Case #5644 TO-S-2021-1352 (IP=0,RU)
193.104.234.0	24	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5637 TO-S-2021-1321 (IP=0,RU)
193.104.85.0	24	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	UA TO-S-2020-0331 Malicious Web Application Activity
193.105.126.18	24	RW	None	2021-01-17 00:00:00	2021-04-17 00:00:00	None	Authentication Failure - 6 hr failed logons (IP=18,RU)
193.105.228.135	24	DT	None	2021-09-06 00:00:00	2021-12-05 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt - Web Attacks (IP=135,IT)
193.105.73.127	24	RT	None	2021-07-14 00:00:00	2021-10-12 00:00:00	None	POLICY-OTHER Adobe ColdFusion admin interface access attempt - 6hr Web Attack (IP=127,BE)
193.106.175.0	24	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	RU Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
193.106.214.204	32	jkc	None	2020-06-26 00:00:00	2021-06-26 00:00:00	None	Case # 3146 - IOC_ CTO 20-172 malicious callback IP (ip=204,RU)
193.106.48.0	22	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	KG Hive Case 4237 TO-S-2021-0910 Malware Activity
193.107.102.0	23	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	RU Hive Case 4237 TO-S-2021-0910 Malware Activity
193.107.216.76	24	RW	None	2021-03-25 00:00:00	2021-06-25 00:00:00	None	FTP Login Failed - 6 hr failed logons (IP=76,UK)
193.112.110.154	24	RW	None	2021-03-31 00:00:00	2021-06-30 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr web attacks (IP=154,CN)
193.112.110.35	32	srm	None	2021-02-02 00:00:00	2021-05-03 00:00:00	None	Firepwer Suspicious Scan Activity (IP=35,CN)
193.112.113.237	24	BMP	None	2020-11-13 00:00:00	2021-02-11 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - SourceFire (IP=237,CN)
193.112.118.79	24	BMP	None	2021-03-13 00:00:00	2021-06-11 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=79,CN)
193.112.130.111	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=111,CN)
193.112.153.27	24	GM	None	2020-11-01 00:00:00	2021-02-01 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=27,CN)
193.112.192.63	24	BMP	None	2020-10-17 00:00:00	2021-01-15 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - SourceFire (IP=163,CN)
193.112.47.20	24	RR	None	2021-06-20 00:00:00	2021-09-18 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=20,CN)
193.112.49.216	24	RR	None	2020-11-26 00:00:00	2021-02-24 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Web Attacks (IP=216,CN)
193.112.54.76	24	FT	None	2020-11-01 00:00:00	2021-02-01 00:00:00	None	SERVER-WEBAPP vBulletin template rendering arbitrary PHP code execution attempt (1:54768:2) - SourceFire (IP=76,CN)
193.112.63.109	24	RR	None	2021-06-06 00:00:00	2021-09-04 00:00:00	None	SERVER-ORACLE Oracle WebLogic Server remote command execution attempt (IP=109,CN) | updated by CR Block was inactive. Reactivated on 20191012 with reason SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_Sourcefire (IP=109,CN)
193.112.63.109	24	RB	None	2021-06-06 00:00:00	2021-09-04 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - 6hr web attacks (IP=109,CN)
193.112.63.109	24	YM	None	2018-05-15 05:00:00	2021-09-04 00:00:00	None	SERVER-ORACLE Oracle WebLogic Server remote command execution attempt (IP=109,CN) | updated by CR Block was inactive. Reactivated on 20191012 with reason SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt_Sourcefire (IP=109,CN)
193.112.94.225	24	RB	None	2020-12-09 00:00:00	2021-03-09 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=225,CN)
193.117.238.54	24	KH	None	2021-08-27 00:00:00	2021-11-25 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - Sourcefire (IP=54,GB)
193.118.53.138	24	KH	None	2021-07-22 00:00:00	2021-10-20 00:00:00	None	SSLv2 Client Hello Request Detected - FE IPS (IP=138,NL)
193.118.53.194	32	wmp	None	2021-05-11 00:00:00	2021-08-11 00:00:00	None	SERVER-IIS Microsoft IIS Range header integer overflow attempt - SourceFire (IP=194,US) | updated by wmp Block was inactive. Reactivated on 20210511 with reason ArcSight ESM High Attacker Suspicious Scan Activity (IP=194,NL) ArcSight ESM High Attacker
193.118.53.194	32	RR	None	2020-04-30 00:00:00	2021-08-11 00:00:00	None	SERVER-IIS Microsoft IIS Range header integer overflow attempt - SourceFire (IP=194,US) | updated by wmp Block was inactive. Reactivated on 20210511 with reason ArcSight ESM High Attacker Suspicious Scan Activity (IP=194,NL) ArcSight ESM High Attacker
193.118.53.202	32	wmp	None	2021-05-21 00:00:00	2021-08-21 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=202,NL)
193.118.53.210	32	wmp	None	2021-05-21 00:00:00	2021-08-21 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=210,NL)
193.118.55.146	24	KH	None	2021-09-22 00:00:00	2021-12-21 00:00:00	None	SSLv2 Client Hello Request Detected - Sourcefire (IP=146,NL)
193.122.123.145	24	EE	None	2021-04-06 00:00:00	2021-07-05 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire (IP=145,KR)
193.122.162.116	32	BMP	None	2020-11-17 00:00:00	2021-02-15 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - SourceFire (IP=116,US)
193.122.54.85	32	BMP	None	2020-10-01 00:00:00	2021-01-01 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - 6hr Web Attacks (IP=85,US)
193.123.70.211	24	BMP	None	2021-05-14 00:00:00	2021-08-12 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=211,AE)
193.126.238.50	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	PT TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
193.140.239.214	32	dbc	None	2020-06-10 00:00:00	2021-06-10 00:00:00	None	TR TO-S-2020-0601 Malware Activity
193.141.3.70	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	DE TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
193.142.146.202	32	RB	None	2020-12-14 00:00:00	2021-03-14 00:00:00	None	Self-report / IP block - TT# 21C00287 (IP=202,NL)
193.142.146.21	32	dbc	None	2020-09-17 00:00:00	2021-09-17 00:00:00	None	NL TO-S-2020-0805 Malicious Web Application Activity
193.142.146.42	24	KD	None	2021-06-28 00:00:00	2021-09-27 00:00:00	None	Self Report / ColdFusion (4) / UDP:Host Sweep TT# 21C01379 (IP=42,DE)
193.142.146.53	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	NL Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
193.142.59.77	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	NL TO-S-2020-0750 Malicious Email Activity
193.148.18.59	32	RB	None	2020-11-11 00:00:00	2021-02-09 00:00:00	None	SERVER-WEBAPP F5 BIG-IP Traffic Management User Interface remote code execution attempt - 6hr web attacks (IP=59,US)
193.148.18.75	32	RR	None	2020-12-11 00:00:00	2021-03-11 00:00:00	None	Nuclei Vulnerability Scanner - IPS Events (IP=75,US)
193.150.88.0	23	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	UA Hive Case 4187 TO-S-2021-0898 Malicious Web Application Activity
193.151.82.82	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	BG Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
193.16.220.0	24	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	CH TO-S-2020-0322 Malware Activity
193.160.64.242	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	DE TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
193.161.193.0	24	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	RU Hive Case 4187 TO-S-2021-0898 Malware Activity
193.164.150.0	24	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	RU Hive Case 4237 TO-S-2021-0910 Malware Activity
193.164.195.0	24	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,RU)
193.168.147.14	24	EE	None	2020-12-07 00:00:00	2021-03-07 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=14,FR)
193.168.152.229	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	TR TO-S-2020-0303 Malicious Email Activity
193.168.194.101	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	SG TO-S-2020-0459 Malware Activity
193.168.194.51	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	SG TO-S-2020-0459 Malware Activity
193.169.189.202	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	UA Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
193.169.244.208	32	srm	None	2021-04-20 00:00:00	2021-07-19 00:00:00	None	Firepower Suspicious Scan Activity (IP=208,NL)
193.169.244.208	24	EE	None	2021-04-20 00:00:00	2021-07-19 00:00:00	None	POLICY-OTHER F5 iControl REST interface tm.util.bash invocation attempt (1:57336:1) - SourceFire (IP=208,NL)
193.169.254.20	24	AR	None	2021-06-09 00:00:00	2021-09-07 00:00:00	None	Adobe ColdFusion Administrator Access Restriction - 6 HR Web Attack (IP= 20,PL)
193.169.254.20	24	RT	None	2021-05-21 00:00:00	2021-09-07 00:00:00	None	Adobe ColdFusion Administrator Access Restriction - 6hr Web Attacks (IP=20,PL) | updated by RR Block expiration extended with reason POLICY-OTHER Cisco IOS XE default one-time password login detected - SourceFire (IP=20,PO) POLICY-OTHER Cisco IOS XE de
193.169.254.20	24	RR	None	2021-05-22 00:00:00	2021-09-07 00:00:00	None	Adobe ColdFusion Administrator Access Restriction - 6hr Web Attacks (IP=20,PL) | updated by RR Block expiration extended with reason POLICY-OTHER Cisco IOS XE default one-time password login detected - SourceFire (IP=20,PO) POLICY-OTHER Cisco IOS XE de
193.169.254.20	24	KD	None	2021-06-08 00:00:00	2021-09-07 00:00:00	None	Adobe ColdFusion Administrator Access Restriction - 6hr Web Attacks (IP=20,PL) | updated by RR Block expiration extended with reason POLICY-OTHER Cisco IOS XE default one-time password login detected - SourceFire (IP=20,PO) POLICY-OTHER Cisco IOS XE de
193.169.255.250	24	RT	None	2021-05-21 00:00:00	2021-09-04 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - 6hr Web Attacks (IP=250,PL) | updated by RR Block expiration extended with reason INDICATOR-OBFUSCATION select concat statement - possible sql injection - SourceFire (IP=250,PO) | updated by RR Block expiration
193.180.164.0	23	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	SE TO-S-2020-0303 Malicious Web Application Activity
193.181.64.0	24	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	SE TO-S-2020-0535 Malware Activity
193.187.88.0	23	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	SE TO-S-2021-1007 Malware Activity
193.188.20.0	22	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	RU TO-S-2020-0298 Malicious Email Activity
193.188.64.0	19	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	JO TO-S-2020-0838 Malicious Web Application Activity
193.189.74.128	32	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	GB TO-S-2020-0838 Malicious Email Activity
193.19.252.0	22	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	GB TO-S-2020-0303 Malicious Email Activity
193.194.69.0	24	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	DZ TO-S-2020-0535 Malicious Email Activity
193.200.32.0	23	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	UA Hive Case 4237 TO-S-2021-0910 Malware Activity
193.202.110.0	24	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	DK TO-S-2020-0459 Malware Activity
193.202.110.0	24	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	DK TO-S-2020-0459 Malware Activity
193.202.110.20	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	DK TO-S-2020-0459 Malware Activity
193.202.110.23	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	DK TO-S-2020-0459 Malware Activity
193.202.80.0	22	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	RU Hive Case 4237 TO-S-2021-0910 Malware Activity
193.203.120.0	23	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	CH TO-S-2020-0322 Malware Activity
193.203.204.118	32	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5629 TO-S-2021-1303 (IP=118,RO)
193.203.36.0	22	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	RO TO-S-2020-0535 Malware Activity
193.203.8.0	22	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	RU Hive Case 4237 TO-S-2021-0910 Malware Activity
193.205.194.170	32	wmp	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=170,IT)
193.205.219.57	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=57,IT)
193.219.96.100	24	RR	None	2021-03-23 00:00:00	2021-06-21 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) -SourceFire (IP=100,ES)
193.226.20.244	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	RO TO-S-2020-0303 Malicious Email Activity
193.226.64.0	24	dbc	None	2020-09-23 00:00:00	2021-09-23 00:00:00	None	RO TO-S-2020-0826 Hive Case 3950 Malicious Email Activity
193.226.7.172	24	FT	None	2020-11-04 00:00:00	2021-02-04 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - 6hr Web Attacks (IP=172,RO)
193.227.11.0	24	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	EG TO-S-2020-0838 Malware Activity
193.227.5.230	24	GM	None	2019-05-20 00:00:00	2021-08-19 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Sourcefire (IP=230,EG) | updated by RT Block was inactive. Reactivated on 20210521 with reason HTTP: SQL Injection Attempt Detected - 6hr Web Attacks (IP=230,EG)
193.228.132.0	22	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	RU TO-S-2020-0303 Malicious Email Activity
193.228.193.153	24	RT	None	2021-09-26 00:00:00	2021-12-25 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt (1:28556:3) - Sourcefire Report (IP=153,NL)
193.228.91.108	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	GB Hive Case 4187 TO-S-2021-0898 Malicious Web Application Activity
193.228.91.12	32	wmp	None	2020-07-17 00:00:00	2021-09-17 00:00:00	None	HIVE Case #3353 TO-S-2020-0682 COLS-NA-TIP-20-0223 (IP=12,GB) | updated by dbc Block expiration extended with reason US TO-S-2020-0805 Malicious Email Activity
193.23.3.9	24	BB	None	2021-07-31 00:00:00	2021-10-29 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=9,DE)
193.236.61.136	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	PT Hive Case 4237 TO-S-2021-0910 Malware Activity
193.238.110.0	24	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	RU Hive Case 4237 TO-S-2021-0910 Malware Activity
193.239.137.37	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	PL TO-S-2020-0331 Malicious Web Application Activity
193.239.146.56	24	BMP	None	2021-05-12 00:00:00	2021-08-10 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=56,)
193.239.147.35	24	RB	None	2020-10-27 00:00:00	2021-01-25 00:00:00	None	HTTP: PHP File Upload Vulnerability Detected - 6hr web attacks (IP=35,NL)
193.239.154.0	24	jkc	None	2021-04-21 00:00:00	2021-10-21 00:00:00	None	Case # 5273 IOC_TO-S-2021-1233 Malicious callback IP
193.239.212.0	23	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	OM Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
193.239.248.12	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	AT TO-S-2020-0331 Malicious Web Application Activity
193.242.145.16	32	wmp	None	2021-05-07 00:00:00	2021-08-07 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=16,RU)
193.242.176.0	22	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	RU Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
193.242.191.0	24	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	RU Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
193.243.140.148	24	RW	None	2021-03-25 00:00:00	2021-06-25 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Sourcefire (IP=148,SL)
193.247.213.98	24	PS	None	2021-05-26 00:00:00	2021-08-24 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Sourcefire (1:45749:2) (IP=98,RU)
193.248.48.91	24	RR	None	2019-05-07 00:00:00	2021-01-27 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt #NAME? (IP=91,FR) | updated by RR Block was inactive. Reactivated on 20201029 with reason HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attcks (IP=91,FR)
193.25.214.130	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	US TO-S-2021-1007 Malicious Email Activity
193.252.218.184	32	TLM	None	2021-06-10 00:00:00	2021-12-10 00:00:00	None	HIVE CASE #5606 TO-S-2021-1338
193.254.229.151	32	dbc	None	2020-06-10 00:00:00	2021-06-10 00:00:00	None	TR TO-S-2020-0601 Malware Activity
193.26.21.19	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	FR TO-S-2020-0535 Malicious Email Activity
193.26.21.194	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=194,FR)
193.27.228.0	23	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,RU)
193.27.228.27	24	GM	None	2020-10-08 00:00:00	2021-01-08 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=27,RU)
193.29.14.127	32	wmp	None	2021-05-28 00:00:00	2021-08-28 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=127,RO)
193.29.14.127	24	CR	None	2021-05-28 00:00:00	2021-08-27 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt - Sourcefire (IP=127,RO)
193.29.15.246	24	EE	None	2021-01-31 00:00:00	2021-04-30 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt (1:28556:3) - SourceFire (IP=246,RO)
193.29.187.0	24	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	OM Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
193.29.56.18	32	dbc	None	2020-03-24 00:00:00	2021-03-24 00:00:00	None	FR TO-S-2020-0369 Malicious Email Activity
193.30.249.0	24	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	RS Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
193.32.126.158	24	UA	None	2021-06-22 00:00:00	2021-09-22 00:00:00	None	FOX-SRT - IOC - XServer/Agent - Possible XServer Start SOCKS5 Proxy mode (IP=158,FR)
193.32.164.27	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	HIVE Case #Firepower Firepower (IP=27,RU)
193.33.206.23	24	EE	None	2021-03-28 00:00:00	2021-09-12 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks(IP=23,UA) | updated by RR Block expiration extended with reason HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Failed Logns (IP=23,UA)
193.34.172.0	23	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	UA TO-S-2020-0298 Malicious Email Activity
193.34.20.0	22	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	UA TO-S-2020-0331 Malicious Web Application Activity
193.35.48.0	22	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	RU TO-S-2020-0322 Malware Activity
193.36.116.0	22	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	CH TO-S-2020-0315 Malware Activity
193.36.237.138	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	US TO-S-2020-0493 Malware Activity
193.37.212.43	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	BG Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
193.37.215.104	24	BMP	None	2021-03-18 00:00:00	2021-06-16 00:00:00	None	POLICY-OTHER Adobe ColdFusion admin interface access attempt - 6hr Web Attacks (IP=104,BG)
193.37.215.104	32	wmp	None	2021-02-25 00:00:00	2021-05-25 00:00:00	None	FireEye IPS Nuclei Vulnerability Scanner (IP=104,CY)
193.37.252.217	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
193.37.252.78	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
193.37.255.26	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	SK TO-S-2020-0303 Malicious Web Application Activity
193.38.50.0	23	dbc	None	2020-09-01 00:00:00	2021-09-01 00:00:00	None	RU HIVE Case #3744 TO-S-2020-0772 Malicious Activity
193.40.148.79	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	EE TO-S-2021-0949 Hive Case 4363 Malicious Email Activity
193.41.136.0	23	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	CH TO-S-2020-0322 Malware Activity
193.42.110.99	24	DT	None	2021-03-30 00:00:00	2021-06-28 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=99,NL)
193.42.143.184	32	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	ES TO-S-2020-0838 Malicious Email Activity
193.42.24.0	23	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	HK Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
193.46.197.111	32	wmp	None	2020-09-16 00:00:00	2021-10-29 00:00:00	None	HIVE Case #3909 COLS-NA-TIP-20-0296 (IP=111,NL) | updated by dbc Block expiration extended with reason DE Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
193.46.254.152	32	wmp	None	2021-03-09 00:00:00	2021-06-09 00:00:00	None	ArcSight ESM High Attacker (IP=152,RO)
193.46.255.139	24	WR	None	2021-06-24 00:00:00	2021-09-22 00:00:00	None	SIP Express Router Contact Header Buffer Overflow - TT# 21C01361
193.46.255.233	32	RR	None	2021-09-15 00:00:00	2021-12-14 00:00:00	None	Unauthorized Access-Probe - TT# 21C01867 (IP=233,NL)
193.46.255.233	32	RR	None	2021-09-15 00:00:00	2021-12-14 00:00:00	None	Unauthorized Access-Probe - TT# 21C01867 (IP=233,NL) Unauthorized Access-Probe - TT# 21C01867 (IP=233,NL)
193.46.255.67	24	FT	None	2021-03-20 00:00:00	2021-06-18 00:00:00	None	Unauthorized Access-Probe - TT# 21C00719 (IP=67,RO)
193.47.34.0	24	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	RU Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
193.5.110.0	23	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	CH TO-S-2020-0322 Malware Activity
193.56.116.140	24	RW	None	2021-08-17 00:00:00	2021-11-15 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=140,FR)
193.56.253.66	24	GM	None	2021-02-02 00:00:00	2021-05-02 00:00:00	None	SERVER-WEBAPP JBoss admin-console access - Web Attacks (IP=66,AU)
193.56.28.187	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=187,GB)
193.56.28.239	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=239,GB)
193.56.28.39	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=39,GB)
193.56.29.186	24	RB	None	2021-04-01 00:00:00	2021-06-30 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - 6hr web attacks (IP=186,GB)
193.56.29.26	24	RR	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt (1:41421:2) - SourceFire (IP=26,GB)
193.56.37.1	32	kmw	None	2020-01-02 00:00:00	2021-01-02 00:00:00	None	FR TO-S-2020-0228 Malicious Email Activity
193.57.40.46	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	NL TO-S-2020-0298 Malware Activity
193.70.117.117	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	PL TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
193.70.21.87	24	RR	None	2020-11-26 00:00:00	2021-02-24 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=87,FR)
193.70.35.62	24	RT	None	2021-06-18 00:00:00	2021-09-16 00:00:00	None	Unauthorized Access-Probe / UDP: Host Sweep - TT# 21C01337 (IP=62,FR)
193.70.35.95	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	FR TO-S-2020-0459 Malware Activity
193.70.35.95	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	FR TO-S-2020-0459 Malware Activity
193.70.47.107	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	FR TO-S-2020-0459 Malware Activity
193.70.79.66	24	KD	None	2021-09-21 00:00:00	2021-12-22 00:00:00	None	FILE-PDF Adobe Acrobat Reader pattern object memory corruption attempt - Sourcefire (IP=66,FR)
193.73.238.0	24	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	CH TO-S-2020-0322 Malware Activity
193.8.82.0	24	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	HK Hive Case 4187 TO-S-2021-0898 Malicious Web Application Activity
193.8.82.0	24	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	HK Hive Case 4187 TO-S-2021-0898 Malicious Web Application Activity
193.86.25.221	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	CZ TO-S-2020-0303 Malicious Email Activity
193.86.75.31	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	CZ TO-S-2020-0298 Malicious Email Activity
193.86.99.5	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	CZ TO-S-2020-0298 Malicious Email Activity
193.9.114.170	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	BE Hive Case 4237 TO-S-2021-0910 Malware Activity
193.90.12.122	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	NO Hive Case 4187 TO-S-2021-0898 Malware Activity
193.93.192.0	22	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	RU Hive Case 4237 TO-S-2021-0910 Malware Activity
193.93.62.58	32	nab	None	2021-01-06 00:00:00	2021-04-06 00:00:00	None	HIVE Case #NA Web Server Port scanning (IP=58,LV)
193.93.62.61	32	nab	None	2021-01-06 00:00:00	2021-04-06 00:00:00	None	HIVE Case #NA Web Server Port scanning (IP=61,LV)
193.95.20.220	24	RR	None	2021-05-24 00:00:00	2021-08-23 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - SourceFire (IP=220,TU) | updated by SW Block expiration extended with reason HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=220,TN)
194.0.131.0	24	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	UA TO-S-2020-0535 Malware Activity
194.105.136.0	23	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	GB TO-S-2020-0303 Malicious Email Activity
194.107.18.64	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	PL TO-S-2020-0298 Malicious Email Activity
194.126.40.118	32	dbc	None	2020-05-22 00:00:00	2021-05-27 00:00:00	None	Unafilliated TO-S-2020-0559 Malicious Email Activity | updated by dbc Block expiration extended with reason Unafilliated TO-S-2020-0559.01 Malicious Email Activity
194.127.172.237	24	EE	None	2021-01-10 00:00:00	2021-08-24 00:00:00	None	ROTOCOL-DNS DNS query amplification attempt (1:28556:3) - SourceFire (IP=237,NL) | updated by PS Block was inactive. Reactivated on 20210526 with reason PROTOCOL-DNS DNS query amplification attempt - Sourcefire (1:28556:3) (IP= 237,NL)
194.133.122.0	24	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	ZW TO-S-2020-0331 Malicious Web Application Activity
194.135.120.0	22	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	RU TO-S-2021-0989 Hive Case # 4493 Malicious Web Application Activity
194.135.90.30	24	BMP	None	2021-05-25 00:00:00	2021-08-23 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - 6hr Web Attacks (IP=30,LT)
194.136.162.75	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=75,FI)
194.138.38.170	32	dbc	None	2020-05-22 00:00:00	2021-05-27 00:00:00	None	Unafilliated TO-S-2020-0559 Malicious Email Activity | updated by dbc Block expiration extended with reason Unafilliated TO-S-2020-0559.01 Malicious Email Activity
194.14.63.136	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	SE TO-S-2020-0535 Malware Activity
194.140.113.15	24	BMP	None	2021-06-25 00:00:00	2021-09-23 00:00:00	None	SQL injection - 6hr Web Attacks (IP=15,DE)
194.141.8.35	32	TLM	None	2021-06-17 00:00:00	2021-12-17 00:00:00	None	HIVE Case #5644 TO-S-2021-1352 (IP=35,BG)
194.143.248.65	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	HU TO-S-2020-0303 Malicious Email Activity
194.143.250.192	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	HU TO-S-2020-0331 Malicious Web Application Activity
194.143.250.36	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	HU TO-S-2020-0303 Malicious Email Activity
194.143.251.231	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	HU TO-S-2020-0331 Malicious Web Application Activity
194.146.110.0	24	kmw	None	2020-01-02 00:00:00	2021-01-02 00:00:00	None	UA TO-S-2020-0228 Malicious Web Application Activity
194.146.230.125	24	BMP	None	2021-04-01 00:00:00	2021-06-30 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=125,UA)
194.146.50.162	24	RB	None	2021-02-13 00:00:00	2021-05-14 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - 6hr web attacks
194.147.140.0	24	nab	None	2021-02-12 00:00:00	2021-05-12 00:00:00	None	HIVE Case #NA Network scanning (IP=140,IR)
194.147.140.81	32	srm	None	2021-02-02 00:00:00	2021-05-03 00:00:00	None	Firepwer Suspicious Scan Activity (IP=81,CH)
194.147.142.218	24	BMP	None	2021-08-14 00:00:00	2021-11-12 00:00:00	None	SQL injection - 6hr Web Attacks (IP=218,CH)
194.147.32.220	24	RW	None	2020-11-02 00:00:00	2021-02-02 00:00:00	None	SQL HTTP URI blind injection attempt - Sourcefire (IP=220,RU)
194.147.34.0	24	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	RU TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
194.15.36.67	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	DE Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
194.15.36.99	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=99,DE)
194.150.112.113	24	GM	None	2021-01-05 00:00:00	2021-04-05 00:00:00	None	BROWSER-IE Microsoft Internet Explorer IE5 compatibility mode enable attempt - Sourcefire (IP=113,DK)
194.150.244.0	23	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	CH TO-S-2020-0322 Malware Activity
194.156.124.0	22	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	RU Hive Case 4237 TO-S-2021-0910 Malware Activity
194.163.163.20	24	ZH	None	2021-08-09 00:00:00	2021-11-07 00:00:00	None	SQL injection - 6hr Web Attacks (IP=20,DE)
194.169.205.1	24	RB	None	2021-05-01 00:00:00	2021-07-30 00:00:00	None	FTP Login Failed - 6hr failed logons (IP=1,UA)
194.176.203.249	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	GB TO-S-2020-0459 Malware Activity
194.180.224.87	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
194.181.228.110	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	PL TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
194.181.228.40	32	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	PL TO-S-2020-0838 Malicious Email Activity
194.182.176.117	32	wmp	None	2020-09-15 00:00:00	2021-11-03 00:00:00	None	HIVE Case #3853 TO-S-2020-0804 COLS-NA-TIP-20-0291 (IP=117,BG) | updated by dbc Block expiration extended with reason BG Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
194.184.36.10	24	KH	None	2021-09-12 00:00:00	2021-12-11 00:00:00	None	Drupal Core CVE-2018-7600 Form Rendering Post_render RCE - FE IPS (IP=10,IT)
194.187.251.11	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	BE TO-S-2020-0493 Malware Activity
194.187.251.34	24	EE	None	2021-02-15 00:00:00	2021-05-15 00:00:00	None	SERVER-WEBAPP Cisco Ultra Services Framework command injection attempt - 6 HR Web Attacks (IP=34,BE)
194.187.98.165	32	dbc	None	2020-03-24 00:00:00	2021-03-24 00:00:00	None	NL TO-S-2020-0369 Malicious Email Activity
194.195.113.28	24	RR	None	2021-06-06 00:00:00	2021-09-04 00:00:00	None	HTTP: Apache mod_cgi Bash Environment Variable Code Injection - Web Attacks (IP=28,DE)
194.195.114.234	32	srm	None	2021-04-28 00:00:00	2021-07-27 00:00:00	None	Firepower Suspicious Scan Activity (IP=234,IN)
194.195.119.239	24	CR	None	2021-04-28 00:00:00	2021-07-28 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attemp - Sourcefire (IP=239,IN)
194.195.240.96	24	RR	None	2021-05-23 00:00:00	2021-08-21 00:00:00	None	SERVER-WEBAPP VMware View Planner logupload arbitrary file upload attempt - SourceFire (IP=96,DE)
194.195.245.233	32	wmp	None	2021-05-27 00:00:00	2021-08-27 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=233,DE)
194.208.63.90	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	AT TO-S-2020-0303 Malicious Email Activity
194.209.96.24	32	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	CH TO-S-2020-0322 Malware Activity
194.228.13.107	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	CZ TO-S-2020-0298 Malicious Email Activity
194.233.161.99	24	KH	None	2021-07-26 00:00:00	2021-10-24 00:00:00	None	SQL injection - Web Attacks (IP=99,DE)
194.233.71.145	24	RW	None	2021-08-24 00:00:00	2021-12-13 00:00:00	None	SERVER-WEBAPP VMWare vSphere Client remote code execution attempt - Web Attacks (IP=145,SG) | updated by ZH Block expiration extended with reason SERVER-WEBAPP VMWare vSphere Client remote code execution attempt - 6hr web attacks (IP=145,SG)
194.243.255.230	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	IT TO-S-2020-0493 Malware Activity
194.247.8.0	23	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	CH TO-S-2020-0322 Malware Activity
194.25.130.198	24	RT	None	2021-09-25 00:00:00	2021-12-24 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 21C01954 (IP=198,DE)
194.26.25.0	24	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,undefined)
194.26.69.0	24	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	RU Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
194.28.100.51	24	FT	None	2021-03-20 00:00:00	2021-06-18 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=51,GB)
194.31.148.2	32	wmp	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=2,CA)
194.31.244.0	24	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	UA Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
194.31.97.12	24	BMP	None	2021-06-08 00:00:00	2021-09-06 00:00:00	None	MULTIPLE UNRECOGNIZED TECHNIQUES; FORWARD TO DEV TEAM (IP=12,CL)
194.31.97.12	32	PS	None	2021-05-20 00:00:00	2021-08-18 00:00:00	None	Apache Struts ConversionErrorInterceptor OGNL Script Injection - TT# 21C01196 (IP=12,US)
194.32.116.0	22	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	EE TO-S-2020-0298 Malicious Email Activity
194.32.76.0	22	dbc	None	2020-03-24 00:00:00	2021-03-24 00:00:00	None	GB TO-S-2020-0369 Malicious Email Activity
194.33.116.44	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	PL TO-S-2020-0331 Malicious Web Application Activity
194.33.40.0	24	TLM	None	2021-06-25 00:00:00	2021-12-25 00:00:00	None	HIVE Case #5704 TO-S-2021-1357 (IP=0,MD)
194.34.132.0	22	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	FI TO-S-2020-0315 Malicious Email Activity
194.36.143.0	24	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	OM Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
194.36.188.0	22	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	RO TO-S-2020-0298 Malicious Email Activity
194.38.0.0	22	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	RU TO-S-2020-0331 Malicious Web Application Activity
194.38.138.6	24	RW	None	2021-02-16 00:00:00	2021-05-16 00:00:00	None	Authentication Failure - 6 hr failed logons (IP=6,PT)
194.4.42.180	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	IT TO-S-2020-0303 Malicious Email Activity
194.44.36.176	24	BMP	None	2021-01-04 00:00:00	2021-04-04 00:00:00	None	FTP Login Failed - 6hr Failed Logons (IP=176,UA)
194.48.199.121	32	srm	None	2021-05-19 00:00:00	2021-08-17 00:00:00	None	Firepower Suspicious Scan Activity (IP=121,GB)
194.48.199.78	24	EE	None	2021-02-11 00:00:00	2021-08-30 00:00:00	None	SERVER-WEBAPP Spring Security OAuth remote code execution attempt - 6 HR Web Attacks (IP=78,GB) | updated by RW Block was inactive. Reactivated on 20210601 with reason HTTP: Apache mod_cgi Bash Environment Variable Code Injection - Web Attacks (IP=78,AT
194.49.56.27	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	ES TO-S-2020-0331 Malicious Web Application Activity
194.5.176.76	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	IR TO-S-2020-0750 Malicious Email Activity
194.5.249.118	32	srm	None	2021-03-30 00:00:00	2021-06-30 00:00:00	None	Firepower Suspicious Scan Activity (IP=118,RO)
194.5.249.178	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=178,RO)
194.5.49.16	24	GM	None	2020-11-21 00:00:00	2021-02-21 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Sourcefire (IP=16,TH)
194.5.78.0	23	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	RU TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
194.53.61.108	24	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=108,PL)
194.54.81.86	32	FT	None	2020-12-17 00:00:00	2021-03-17 00:00:00	None	POLICY-OTHER Adobe ColdFusion admin interface access attempt - 6hr Web Attacks (IP=86,UA)
194.58.107.191	24	EE	None	2021-03-28 00:00:00	2021-06-26 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks(IP=191,RU)
194.58.122.43	32	NAB	None	2021-01-07 00:00:00	2021-04-07 00:00:00	None	HIVE Case #NA FP Security (IP=43,RU)
194.58.123.229	24	BMP	None	2021-04-21 00:00:00	2021-07-20 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability CVE-2017-9841 - 6hr Web Attacks IP=229,RU
194.59.164.154	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	SG Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
194.59.164.167	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	DE TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
194.59.164.17	32	dbc	None	2020-05-22 00:00:00	2021-05-27 00:00:00	None	Unafilliated TO-S-2020-0559 Malicious Email Activity | updated by dbc Block expiration extended with reason Unafilliated TO-S-2020-0559.01 Malicious Email Activity
194.59.164.20	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=20,SG)
194.59.164.83	32	wmp	None	2020-09-16 00:00:00	2021-10-21 00:00:00	None	HIVE Case #3904 COLS-NA-TIP-20-0292 (IP=83,SG) | updated by dbc Block expiration extended with reason SG TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
194.59.164.96	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	SG TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
194.59.164.97	32	wmp	None	2020-09-22 00:00:00	2021-10-29 00:00:00	None	HIVE Case #3941 TO-S-2020-0821 COLS-NA-TIP-20-0298 (IP=97,SG) | updated by dbc Block expiration extended with reason DE Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
194.59.165.113	32	dbc	None	2020-04-08 00:00:00	2021-04-08 00:00:00	None	SG TO-S-2020-0419 Malware Activity
194.59.165.74	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=74,SG)
194.59.251.90	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
194.59.40.0	24	TLM	None	2021-06-17 00:00:00	2021-12-17 00:00:00	None	HIVE Case #5644 TO-S-2021-1352 (IP=0,RU)
194.60.236.0	22	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	RU TO-S-2020-0298 Malicious Email Activity
194.60.254.0	24	dbc	None	2020-03-24 00:00:00	2021-03-24 00:00:00	None	GB TO-S-2020-0369 Malicious Email Activity
194.61.137.0	24	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	MK TO-S-2020-0298 Malicious Email Activity
194.61.24.119	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	NL Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
194.61.24.126	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	NL Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
194.61.24.32	32	dbc	None	2020-09-17 00:00:00	2021-09-17 00:00:00	None	NL TO-S-2020-0805 Malicious Web Application Activity
194.61.25.4	32	wmp	None	2021-05-13 00:00:00	2021-08-13 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=4,RU)
194.61.26.34	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	HR TO-S-2020-0303 Malicious Email Activity
194.61.3.160	24	EE	None	2021-04-19 00:00:00	2021-07-18 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) Web Attack (IP=160,RU)
194.61.55.248	32	wmp	None	2021-04-23 00:00:00	2021-07-23 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=248,RU)
194.62.6.233	32	wmp	None	2021-02-17 00:00:00	2021-05-17 00:00:00	None	Firepower Suspicious Scan Activity (IP=233,NL)
194.62.6.39	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=39,NL)
194.63.249.212	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	NO TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
194.67.110.173	24	EE	None	2021-03-27 00:00:00	2021-06-25 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=173,RU)
194.67.113.112	24	DT	None	2021-03-25 00:00:00	2021-06-23 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - 6hr Web Attacks (IP=112,RU)
194.67.60.18	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	RU Hive Case 4187 TO-S-2021-0898 Malware Activity
194.67.71.0	24	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	RU Hive Case 4187 TO-S-2021-0898 Malicious Web Application Activity
194.68.44.0	24	NAB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HIVE Case #5136 TO-S-21-1197 TO-S-21-1197.01 (IP=0,RO)
194.78.208.229	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	BE Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
194.78.97.21	24	BMP	None	2021-03-23 00:00:00	2021-06-21 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - 6hr Web Attacks (IP=21,BE)
194.79.5.212	24	BMP	None	2021-02-17 00:00:00	2021-05-16 00:00:00	None	FTP Login Failed - 6hr Failed Logons (IP=212,RU)
194.8.229.0	24	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	RU Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
194.8.56.0	24	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	UA Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
194.85.249.3	24	KD	None	2021-08-28 00:00:00	2021-11-26 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt (1:28556:3) - Sourcefire (IP=3,DE)
194.85.88.0	21	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	RU TO-S-2020-0303 Malicious Email Activity
194.87.217.32	24	NAB	None	2021-06-09 00:00:00	2021-09-07 00:00:00	None	HIVE Case #NA FP Security (IP=32,CZ)
194.88.60.151	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=151,HU)
194.9.176.0	22	NAB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HIVE Case #5136 TO-S-21-1197 TO-S-21-1197.01 (IP=0,US)
194.99.104.132	24	KH	None	2021-08-03 00:00:00	2021-11-01 00:00:00	None	SQL HTTP URI blind injection attempt (1:49666:2) - Sourcefire (IP=132,ES)
194.99.104.28	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	ES TO-S-2020-0459 Malware Activity
194.99.104.35	24	EE	None	2021-01-14 00:00:00	2021-04-14 00:00:00	None	SERVER-OTHER Adobe ColdFusion unauthenticated file upload attempt - 6 HR Web Attack (IP=35,ES)
195.10.212.137	24	AR	None	2021-07-04 00:00:00	2021-10-02 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire (IP=137,NL)
195.103.105.227	32	dbc	None	2020-05-22 00:00:00	2021-05-27 00:00:00	None	Unafilliated TO-S-2020-0559 Malicious Email Activity | updated by dbc Block expiration extended with reason Unafilliated TO-S-2020-0559.01 Malicious Email Activity
195.110.153.232	24	EE	None	2021-03-19 00:00:00	2021-06-17 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=232,IT)
195.110.34.174	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	FR TO-S-2020-0459 Malware Activity
195.110.35.213	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	FR TO-S-2020-0493 Malware Activity
195.110.62.0	23	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	RU TO-S-2020-0331 Malicious Web Application Activity
195.116.84.177	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	PL TO-S-2020-0331 Malicious Web Application Activity
195.133.192.11	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=11,CZ)
195.133.220.0	22	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	IQ TO-S-2020-0298 Malicious Email Activity
195.133.40.157	24	BMP	None	2021-05-25 00:00:00	2021-08-23 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt (1:28556:3) - SourceFire (IP=157,NL)
195.134.178.186	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	IT TO-S-2020-0331 Malicious Web Application Activity
195.14.0.12	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	FR TO-S-2021-0876 Hive Case 4166 Malware Activity
195.140.213.71	24	BMP	None	2021-01-27 00:00:00	2021-04-27 00:00:00	None	FTP Login Failed - 6hr Failed Logons (IP=71,GB)
195.140.215.172	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	GB TO-S-2020-0459 Malware Activity
195.140.215.174	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	GB TO-S-2020-0493 Malware Activity
195.140.52.218	32	TLM	None	2021-07-29 00:00:00	2021-10-27 00:00:00	None	HIVE Case #5884 TO-S-2021-1435 (IP=218,DE)
195.144.21.56	24	ZH	None	2021-06-01 00:00:00	2021-09-17 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - SourceFire (IP=56,GB) | updated by ZH Block was inactive. Reactivated on 20210601 with reason INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sou
195.144.21.56	24	BMP	None	2020-04-05 00:00:00	2021-09-17 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - SourceFire (IP=56,GB) | updated by ZH Block was inactive. Reactivated on 20210601 with reason INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sou
195.144.21.56	24	RR	None	2021-06-19 00:00:00	2021-09-17 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - SourceFire (IP=56,GB) | updated by ZH Block was inactive. Reactivated on 20210601 with reason INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sou
195.146.133.153	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	SK Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
195.154.250.89	24	EE	None	2021-07-01 00:00:00	2021-09-29 00:00:00	None	HIVE Case #5743 IOC_ Russian GRU Conducting Global Brute Force (IP=89,FR)
195.154.26.101	32	wmp	None	2021-05-06 00:00:00	2021-08-06 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=101,FR)
195.154.53.207	24	GM	None	2020-10-30 00:00:00	2021-01-30 00:00:00	None	Artemis
195.158.14.125	24	EE	None	2020-12-03 00:00:00	2021-03-03 00:00:00	None	FTP Login Failed - 6 HR Failed Logon (IP=125,UZ)
195.158.20.27	24	BMP	None	2021-01-19 00:00:00	2021-04-19 00:00:00	None	FTP Login Failed - 6hr Failed Logons (IP=27,UZ)
195.158.24.198	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	UZ TO-S-2020-0493 Malware Activity
195.158.80.0	20	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	MT Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
195.159.218.141	32	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	NO TO-S-2020-0315 Malicious Email Activity
195.159.28.229	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	NO TO-S-2021-0876 Hive Case 4166 Malware Activity
195.159.29.151	32	dbc	None	2020-06-10 00:00:00	2021-06-10 00:00:00	None	Unaffiliated TO-S-2020-0601 Malicious Email Activity
195.16.32.0	19	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	RU TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
195.161.41.87	32	NAB	None	2021-01-07 00:00:00	2021-10-06 00:00:00	None	HIVE Case #NA FP Security (IP=87,RU) | updated by NAB Block was inactive. Reactivated on 20210708 with reason HIVE Case #NA FP Security (IP=87,RU)
195.162.88.160	32	dbc	None	2020-05-22 00:00:00	2021-05-27 00:00:00	None	Unafilliated TO-S-2020-0559 Malicious Email Activity | updated by dbc Block expiration extended with reason Unafilliated TO-S-2020-0559.01 Malicious Email Activity
195.170.96.0	19	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5629 TO-S-2021-1303 (IP=0,DE)
195.171.27.244	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	US TO-S-2020-0303 Malicious Web Application Activity
195.176.3.23	32	RW	None	2021-03-10 00:00:00	2021-06-10 00:00:00	None	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00664 (IP=23,CH)
195.181.163.29	32	RR	None	2020-11-24 00:00:00	2021-02-22 00:00:00	None	Nuclei Vulnerability Scanner- GET parameter - IPS Events (IP=29,US)
195.181.166.90	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	SE TO-S-2020-0493 Malware Activity
195.181.168.163	32	ZH	None	2021-07-04 00:00:00	2021-10-02 00:00:00	None	SQL injection - 6hr Web Attacks (IP=163,US)
195.181.172.185	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	NL TO-S-2020-0303 Malicious Web Application Activity
195.181.248.14	32	dbc	None	2020-09-23 00:00:00	2021-09-23 00:00:00	None	SK TO-S-2020-0826 Hive Case 3950 Malicious Email Activity
195.181.45.230	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	IR TO-S-2020-0298 Malicious Email Activity
195.182.202.0	23	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5637 TO-S-2021-1321 (IP=0,UA)
195.182.210.150	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	IT TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
195.182.210.170	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	IT TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
195.186.210.170	32	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	CH TO-S-2020-0322 Malware Activity
195.189.71.22	24	GM	None	2020-11-29 00:00:00	2021-03-01 00:00:00	None	FTP Login Failed - Failed Logons (IP=22,KZ)
195.19.194.0	24	NAB	None	2021-04-05 00:00:00	2021-07-04 00:00:00	None	HIVE Case #5201 TO-S-21-1209 (IP=0,RU)
195.19.217.0	24	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	RU TO-S-2020-0838 Malware Activity
195.191.148.59	32	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5629 TO-S-2021-1303 (IP=59,BG)
195.191.32.43	24	EE	None	2020-12-15 00:00:00	2021-03-15 00:00:00	None	Authentication failure - 6 Hr Failed Logon (IP=43,RU)
195.192.226.180	32	srm	None	2021-01-29 00:00:00	2021-04-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=180,IL)
195.2.93.0	24	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	RU TO-S-2020-0322 Malware Activity
195.20.50.235	32	TLM	None	2021-06-10 00:00:00	2021-12-10 00:00:00	None	HIVE CASE #5606 TO-S-2021-1338
195.20.50.71	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	NL TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
195.20.54.12	32	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	NL TO-S-2020-0315 Malicious Email Activity
195.200.252.107	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	PT TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
195.201.195.101	24	FT	None	2021-03-20 00:00:00	2021-06-18 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=101,DE)
195.206.183.174	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	GB TO-S-2020-0493 Malware Activity
195.208.165.101	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	RU TO-S-2020-0298 Malicious Email Activity
195.209.48.28	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	RU TO-S-2020-0298 Malicious Email Activity
195.214.250.67	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	BG Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
195.22.153.170	24	CR	None	2020-11-17 00:00:00	2021-02-17 00:00:00	None	SERVER-WEBAPP Linksys E-series HNAP TheMoon remote code execution attempt - Sourcefire (IP=170,RU)
195.22.7.28	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	PT Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
195.222.172.114	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	RU TO-S-2020-0331 Command and Control Exploit
195.223.173.102	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	IT TO-S-2020-0493 Malware Activity
195.225.118.55	32	jkc	None	2020-06-26 00:00:00	2021-06-26 00:00:00	None	Case # 3146 - IOC_ CTO 20-172 malicious callback IP (ip=55,CH)
195.229.224.0	19	dbc	None	2020-12-08 00:00:00	2021-12-08 00:00:00	None	AE TO-S-2021-0982 Malicious Email Activity
195.230.113.192	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	PL Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
195.230.23.194	32	wmp	None	2021-01-13 00:00:00	2021-04-13 00:00:00	None	Suspicious Scan Activity (IP=194,BG)
195.230.64.0	19	dbc	None	2020-06-08 00:00:00	2021-06-08 00:00:00	None	RU TO-S-2020-0592 Malware Activity
195.231.64.60	32	NAB	None	2020-10-30 00:00:00	2021-01-28 00:00:00	None	HIVE Case #4238 COLS-NA-TIP-20-0344 (IP=60,IT)
195.231.8.23	32	dbc	None	2020-09-17 00:00:00	2021-09-17 00:00:00	None	IT TO-S-2020-0805 Malicious Web Application Activity
195.231.81.196	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	Unaffiliated TO-S-2020-0535 Malicious Email Activity
195.238.175.41	32	TLM	None	2021-06-17 00:00:00	2021-12-17 00:00:00	None	HIVE Case #5644 TO-S-2021-1352 (IP=41,GB)
195.238.75.248	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=248,NL)
195.24.192.0	19	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	CM Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
195.24.64.0	21	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	RU TO-S-2020-0303 Malicious Email Activity
195.240.175.134	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	NL TO-S-2020-0298 Malicious Email Activity
195.242.103.104	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	DE TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
195.245.112.88	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	NL Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
195.248.94.0	24	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	RU TO-S-2020-0535 Malware Activity
195.28.11.0	24	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	IR Hive Case 4237 TO-S-2021-0910 Malicious Web Application Activity
195.3.244.0	22	kmw	None	2020-01-02 00:00:00	2021-01-02 00:00:00	None	UA TO-S-2020-0228 Malicious Web Application Activity
195.33.210.162	32	jkc	None	2021-04-21 00:00:00	2021-10-21 00:00:00	None	Case # 5273 IOC_TO-S-2021-1233 Malicious callback IP
195.33.236.66	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	TR TO-S-2020-0303 Malicious Email Activity
195.34.244.0	19	dbc	None	2020-09-01 00:00:00	2021-09-01 00:00:00	None	RU HIVE Case #3744 TO-S-2020-0772 Malicious Email Activity
195.34.83.254	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	DE Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
195.35.245.30	32	wmp	None	2021-03-09 00:00:00	2021-06-09 00:00:00	None	ArcSight ESM High Attacker (IP=30,NL)
195.42.154.0	23	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	RU TO-S-2020-0298 Malicious Email Activity
195.42.219.211	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	SE TO-S-2020-0535 Malware Activity
195.47.196.119	32	wmp	None	2021-04-15 00:00:00	2021-07-15 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=119,RU)
195.5.3.87	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=87,UA)
195.5.9.201	24	GM	None	2020-10-31 00:00:00	2021-01-31 00:00:00	None	Generic URI Injection wget Attempt - FireEye CMS (IP=201,UA)
195.50.4.0	22	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	BY TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
195.54.160.0	23	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	RU TO-S-2020-0838 Malware Activity
195.54.166.0	23	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	RU TO-S-2020-0322 Malware Activity
195.54.176.0	23	kmw	None	2020-01-02 00:00:00	2021-01-02 00:00:00	None	RU TO-S-2020-0228 Malicious Email Activity
195.60.190.155	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	IT Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
195.62.195.2	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	GB TO-S-2020-0331 Malicious Web Application Activity
195.62.32.225	32	dbc	None	2020-05-13 00:00:00	2021-05-13 00:00:00	None	Unaffiliated TO-S-2020-0503 Malicious Email Activity
195.62.46.150	32	TLM	None	2021-06-17 00:00:00	2021-12-17 00:00:00	None	HIVE Case #5644 TO-S-2021-1352 (IP=150,DE)
195.62.46.53	24	RB	None	2020-11-16 00:00:00	2021-02-14 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt - Sourcefire (IP=53,DE)
195.64.164.87	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	FR TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
195.66.194.6	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	GB TO-S-2020-0303 Malicious Email Activity
195.68.202.0	23	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	GB TO-S-2020-0303 Malicious Email Activity
195.69.209.165	24	KD	None	2021-06-02 00:00:00	2021-08-31 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt- Web Attacks (IP=165,PL)
195.70.1.181	32	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	CH TO-S-2020-0322 Malware Activity
195.78.229.162	32	GED	None	2020-12-04 00:00:00	2021-03-04 00:00:00	None	HIVE Case #NA FP CIO Policy (IP=162,ES)
195.80.138.0	24	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	RU TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
195.88.12.0	24	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	RS TO-S-2020-0315 Malicious Email Activity
195.88.184.186	24	wmp	None	2018-11-09 06:00:00	2021-08-22 00:00:00	None	Hello Peppa Scan (IP=186,RU) | updated by WR Block was inactive. Reactivated on 20210524 with reason HTTP: ThinkPHP CMS Getshell Vulnerability- 6 hr web attacks (IP=186,RU)
195.91.201.52	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=52,RU)
195.93.239.107	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=107,NL)
195.95.252.0	23	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,RU)
195.96.193.41	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	IT TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
196.117.105.115	24	BB	None	2021-07-13 00:00:00	2021-10-11 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - Failed Logon (IP=115,MA)
196.151.240.0	20	jkc	None	2021-04-21 00:00:00	2021-10-21 00:00:00	None	Case # 5273 IOC_TO-S-2021-1233 Malicious callback IP
196.157.100.4	32	TLM	None	2021-08-10 00:00:00	2021-02-10 00:00:00	None	HIVE Case #5969 TO-S-2021-1289 (IP=4,EG)
196.158.16.0	21	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,EG)
196.188.107.80	24	FT	None	2021-03-27 00:00:00	2021-06-25 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=80,ET)
196.188.108.37	24	BMP	None	2021-04-02 00:00:00	2021-07-01 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=37,ET)
196.188.115.249	24	BMP	None	2021-04-11 00:00:00	2021-07-10 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=249,ET)
196.188.115.250	24	DT	None	2021-06-18 00:00:00	2021-09-16 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (1:42857:3) - Source Fire (IP=250,ET)
196.188.51.244	32	srm	None	2021-04-27 00:00:00	2021-07-26 00:00:00	None	Firepower Suspicious Scan Activity (IP=244,ET)
196.188.51.250	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	ET TO-S-2020-0493 Malware Activity
196.189.149.14	24	EE	None	2021-04-02 00:00:00	2021-07-01 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=14,ET)
196.189.149.47	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=47,ET)
196.189.149.48	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	HIVE Case #Firepower Firepower (IP=48,ET)
196.189.149.50	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=50,ET)
196.189.149.51	24	RW	None	2021-05-14 00:00:00	2021-08-14 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - web attacks (IP=51,ET)
196.189.149.58	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=58,ET)
196.189.91.238	24	GM	None	2021-03-24 00:00:00	2021-06-24 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=238,ET)
196.191.128.0	19	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	ET Hive Case 4237 TO-S-2021-0910 Malware Activity
196.192.72.0	21	TLM	None	2021-06-17 00:00:00	2021-12-17 00:00:00	None	HIVE Case #5644 TO-S-2021-1352 (IP=0,TZ)
196.196.244.0	24	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	ZA TO-S-2021-1007 Malware Activity
196.196.25.253	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	GB Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
196.2.8.0	21	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	BI TO-S-2020-0303 Malicious Email Activity
196.2.89.20	32	srm	None	2021-03-30 00:00:00	2021-06-30 00:00:00	None	Firepower Suspicious Scan Activity (IP=20,MA)
196.20.48.166	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	US TO-S-2020-0303 Malicious Email Activity
196.200.16.0	20	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	KE Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
196.201.18.18	24	RB	None	2021-03-09 00:00:00	2021-06-07 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6hr failed logons (IP=18,ZW)
196.201.228.0	22	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	US TO-S-2020-0303 Malicious Web Application Activity
196.202.177.206	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	KE TO-S-2020-0298 Malicious Email Activity
196.205.110.147	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	HIVE Case #Firepower Firepower (IP=147,EG)
196.207.187.0	24	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	KE Hive Case 4237 TO-S-2021-0910 Malware Activity
196.216.74.202	24	AR	None	2021-07-28 00:00:00	2021-10-26 00:00:00	None	SQL injection - 6Hr Web Attacks (IP=202,KE)
196.217.136.0	21	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	MA Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
196.217.58.149	24	BMP	None	2021-06-03 00:00:00	2021-09-01 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=149,MA)
196.218.5.243	32	srm	None	2021-01-29 00:00:00	2021-04-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=243,EG)
196.22.136.0	21	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,ZA)
196.221.148.90	32	srm	None	2021-01-28 00:00:00	2021-04-28 00:00:00	None	Firepower Suspicious Scan Activity (IP=90,EG)
196.223.160.0	20	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	KE TO-S-2020-0303 Malicious Email Activity
196.223.240.0	21	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	RW TO-S-2020-0331 Malicious Web Application Activity
196.235.19.148	32	dbc	None	2020-06-08 00:00:00	2021-06-08 00:00:00	None	TN TO-S-2020-0592 Malware Activity
196.244.192.13	24	RB	None	2021-05-16 00:00:00	2021-08-14 00:00:00	None	SQL injection - 6hr web attacks (IP=13,FI)
196.247.57.92	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	CA TO-S-2020-0493 Malware Activity
196.250.208.0	21	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	KE Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
196.29.32.0	21	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,ZW)
196.3.168.0	21	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	US TO-S-2020-0303 Malicious Email Activity
196.3.96.244	24	KH	None	2021-08-16 00:00:00	2021-11-14 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=244,MZ)
196.32.96.0	20	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	ZA TO-S-2020-0298 Malicious Email Activity
196.33.101.31	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	ZA Hive Case 4237 TO-S-2021-0910 Malware Activity
196.41.47.0	24	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	TZ Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
196.45.144.0	20	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	TZ TO-S-2020-0331 Malicious Web Application Activity
196.46.184.0	22	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	ZA TO-S-2021-0876 Hive Case 4166 Malicious Web Application Activity
196.47.112.0	23	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	CI TO-S-2020-0303 Malware Activity
196.50.5.210	24	KD	None	2021-06-08 00:00:00	2021-09-07 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2)- Web Attacks (IP=210,NG)
196.50.5.210	24	KD	None	2021-06-08 00:00:00	2021-09-07 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt- Web Attacks (IP=210,NG)
196.52.43.0	24	EDBT	None	2016-11-04 05:00:00	2021-01-05 00:00:00	None	ET POLICY Suspicious inbound to Oracle SQL port 1521 (IP=52,NL) | updated by EDBT with reason ET SCAN Rapid POP3 Connections | updated by nab Block was inactive. Reactivated on 20201005 with reason HIVE Case #4051 CTR-20-1200 Network scanning (IP=43
196.61.102.82	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	ZA TO-S-2020-0331 Malicious Web Application Activity
196.61.16.0	20	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	ZA TO-S-2020-0331 Malicious Web Application Activity
196.70.251.104	24	RR	None	2021-03-30 00:00:00	2021-06-28 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=104,MA)
196.74.171.15	24	BMP	None	2020-12-23 00:00:00	2021-03-23 00:00:00	None	SERVER-WEBAPP Citrix ADC and Gateway information disclosure attempt - SourceFire (IP=15,MA)
196.74.173.185	24	BMP	None	2020-12-23 00:00:00	2021-04-04 00:00:00	None	HTTP: SQL Injection - Exploit II - 6hr Web Attacks (IP=185,MA) | updated by RW Block expiration extended with reason SERVER-WEBAPP Fortigate SSL VPN cross site scripting attempt - Web Attacks (IP=185,MA)
196.74.176.126	24	RR	None	2021-03-23 00:00:00	2021-06-21 00:00:00	None	POLICY-OTHER PHP uri tag injection attempt (1:23111:13) -SourceFire (IP=126,MR)
196.74.20.247	24	GM	None	2020-10-08 00:00:00	2021-01-10 00:00:00	None	SQL union select - possible sql injection attempt - GET parameter - Sourcefire (IP=247,MA) | updated by RB Block expiration extended with reason Hive Case #4088 (IP=247,MA)
196.77.28.215	24	RR	None	2021-06-07 00:00:00	2021-09-05 00:00:00	None	POLICY-OTHER Adobe ColdFusion admin interface access attempt - Web Attacks (IP=215,MA)
197.149.123.0	24	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	NE Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
197.149.86.0	24	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	NE Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
197.156.112.157	24	GM	None	2021-03-29 00:00:00	2021-06-29 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=157,ET)
197.156.130.0	23	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	KE Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
197.156.91.61	24	UA	None	2021-07-10 00:00:00	2021-10-08 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=61,ET)
197.156.92.216	32	srm	None	2021-02-02 00:00:00	2021-05-03 00:00:00	None	Firepwer Suspicious Scan Activity (IP=216,ET)
197.157.192.0	22	dbc	None	2019-12-17 00:00:00	2021-02-14 00:00:00	None	BI TO-S-2020-0187 Malicious Email Activity | updated by dbc Block expiration extended with reason BI TO-S-2020-0298 Malicious Email Activity
197.157.216.0	22	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	NG TO-S-2020-0331 Malicious Web Application Activity
197.185.104.195	24	RB	None	2021-04-01 00:00:00	2021-06-30 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - Sourcefire (IP=195,ZA)
197.189.192.0	19	dbc	None	2020-09-23 00:00:00	2021-09-23 00:00:00	None	ZA TO-S-2020-0826 Hive Case 3950 Malicious Email Activity
197.208.56.179	24	RB	None	2020-11-22 00:00:00	2021-02-22 00:00:00	None	HTTP SQL Injection Attempt - 6hr web attacks (IP=179,SD)
197.210.84.169	32	NAB	None	2020-10-30 00:00:00	2021-01-28 00:00:00	None	HIVE Case #4238 COLS-NA-TIP-20-0344 (IP=169,NG)
197.211.112.0	23	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	NG TO-S-2020-0303 Malware Activity
197.211.212.152	32	dbc	None	2020-03-24 00:00:00	2021-03-24 00:00:00	None	US TO-S-2020-0369 Malicious Email Activity
197.214.112.0	21	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	ZA Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
197.216.2.126	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	AO Hive Case 4187 TO-S-2021-0898 Malicious Web Application Activity
197.220.163.0	24	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=0,GH)
197.221.128.0	19	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	UG TO-S-2021-0876 Hive Case 4166 Malware Activity
197.221.225.2	24	RW	None	2021-03-07 00:00:00	2021-06-28 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - 6 hr failed logons (IP=2,ZW) | updated by RR Block expiration extended with reason SERVER-WEBAPP vBulletin pre-authenticated command injection attempt - Web Attacks (IP=2,ZW
197.221.238.14	24	BMP	None	2021-05-05 00:00:00	2021-08-03 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - 6hr Web Attacks (IP=14,ZW)
197.221.246.46	24	RB	None	2021-05-07 00:00:00	2021-08-05 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Sourcefire (IP=46,ZW)
197.221.254.193	24	BB	None	2021-08-10 00:00:00	2021-11-08 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - Failed Logon (IP=193,ZW)
197.221.91.46	32	BMP	None	2021-03-13 00:00:00	2021-06-13 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=46,US)
197.221.91.46	24	DT	None	2021-03-30 00:00:00	2021-06-28 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=46,GH)
197.231.130.5	24	BMP	None	2021-03-25 00:00:00	2021-06-23 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=5,GM)
197.231.200.0	22	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	SO TO-S-2020-0298 Malicious Email Activity
197.232.89.169	32	srm	None	2021-01-28 00:00:00	2021-04-28 00:00:00	None	Firepower Suspicious Scan Activity (IP=169,KE)
197.234.216.0	21	wmp	None	2020-09-01 00:00:00	2021-09-17 00:00:00	None	HIVE Case #3708 TO-S-2020-0766 (IP=0,BJ) | updated by dbc Block expiration extended with reason BJ TO-S-2020-0805 Malicious Web Application Activity
197.234.240.0	22	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	ZA TO-S-2020-0459 Malware Activity
197.234.242.132	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	ZA TO-S-2020-0459 Malware Activity
197.234.242.162	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	ZA TO-S-2020-0459 Malware Activity
197.234.242.198	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	ZA TO-S-2020-0459 Malware Activity
197.234.242.84	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	ZA TO-S-2020-0459 Malware Activity
197.234.244.0	24	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	ZA TO-S-2020-0459 Malware Activity
197.234.245.0	24	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	ZA TO-S-2020-0459 Malware Activity
197.243.57.168	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=168,RW)
197.243.89.35	24	KD	None	2021-06-03 00:00:00	2021-09-03 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt (1:19559:13) - Source Fire (IP=35,RW)
197.246.16.0	20	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	EG Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
197.246.171.252	24	GM	None	2020-12-19 00:00:00	2021-03-19 00:00:00	None	Generic URI Injection wget Attempt - FireEye CMS (IP=252,EG)
197.248.178.162	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	KE TO-S-2020-0298 Malicious Email Activity
197.248.206.38	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	KE Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
197.248.34.106	32	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	KE TO-S-2020-0315 Malicious Web Application Activity
197.248.51.74	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	KE Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
197.248.6.132	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=132,KE)
197.251.192.0	19	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	GH Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
197.252.19.7	24	RW	None	2020-11-06 00:00:00	2021-02-06 00:00:00	None	Nuclei Vulnerability Scanner - Fireeye IPS (IP=7,SD)
197.252.209.141	24	KH	None	2021-08-30 00:00:00	2021-11-28 00:00:00	None	Adobe ColdFusion Administrator Access Restriction - 6hr Web Attacks (IP=141,SD)
197.252.3.231	24	RW	None	2020-11-06 00:00:00	2021-02-06 00:00:00	None	SERVER-OTHER Spring Data Commons remote code execution attempt - Sourcefire (IP=231,SD)
197.253.36.122	24	FT	None	2020-10-17 00:00:00	2021-01-17 00:00:00	None	SERVER-WEBAPP vBulletin pre-authenticated command injection attempt - Web Attacks (IP=122,NG)
197.254.193.0	24	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5629 TO-S-2021-1303 (IP=0,SD)
197.255.255.0	24	GLM	None	2016-10-31 05:00:00	2021-10-29 00:00:00	None	INDICATOR-COMPROMISE Suspicious .tk dns query (IP=2,NG) | updated by RR with reason INDICATOR-COMPROMISE Suspicious .tk dns q | updated by dbc Block was inactive. Reactivated on 20201029 with reason NE Hive Case 4187 TO-S-2021-0898 Malicious Reconnaiss
197.255.41.109	32	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	US TO-S-2020-0315 Malicious Web Application Activity
197.32.82.64	24	FT	None	2021-01-24 00:00:00	2021-04-24 00:00:00	None	SQL use of sleep function in HTTP header - likely SQL injection attempt (1:38993:9) - SourceFire (IP=64,EG)
197.35.227.238	24	KH	None	2021-07-22 00:00:00	2021-10-20 00:00:00	None	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script - TT# 21C01472 (IP=238,EG)
197.43.61.86	24	BMP	None	2021-01-01 00:00:00	2021-04-01 00:00:00	None	FTP Login Failed - 6hr Failed Logons (IP=86,EG)
197.51.82.72	24	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepwer Suspicious Scan Activity (IP=72,EG)
197.52.231.148	24	RW	None	2021-02-02 00:00:00	2021-05-02 00:00:00	None	Authentication Failure - 6 hr failed logons (IP=148,EG)
197.55.149.217	24	RW	None	2021-09-10 00:00:00	2021-12-09 00:00:00	None	SQL injection - Web Attacks (IP=217,EG)
197.58.151.2	24	FT	None	2021-02-22 00:00:00	2021-05-23 00:00:00	None	Adobe ColdFusion Administrator Access Restriction - 6hr web attacks (IP=2,EG)
197.59.179.185	24	RB	None	2021-06-06 00:00:00	2021-09-04 00:00:00	None	HTTP: SQL Injection - Exploit - 6hr web attacks (IP=185,EG)
197.59.179.185	24	RR	None	2021-06-06 00:00:00	2021-09-04 00:00:00	None	SQL 1 = 1 - possible sql injection attempt - SourceFire (IP=185,EG)
197.63.13.157	24	FT	None	2020-11-20 00:00:00	2021-02-20 00:00:00	None	SERVER-WEBAPP JBoss web console access attempt (1:24342:4) - Sourcefire (IP=157,EG)
197.89.33.198	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	ZA Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
197.89.76.28	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	ZA TO-S-2020-0535 Malware Activity
197.89.85.207	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	ZA Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
198.1.112.132	32	kmw	None	2020-01-02 00:00:00	2021-01-02 00:00:00	None	US TO-S-2020-0228 Malicious Email Activity
198.1.74.158	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
198.100.145.189	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	CA TO-S-2020-0459 Malware Activity
198.100.146.132	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	CA TO-S-2020-0493 Malware Activity
198.100.149.190	24	AR	None	2021-06-09 00:00:00	2021-09-07 00:00:00	None	HTTP Request Brute Force Attack - 6hr Failed Logons (IP=190,CA) | updated by AR Block expiration extended with reason Adobe ColdFusion Administrator Access Restriction - 6 HR Web Attack (IP=190,CA) Adobe ColdFusion Administrator Access Restriction - 6
198.100.149.190	24	BMP	None	2021-06-03 00:00:00	2021-09-07 00:00:00	None	HTTP Request Brute Force Attack - 6hr Failed Logons (IP=190,CA) | updated by AR Block expiration extended with reason Adobe ColdFusion Administrator Access Restriction - 6 HR Web Attack (IP=190,CA) Adobe ColdFusion Administrator Access Restriction - 6
198.100.149.190	24	BMP	None	2021-06-03 00:00:00	2021-09-01 00:00:00	None	HTTP Request Brute Force Attack - 6hr Failed Logons (IP=190,CA)
198.100.154.247	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	CA TO-S-2020-0493 Malware Activity
198.100.45.154	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
198.102.8.48	32	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5629 TO-S-2021-1303 (IP=48,US)
198.108.66.112	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	US TO-S-2020-0298 Malicious Email Activity
198.108.66.240	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	US TO-S-2020-0298 Malicious Email Activity
198.108.66.80	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	US TO-S-2020-0298 Malicious Email Activity
198.108.67.16	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	US TO-S-2020-0298 Malicious Email Activity
198.11.211.210	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
198.12.121.164	32	jkc	None	2021-04-21 00:00:00	2021-10-21 00:00:00	None	Case # 5273 IOC_TO-S-2021-1233 Malicious callback IP
198.12.144.78	32	dbc	None	2020-09-17 00:00:00	2021-09-17 00:00:00	None	US TO-S-2020-0805 Malicious Email Activity
198.12.145.135	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	US TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
198.12.153.41	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	US TO-S-2021-0949 Hive Case 4363 Malicious Email Activity
198.12.156.195	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
198.12.221.73	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	US TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
198.12.224.150	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	US TO-S-2021-1007 Malware Activity
198.12.224.157	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	US TO-S-2021-1007 Malware Activity
198.12.225.168	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	US TO-S-2021-1007 Malware Activity
198.12.227.122	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	US TO-S-2021-1007 Malware Activity
198.12.228.7	32	dbc	None	2020-09-17 00:00:00	2021-09-17 00:00:00	None	US TO-S-2020-0805 Malicious Email Activity
198.12.248.239	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	US TO-S-2021-1007 Malware Activity
198.12.252.188	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	US TO-S-2020-0750 Malicious Email Activity
198.12.253.102	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	US TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
198.12.71.108	32	BMP	None	2021-05-03 00:00:00	2021-08-01 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - SourceFire (IP=108,US)
198.13.60.221	32	dbc	None	2020-06-08 00:00:00	2021-06-08 00:00:00	None	Unafiliated TO-S-2020-0592 Malicious Email Activity
198.134.109.101	32	BMP	None	2020-10-17 00:00:00	2021-01-15 00:00:00	None	SERVER-WEBAPP Blueimp jQuery File Upload arbitrary PHP file upload attempt - 6hr Web Attacks (IP=101,US)
198.143.129.162	32	GM	None	2020-12-25 00:00:00	2021-03-25 00:00:00	None	SSLv2 Client Hello Request Detected - FireEye CMS (IP=162,US)
198.143.146.34	32	wmp	None	2021-01-14 00:00:00	2021-04-14 00:00:00	None	Suspicious Scan Activity (IP=34,US)
198.143.147.114	32	GM	None	2020-12-25 00:00:00	2021-09-16 00:00:00	None	SSLv2 Client Hello Request Detected - FireEye CMS (IP=114,US) | updated by RT Block was inactive. Reactivated on 20210618 with reason Malicious Activity - TT# 21C01336 (IP=114,DE)
198.143.147.187	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
198.143.155.138	32	ABC	None	2017-12-31 06:00:00	2021-02-14 00:00:00	None	Generic ArcSight scan attempt (IP=138,US) | updated by dbc Block was inactive. Reactivated on 20200214 with reason US TO-S-2020-0298 Malicious Email Activity
198.143.155.186	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
198.143.158.82	32	RB	None	2018-01-14 06:00:00	2021-02-14 00:00:00	None	ET SCAN Potential SSH Scan (IP=82,US) | updated by dbc Block was inactive. Reactivated on 20200214 with reason US TO-S-2020-0298 Malicious Email Activity
198.143.175.42	32	GM	None	2021-01-12 00:00:00	2021-04-12 00:00:00	None	SSLv2 Client Hello Request Detected - FireEye CMS (IP=175,US)
198.143.175.82	32	GM	None	2020-11-22 00:00:00	2021-02-22 00:00:00	None	SSLv2 Client Hello Request Detected - FireEye CMS (IP=82,US)
198.143.185.10	32	RR	None	2021-01-07 00:00:00	2021-04-07 00:00:00	None	SSLv2 Client Hello Request Detected - IPS Events (IP=10,US)
198.143.186.143	32	TLM	None	2021-07-29 00:00:00	2021-10-27 00:00:00	None	HIVE Case #5884 TO-S-2021-1435 (IP=143,US)
198.144.120.177	32	GM	None	2021-03-09 00:00:00	2021-06-07 00:00:00	None	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - TT# 21C00651 (IP=177,US)
198.144.149.130	24	FT	None	2021-01-31 00:00:00	2021-05-01 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt (1:28556:3) - SourceFire (IP=130,CA)
198.144.149.253	32	jkc	None	2020-06-26 00:00:00	2021-10-29 00:00:00	None	Case # 3146 - IOC_ CTO 20-172 malicious callback IP (ip=253,CA) | updated by dbc Block expiration extended with reason CA Hive Case 4187 TO-S-2021-0898 Malicious Web Application Activity
198.144.149.254	32	jkc	None	2020-06-26 00:00:00	2021-10-29 00:00:00	None	Case # 3146 - IOC_ CTO 20-172 malicious callback IP (ip= 254,CA) | updated by dbc Block expiration extended with reason CA Hive Case 4187 TO-S-2021-0898 Malicious Web Application Activity
198.144.158.120	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	CA TO-S-2021-0876 Hive Case 4166 Malware Activity
198.144.159.103	32	wmp	None	2021-01-08 00:00:00	2021-04-08 00:00:00	None	Suspicious Scan Activity (IP=103,CA)
198.144.159.117	32	wmp	None	2021-02-12 00:00:00	2021-05-12 00:00:00	None	ArcSight High Attacker (IP=117,CA)
198.144.159.119	32	RW	None	2021-01-28 00:00:00	2021-04-28 00:00:00	None	Unauthorized Access-Probe - TT# 21C00442 (IP=119,CA)
198.144.159.130	24	BB	None	2021-08-06 00:00:00	2021-11-04 00:00:00	None	POLICY-OTHER PHP uri tag injection attempt - SourceFire (IP=130,CA)
198.144.159.45	32	wmp	None	2021-03-09 00:00:00	2021-06-09 00:00:00	None	ArcSight ESM High Attacker (IP=45,CA)
198.144.159.82	32	GM	None	2021-02-02 00:00:00	2021-05-02 00:00:00	None	Unauthorized Access-Probe / UDP Host Sweep - TT # 21C00461 (IP=82,CA)
198.148.101.252	32	EE	None	2021-03-19 00:00:00	2021-06-17 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire (IP=252,US)
198.148.103.47	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	US Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
198.148.109.53	32	TLM	None	2021-06-14 00:00:00	2021-12-14 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=53,US)
198.178.125.158	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
198.182.163.115	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=115,US)
198.185.159.144	32	dbc	None	2018-12-14 06:00:00	2021-01-26 00:00:00	None	US TO-S-2019-0240.01 Malicious Email Activity | updated by NAB Block was inactive. Reactivated on 20201028 with reason HIVE Case #4192 COLS-NA-TIP-20-0322 (IP=144,US)
198.185.159.145	32	wmp	None	2020-06-22 00:00:00	2021-01-28 00:00:00	None	HIVE Case #3071 COLS-NA-TIP-20-0188 (IP=145,US) | updated by wmp Block expiration extended with reason HIVE Case #3433 COLS-NA-TIP-20-0238 (IP=145,US) | updated by NAB Block was inactive. Reactivated on 20201030 with reason HIVE Case #4238 COLS-NA-TIP
198.186.236.30	32	wmp	None	2020-07-21 00:00:00	2021-11-19 00:00:00	None	HIVE Case #3375 COLS-NA-TIP-20-0230 (IP=30,US) | updated by wmp Block expiration extended with reason HIVE Case #3853 TO-S-2020-0804 COLS-NA-TIP-20-0291 (IP=30,US) | updated by dbc Block expiration extended with reason US TO-S-2021-0941 Hive Case 4361
198.187.28.198	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
198.187.28.23	32	wmp	None	2020-09-22 00:00:00	2021-10-29 00:00:00	None	HIVE Case #3941 TO-S-2020-0821 COLS-NA-TIP-20-0298 (IP=23,US) | updated by dbc Block expiration extended with reason US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
198.187.29.106	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	US Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
198.187.29.127	32	TLM	None	2021-06-10 00:00:00	2021-12-10 00:00:00	None	HIVE CASE #5606 TO-S-2021-1338
198.187.29.14	32	dbc	None	2020-04-08 00:00:00	2021-04-08 00:00:00	None	US TO-S-2020-0419 Malware Activity
198.187.29.32	32	dbc	None	2020-06-10 00:00:00	2021-06-10 00:00:00	None	Unaffiliated TO-S-2020-0601 Malicious Email Activity
198.187.29.39	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	US TO-S-2020-0698 Malware Activity
198.187.29.56	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	US TO-S-2020-0698 Malicious Email Activity
198.187.29.67	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=67,US)
198.187.31.102	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	US TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
198.187.31.215	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	US TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
198.187.31.221	32	dbc	None	2020-09-17 00:00:00	2021-09-17 00:00:00	None	US TO-S-2020-0805 Malicious Email Activity
198.187.31.227	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	US Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
198.187.31.39	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=39,US)
198.187.31.43	32	NAB	None	2021-01-19 00:00:00	2021-04-19 00:00:00	None	HIVE Case #NA FP Security (IP=43,US)
198.187.31.45	32	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5629 TO-S-2021-1303 (IP=45,US)
198.187.31.58	32	dbc	None	2020-05-13 00:00:00	2021-05-13 00:00:00	None	Unaffiliated TO-S-2020-0503 Malicious Email Activity
198.199.105.61	32	BMP	None	2021-04-02 00:00:00	2021-07-01 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=61,US)
198.199.106.97	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	US TO-S-2020-0303 Malicious Email Activity
198.199.116.78	32	EE	None	2021-03-27 00:00:00	2021-06-25 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=78,US)
198.199.122.124	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
198.199.65.175	32	RW	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr web attacks (IP=175,US)
198.199.66.189	32	dbc	None	2020-01-08 00:00:00	2021-01-08 00:00:00	None	AU TO-S-2020-0236 Malicious Email Activity
198.199.68.196	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
198.199.70.208	32	kmw	None	2020-01-02 00:00:00	2021-01-02 00:00:00	None	US TO-S-2020-0228 Malicious Email Activity
198.199.72.120	32	RW	None	2021-03-31 00:00:00	2021-06-30 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=120,US)
198.199.72.91	32	FT	None	2021-04-13 00:00:00	2021-07-12 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr web attacks (IP=91,US)
198.199.77.35	32	EE	None	2021-03-22 00:00:00	2021-06-20 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attack(IP=35,US)
198.199.78.205	32	NAB	None	2021-03-15 00:00:00	2021-06-13 00:00:00	None	HIVE Case #NA - FP Security (IP=205,US)
198.199.80.219	32	KD	None	2021-06-08 00:00:00	2021-09-07 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability- Web Attacks (IP=219,US)
198.199.83.161	32	BMP	None	2021-01-11 00:00:00	2021-04-11 00:00:00	None	Backdoor.TROCHILUS - Hive Case 4744 (IP=161,US)
198.199.83.161	24	RB	None	2021-01-09 00:00:00	2021-04-09 00:00:00	None	Suspicious Scan Activity - Hive Case #4744 (IP=161,CA)
198.199.85.244	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
198.199.86.61	32	BMP	None	2021-04-02 00:00:00	2021-07-01 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=61,US)
198.199.88.66	32	RB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr failed logons (IP=66,US)
198.199.98.171	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	US TO-S-2020-0493 Malware Activity
198.199.98.33	32	RB	None	2021-03-11 00:00:00	2021-06-09 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=33,US)
198.2.132.180	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	US TO-S-2020-0298 Malware Activity
198.2.228.20	32	dbc	None	2020-09-17 00:00:00	2021-09-17 00:00:00	None	CN TO-S-2020-0805 Malicious activity
198.20.103.178	32	GM	None	2020-07-10 00:00:00	2021-10-29 00:00:00	None	HTTP: Microsoft Windows HTTP.sys Remote Code Execution (CVE-2015-1635) - TT# 20C03414 (IP=178,US) | updated by dbc Block was inactive. Reactivated on 20201029 with reason NL Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
198.20.163.139	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
198.20.235.88	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	US Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
198.20.237.79	32	wmp	None	2020-09-22 00:00:00	2021-10-21 00:00:00	None	HIVE Case #3941 TO-S-2020-0821 COLS-NA-TIP-20-0298 (IP=79,US) | updated by dbc Block expiration extended with reason US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
198.20.87.98	32	jkc	None	2015-11-24 06:00:00	2021-12-19 00:00:00	None	ET POLICY Suspicious inbound to mySQL port 3306 (IP=98 , US) | updated by ged with reason APP-DETECT failed FTP login attempt | updated by dbc with reason US TO-S-2019-0723 Malware Activity | updated by EE Block was inactive. Reactivated on 20210419 w | updated by KH Block was inactive. Reactivated on 20210920 with reason HTTP: Microsoft Windows HTTP.sys Remote Code Execution - TT# 21C01904 (IP=98,US)
198.204.239.68	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=68,US)
198.204.249.29	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
198.211.10.193	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	US Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
198.211.10.20	32	NAB	None	2020-10-28 00:00:00	2021-11-03 00:00:00	None	HIVE Case #4192 COLS-NA-TIP-20-0322 (IP=20,US) | updated by dbc Block expiration extended with reason US Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
198.211.10.227	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
198.211.107.92	32	BMP	None	2021-03-10 00:00:00	2021-06-10 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=92,US)
198.211.110.117	32	WR	None	2021-06-03 00:00:00	2021-09-01 00:00:00	None	Attempted Access - Inbound Brute Force - TT# 21C01256 (IP=117,US)
198.211.113.45	32	GM	None	2020-10-08 00:00:00	2021-01-08 00:00:00	None	SERVER-WEBAPP JBoss JMX console access attempt - Web Attacks (IP=45,US)
198.211.115.171	32	NAB	None	2020-10-30 00:00:00	2021-11-19 00:00:00	None	HIVE Case #4238 COLS-NA-TIP-20-0344 (IP=171,US) | updated by dbc Block expiration extended with reason US TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
198.211.117.14	32	FT	None	2021-04-06 00:00:00	2021-07-05 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr web attacks (IP=14,US)
198.211.120.234	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	NL TO-S-2020-0459 Malware Activity
198.211.120.8	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	NL TO-S-2020-0298 Malicious Email Activity
198.211.34.78	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=78,US)
198.211.96.170	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
198.211.99.128	32	wmp	None	2021-06-03 00:00:00	2021-09-03 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=128,US)
198.23.133.200	32	EE	None	2021-04-13 00:00:00	2021-07-12 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire (IP=200,US)
198.23.159.84	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	US TO-S-2020-0750 Malicious Email Activity
198.23.189.58	32	dbc	None	2020-06-08 00:00:00	2021-06-08 00:00:00	None	Unafiliated TO-S-2020-0592 Malicious Email Activity
198.23.194.179	32	dbc	None	2020-06-08 00:00:00	2021-06-08 00:00:00	None	US TO-S-2020-0592 Malware Activity
198.23.194.180	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	US TO-S-2020-0698 Malicious Email Activity
198.23.203.246	32	dbc	None	2020-05-13 00:00:00	2021-05-13 00:00:00	None	Unaffiliated TO-S-2020-0503 Malicious Email Activity
198.23.209.11	32	jkc	None	2021-04-21 00:00:00	2021-10-21 00:00:00	None	Case # 5273 IOC_TO-S-2021-1233 Malicious callback IP
198.23.213.234	32	JKC	None	2020-06-11 00:00:00	2021-06-11 00:00:00	None	Malicious IP Hive Case 2987 COLS-NA TIP 20-0165 CTO 20-156 (ip=234, US)
198.23.228.168	32	EE	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire (IP=168,US)
198.23.229.170	32	wmp	None	2021-03-09 00:00:00	2021-06-09 00:00:00	None	Firepower Suspicious Scan Activity (IP=170,US)
198.23.233.200	32	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5637 TO-S-2021-1321 (IP=200,US)
198.23.60.92	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
198.23.62.74	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
198.24.129.51	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	US TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
198.245.53.244	24	CR	None	2021-01-06 00:00:00	2021-11-14 00:00:00	None	Possible Cross-site Scripting Attack - IPS Events (IP=244,CA) | updated by RT Block was inactive. Reactivated on 20210811 with reason SQL injection - 6HR Web Attack (IP=244,CA) | updated by DT Block expiration extended with reason Possible Cross-site Scripting Attack - IPS Events (IP=244,CA)
198.245.77.147	32	KH	None	2021-07-27 00:00:00	2021-10-25 00:00:00	None	Nmap Scanner Traffic Detected - FE IPS (IP=147,US)
198.246.119.120	32	dbc	None	2020-05-22 00:00:00	2021-05-27 00:00:00	None	Unafilliated TO-S-2020-0559 Malicious Email Activity | updated by dbc Block expiration extended with reason Unafilliated TO-S-2020-0559.01 Malicious Email Activity
198.251.65.59	32	dbc	None	2020-06-10 00:00:00	2021-06-10 00:00:00	None	US TO-S-2020-0601 Malicious Reconnaissance Activity
198.251.72.211	32	UA	None	2021-06-22 00:00:00	2021-09-22 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt (IP=211,US)
198.251.83.248	32	GM	None	2021-03-09 00:00:00	2021-06-07 00:00:00	None	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00610 (IP=248,US)
198.251.89.144	32	NAB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HIVE Case #5136 TO-S-21-1197 TO-S-21-1197.01 (IP=144,LU)
198.252.98.109	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	CA TO-S-2020-0298 Malicious Email Activity
198.252.98.65	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	CA TO-S-2020-0298 Malicious Email Activity
198.27.118.10	32	NAB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HIVE Case #5136 TO-S-21-1197 TO-S-21-1197.01 (IP=10,CA)
198.27.66.159	24	FT	None	2021-03-30 00:00:00	2021-06-28 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=159,CA)
198.27.68.204	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	CA TO-S-2020-0535 Malware Activity
198.27.70.61	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	CA TO-S-2020-0459 Malware Activity
198.27.79.172	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	CA TO-S-2020-0303 Malicious Web Application Activity
198.27.81.31	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	CA TO-S-2020-0459 Malware Activity
198.27.81.31	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	CA TO-S-2020-0459 Malware Activity
198.27.83.174	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	CA TO-S-2020-0459 Malware Activity
198.27.83.174	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	CA TO-S-2020-0459 Malware Activity
198.36.32.0	21	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	SA TO-S-2020-0493 Malicious Web Application Activity
198.37.123.126	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	US TO-S-2021-1007 Malicious Email Activity
198.37.123.61	32	wmp	None	2020-08-20 00:00:00	2021-10-08 00:00:00	None	HIVE Case #3601 COLS-NA-TIP-20-0260 (IP=61,US) | updated by dbc Block expiration extended with reason HIVE Case #4064 TO-S-2020-0859 (IP=61,US)
198.37.123.65	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
198.37.201.246	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=246,US)
198.44.178.82	32	BMP	None	2021-02-28 00:00:00	2021-05-28 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=82,US)
198.45.132.122	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=122,US)
198.45.153.190	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=190,US)
198.45.176.217	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=217,US)
198.45.192.254	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=254,US)
198.45.212.47	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=47,US)
198.46.134.224	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
198.46.141.66	32	dbc	None	2020-09-17 00:00:00	2021-09-17 00:00:00	None	US TO-S-2020-0805 Malicious Email Activity
198.46.141.82	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	US TO-S-2020-0303 Malicious Web Application Activity
198.46.148.155	32	RW	None	2021-05-08 00:00:00	2021-08-08 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=155,US)
198.46.152.224	32	DT	None	2021-03-20 00:00:00	2021-06-18 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=224,US)
198.46.156.28	32	KH	None	2021-09-12 00:00:00	2021-12-11 00:00:00	None	Drupal Core CVE-2018-7600 Form Rendering Post_render RCE - FE IPS (IP=28,US)
198.46.173.50	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	US Hive Case 4237 TO-S-2021-0910 Malware Activity
198.46.81.192	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	US Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
198.46.81.61	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	US TO-S-2020-0493 Malware Activity
198.46.82.80	32	TLM	None	2021-06-17 00:00:00	2021-12-17 00:00:00	None	HIVE Case #5644 TO-S-2021-1352 (IP=80,US)
198.46.86.33	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=33,US)
198.46.88.214	32	kmw	None	2020-01-02 00:00:00	2021-01-02 00:00:00	None	US TO-S-2020-0228 Malicious Email Activity
198.46.95.143	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=143,US)
198.49.72.106	32	dbc	None	2020-09-23 00:00:00	2021-09-23 00:00:00	None	US TO-S-2020-0826 Hive Case 3950 Malicious Email Activity
198.49.75.215	32	GM	None	2021-03-29 00:00:00	2021-06-29 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=215,US)
198.50.191.167	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	CA TO-S-2020-0698 Malicious Email Activity
198.50.216.116	32	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	FR TO-S-2020-0322 Malware Activity
198.50.216.119	32	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	FR TO-S-2020-0322 Malware Activity
198.50.218.68	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=68,CA)
198.50.227.75	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	CA Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
198.52.125.221	32	dbc	None	2020-09-23 00:00:00	2021-09-23 00:00:00	None	US TO-S-2020-0826 Hive Case 3950 Malicious Email Activity
198.54.113.32	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	US TO-S-2020-0698 Malicious Email Activity
198.54.114.162	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	US TO-S-2020-0698 Malicious Email Activity
198.54.114.169	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	US TO-S-2020-0698 Malicious Email Activity
198.54.114.181	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	Unaffiliated TO-S-2020-0535 Malicious Email Activity
198.54.114.196	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	US TO-S-2020-0750 Malicious Email Activity
198.54.114.224	32	TLM	None	2021-06-10 00:00:00	2021-12-10 00:00:00	None	HIVE CASE #5606 TO-S-2021-1338
198.54.114.236	32	dbc	None	2020-06-10 00:00:00	2021-06-10 00:00:00	None	Unaffiliated TO-S-2020-0601 Malicious Email Activity
198.54.114.242	32	NAB	None	2021-04-05 00:00:00	2021-07-04 00:00:00	None	HIVE Case #5201 TO-S-21-1209 (IP=242,US)
198.54.114.253	32	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5629 TO-S-2021-1303 (IP=253,US)
198.54.114.254	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	US TO-S-2020-0535 Malware Activity
198.54.115.181	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	US TO-S-2020-0698 Malware Activity
198.54.115.212	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=212,US)
198.54.115.216	32	NAB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HIVE Case #5136 TO-S-21-1197 TO-S-21-1197.01 (IP=216,US)
198.54.115.253	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	US Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
198.54.115.70	32	dbc	None	2020-06-10 00:00:00	2021-06-10 00:00:00	None	Unaffiliated TO-S-2020-0601 Malicious Email Activity
198.54.115.76	32	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	US TO-S-2020-0838 Malicious Email Activity
198.54.115.79	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=79,US)
198.54.116.106	32	BMP	None	2021-06-09 00:00:00	2021-09-07 00:00:00	None	Phish.URL Redirect - CMS Report (IP=106,US)
198.54.116.15	32	NAB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HIVE Case #5136 TO-S-21-1197 TO-S-21-1197.01 (IP=15,US)
198.54.116.16	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=16,US)
198.54.116.17	32	dbc	None	2020-06-10 00:00:00	2021-06-10 00:00:00	None	US TO-S-2020-0601 Malware Activity
198.54.116.172	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	US TO-S-2020-0750 Malicious Email Activity
198.54.116.18	32	jkc	None	2021-04-21 00:00:00	2021-10-21 00:00:00	None	Case # 5273 IOC_TO-S-2021-1233 Malicious callback IP
198.54.116.180	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	US TO-S-2021-1007 Malicious Email Activity
198.54.116.198	32	dbc	None	2020-09-23 00:00:00	2021-09-23 00:00:00	None	US TO-S-2020-0826 Hive Case 3950 Malicious Email Activity
198.54.116.249	32	TLM	None	2021-07-29 00:00:00	2021-10-27 00:00:00	None	HIVE Case #5884 TO-S-2021-1435 (IP=249,US)
198.54.116.76	32	dbc	None	2020-05-13 00:00:00	2021-05-13 00:00:00	None	Unaffiliated TO-S-2020-0503 Malicious Email Activity
198.54.116.95	32	dbc	None	2020-06-10 00:00:00	2021-06-10 00:00:00	None	Unaffiliated TO-S-2020-0601 Malicious Email Activity
198.54.116.99	32	dbc	None	2020-06-10 00:00:00	2021-06-10 00:00:00	None	Unaffiliated TO-S-2020-0601 Malicious Email Activity
198.54.117.200	32	dcg	None	2018-08-03 05:00:00	2021-01-26 00:00:00	None	US TO-S-2018-0997 associated with malicious web application and malware activity | updated by NAB Block was inactive. Reactivated on 20201028 with reason HIVE Case #4192 COLS-NA-TIP-20-0322 (IP=200,US)
198.54.120.134	32	dbc	None	2020-06-10 00:00:00	2021-06-10 00:00:00	None	Unaffiliated TO-S-2020-0601 Malicious Email Activity
198.54.120.137	32	dbc	None	2020-05-13 00:00:00	2021-05-13 00:00:00	None	Unaffiliated TO-S-2020-0503 Malicious Email Activity
198.54.120.162	32	dbc	None	2020-05-13 00:00:00	2021-05-13 00:00:00	None	Unaffiliated TO-S-2020-0503 Malicious Email Activity
198.54.120.179	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=179,US)
198.54.120.199	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
198.54.120.206	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
198.54.120.212	32	dbc	None	2020-06-10 00:00:00	2021-06-10 00:00:00	None	Unaffiliated TO-S-2020-0601 Malicious Email Activity
198.54.120.225	32	NAB	None	2021-04-05 00:00:00	2021-07-04 00:00:00	None	HIVE Case #5201 TO-S-21-1209 (IP=225,US)
198.54.120.235	32	wmp	None	2020-07-30 00:00:00	2021-09-17 00:00:00	None	HIVE Case #3433 COLS-NA-TIP-20-0238 (IP=235,US) | updated by dbc Block expiration extended with reason US TO-S-2020-0805 Malicious Email Activity
198.54.120.245	32	dbc	None	2020-05-13 00:00:00	2021-05-13 00:00:00	None	Unaffiliated TO-S-2020-0503 Malicious Email Activity
198.54.120.40	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	US TO-S-2020-0750 Malicious Email Activity
198.54.120.45	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	US TO-S-2021-1007 Malicious Email Activity
198.54.120.71	32	wmp	None	2020-07-21 00:00:00	2021-09-17 00:00:00	None	HIVE Case #3375 COLS-NA-TIP-20-0230 (IP=71,US) | updated by wmp Block expiration extended with reason HIVE Case #3433 COLS-NA-TIP-20-0238 (IP=71,US) | updated by dbc Block expiration extended with reason US TO-S-2020-0805 Malicious Email Activity
198.54.121.142	32	dbc	None	2020-05-13 00:00:00	2021-05-13 00:00:00	None	Unaffiliated TO-S-2020-0503 Malicious Email Activity
198.54.121.193	32	dbc	None	2020-05-13 00:00:00	2021-05-13 00:00:00	None	Unaffiliated TO-S-2020-0503 Malicious Email Activity
198.54.124.252	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
198.54.125.140	32	wmp	None	2020-08-26 00:00:00	2021-10-08 00:00:00	None	HIVE Case #3650 COLS-NA-TIP-20-0271 (IP=140,US) | updated by dbc Block expiration extended with reason HIVE Case #4064 TO-S-2020-0859 (IP=140,US)
198.54.125.16	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	US TO-S-2020-0698 Malicious Email Activity
198.54.125.195	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=195,US)
198.54.125.200	32	dbc	None	2020-05-13 00:00:00	2021-05-13 00:00:00	None	Unaffiliated TO-S-2020-0503 Malicious Email Activity
198.54.125.244	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	US TO-S-2021-1007 Malicious Email Activity
198.54.125.32	32	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5637 TO-S-2021-1321 (IP=32,US)
198.54.125.47	32	wmp	None	2020-09-22 00:00:00	2021-10-08 00:00:00	None	HIVE Case #3941 TO-S-2020-0821 COLS-NA-TIP-20-0298 (IP=47,US) | updated by dbc Block expiration extended with reason HIVE Case #4064 TO-S-2020-0859 (IP=47,US)
198.54.125.51	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	US TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
198.54.125.54	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	US TO-S-2021-1007 Malicious Email Activity
198.54.126.117	32	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5629 TO-S-2021-1303 (IP=117,US)
198.54.126.143	32	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5637 TO-S-2021-1321 (IP=143,US)
198.54.126.161	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	US TO-S-2020-0303 Malicious Email Activity
198.54.126.24	32	NAB	None	2021-04-05 00:00:00	2021-07-04 00:00:00	None	HIVE Case #5201 TO-S-21-1209 (IP=24,US)
198.54.126.4	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	US TO-S-2021-1007 Malicious Email Activity
198.54.126.47	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	US TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
198.54.126.49	32	NAB	None	2021-04-05 00:00:00	2021-07-04 00:00:00	None	HIVE Case #5201 TO-S-21-1209 (IP=49,US)
198.54.126.51	32	dbc	None	2020-06-10 00:00:00	2021-06-10 00:00:00	None	Unaffiliated TO-S-2020-0601 Malicious Email Activity
198.54.126.81	32	dbc	None	2020-09-23 00:00:00	2021-09-23 00:00:00	None	US TO-S-2020-0826 Hive Case 3950 Malicious Email Activity
198.54.134.89	32	RB	None	2021-05-17 00:00:00	2021-08-15 00:00:00	None	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - TT# 21C01181 (IP=89,US)
198.57.151.192	32	NAB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HIVE Case #5136 TO-S-21-1197 TO-S-21-1197.01 (IP=192,US)
198.57.191.220	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
198.57.203.63	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malware Activity
198.57.223.32	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=32,US)
198.57.242.144	32	TLM	None	2021-06-17 00:00:00	2021-12-17 00:00:00	None	HIVE Case #5644 TO-S-2021-1352 (IP=144,US)
198.57.242.71	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	US TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
198.57.247.204	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
198.58.106.99	32	NAB	None	2021-01-28 00:00:00	2021-04-28 00:00:00	None	HIVE Case #NA FP Security (IP=99,US)
198.58.118.167	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
198.58.123.253	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	US TO-S-2020-0750 Malware Activity
198.7.238.209	32	dbc	None	2020-05-22 00:00:00	2021-05-27 00:00:00	None	Unafilliated TO-S-2020-0559 Malicious Email Activity | updated by dbc Block expiration extended with reason Unafilliated TO-S-2020-0559.01 Malicious Email Activity
198.71.224.14	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
198.71.224.77	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
198.71.225.149	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	US TO-S-2020-0493 Malware Activity
198.71.225.160	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
198.71.226.24	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
198.71.227.17	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
198.71.227.6	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	US TO-S-2020-0303 Malicious Web Application Activity
198.71.228.1	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
198.71.228.49	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
198.71.228.51	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
198.71.228.60	32	BP	None	2019-12-19 00:00:00	2021-05-07 00:00:00	None	SQL generic convert injection attempt - GET parameter - SourceFire (IP=60,US) | updated by dbc Block was inactive. Reactivated on 20200507 with reason US TO-S-2020-0493 Malware Activity
198.71.230.27	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
198.71.230.6	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
198.71.230.7	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
198.71.231.65	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
198.71.233.11	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	US TO-S-2020-0750 Malicious Email Activity
198.71.233.163	32	kmw	None	2020-01-02 00:00:00	2021-01-02 00:00:00	None	US TO-S-2020-0228 Malicious Email Activity
198.71.233.214	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	US TO-S-2020-0750 Malicious Email Activity
198.71.233.41	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	US TO-S-2021-0949 Hive Case 4363 Malicious Email Activity
198.71.233.47	32	wmp	None	2020-08-20 00:00:00	2021-10-08 00:00:00	None	HIVE Case #3601 COLS-NA-TIP-20-0260 (IP=47,US) | updated by dbc Block expiration extended with reason HIVE Case #4064 TO-S-2020-0859 (IP=47,US)
198.71.233.51	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
198.71.233.64	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	US TO-S-2021-1007 Malicious Email Activity
198.71.233.67	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
198.71.233.68	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	US TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
198.71.234.21	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
198.71.234.6	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
198.71.236.66	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
198.71.240.21	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
198.71.241.44	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
198.71.241.51	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
198.72.99.31	32	TLM	None	2021-07-29 00:00:00	2021-10-27 00:00:00	None	HIVE Case #5884 TO-S-2021-1435 (IP=31,CA)
198.74.57.154	32	DT	None	2021-09-03 00:00:00	2021-12-02 00:00:00	None	SERVER-WEBAPP Atlassian Confluence OGNL injection remote code execution attempt - Web Attacks (IP=154,US)
198.74.59.25	32	BMP	None	2021-02-13 00:00:00	2021-05-13 00:00:00	None	SQL injection - 6hr Web Attacks (IP=25,US)
198.74.60.226	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	US TO-S-2020-0698 Malicious Email Activity
198.74.62.104	32	BMP	None	2021-06-04 00:00:00	2021-09-02 00:00:00	None	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - TT# 21C01259 (IP=104,US)
198.74.62.144	32	RT	None	2021-09-01 00:00:00	2021-11-30 00:00:00	None	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - TT# 21C01724 (IP=144,US)
198.74.62.155	32	RW	None	2021-09-01 00:00:00	2021-11-30 00:00:00	None	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - IR# 21C01719 (IP=155,US)
198.74.62.34	32	RW	None	2021-09-01 00:00:00	2021-11-30 00:00:00	None	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - TT# 21C01721 (IP=34,US)
198.74.96.236	32	NAB	None	2020-10-28 00:00:00	2021-11-03 00:00:00	None	HIVE Case #4192 COLS-NA-TIP-20-0322 (IP=236,US) | updated by dbc Block expiration extended with reason US Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
198.8.83.178	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
198.89.94.18	24	DT	None	2020-10-02 00:00:00	2021-01-02 00:00:00	None	FTP Login Failed - Failed Logons (IP=18,KZ)
198.96.155.3	32	tpr	None	2015-03-17 05:00:00	2021-06-07 00:00:00	None	corpslocks/TOR (ip=3, CA) | updated by jky with reason TO-S-2017-0381 GRIZZLY STEPPE indicators from JAR 16-20296A | updated by RB Block was inactive. Reactivated on 20210309 with reason HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability -
198.96.95.42	32	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	US TO-S-2020-0838 Malicious Email Activity
198.98.48.228	32	GM	None	2020-11-20 00:00:00	2021-02-20 00:00:00	None	Unauthorized Access-Probe - TT # 21C00248 (IP=228,US)
198.98.51.101	32	RT	None	2021-08-12 00:00:00	2021-11-10 00:00:00	None	ReputationDV Malware Event - TT# 21C01552 (IP=101,US)
198.98.52.5	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
198.98.56.242	32	NAB	None	2020-10-30 00:00:00	2021-11-03 00:00:00	None	HIVE Case #4238 COLS-NA-TIP-20-0344 (IP=242,US) | updated by dbc Block expiration extended with reason US Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
198.98.58.189	32	AR	None	2021-06-03 00:00:00	2021-09-01 00:00:00	None	Attempted Access - Inbound Brute Force - IR# 21C01255 (IP=189,US)
198.98.58.189	32	AR	None	2021-06-03 00:00:00	2021-09-01 00:00:00	None	Attempted Access - Inbound Brute Force - IR# 21C01255 (IP=189,US)
198.98.61.239	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	US Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
198.98.61.98	32	wmp	None	2021-01-27 00:00:00	2021-04-27 00:00:00	None	Firepower Suspicious Scan Activity (IP=98,US)
198.98.62.142	32	RR	None	2020-10-20 00:00:00	2021-01-18 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=142,US)
199.101.127.25	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	US TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
199.101.86.142	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malware Activity
199.103.62.4	32	wmp	None	2020-08-20 00:00:00	2021-10-08 00:00:00	None	HIVE Case #3601 COLS-NA-TIP-20-0260 (IP=4,CA) | updated by dbc Block expiration extended with reason HIVE Case #4064 TO-S-2020-0859 (IP=4,CA)
199.115.115.118	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
199.115.115.119	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
199.115.116.216	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	US Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
199.115.119.3	32	GED	None	2020-12-04 00:00:00	2021-03-04 00:00:00	None	HIVE Case #NA FP CIO Policy (IP=3,US)
199.116.115.141	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	US TO-S-2020-0493 Malware Activity
199.116.118.172	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	US TO-S-2020-0493 Malware Activity
199.116.118.244	32	RT	None	2021-07-01 00:00:00	2021-09-29 00:00:00	None	SERVER-ORACLE Oracle WebLogic Server remote code execution attempt (A-type) (1:1000136:3) - Sourcefire Report (IP=244,US)
199.116.137.2	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=2,US)
199.127.56.87	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	US TO-S-2020-0493 Malware Activity
199.127.61.92	32	RW	None	2021-07-23 00:00:00	2021-10-21 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt (1:28556:3) - Sourcefire (IP=92,US)
199.15.136.116	32	dbc	None	2020-01-08 00:00:00	2021-01-08 00:00:00	None	US TO-S-2020-0236 Malicious Email Activity
199.16.172.138	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
199.167.131.0	24	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5629 TO-S-2021-1303 (IP=0,CA)
199.167.138.22	32	jkc	None	2020-06-26 00:00:00	2021-10-29 00:00:00	None	Case # 3146 - IOC_ CTO 20-172 malicious callback IP (ip=22,CA) | updated by dbc Block expiration extended with reason CA Hive Case 4187 TO-S-2021-0898 Malicious Web Application Activity
199.167.146.14	32	ZH	None	2021-08-10 00:00:00	2021-11-08 00:00:00	None	INDICATOR-OBFUSCATION obfuscated javascript excessive fromCharCode TT# 21C01540 (IP=14,US)
199.167.203.187	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
199.168.184.78	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
199.168.185.232	32	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5629 TO-S-2021-1303 (IP=232,US)
199.181.238.254	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	US Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
199.187.208.75	32	dbc	None	2019-09-13 00:00:00	2021-11-20 00:00:00	None	US TO-S-2019-0985 Malware Activity | updated by NAB Block was inactive. Reactivated on 20210520 with reason HIVE Case #NA FP Security (IP=75,US)
199.188.103.138	32	FT	None	2021-03-05 00:00:00	2021-06-05 00:00:00	None	Unauthorized Access-Probe//UDP: Host Sweep TT# 21C00557 (IP=138,US)
199.188.200.12	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	US Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
199.188.200.18	32	dbc	None	2020-05-13 00:00:00	2021-05-13 00:00:00	None	Unaffiliated TO-S-2020-0503 Malicious Email Activity
199.188.200.216	32	JKC	None	2020-06-11 00:00:00	2021-06-11 00:00:00	None	Malicious IP Hive Case 2987 COLS-NA TIP 20-0165 Sharkseer TIP20-2751 (ip=216, US)
199.188.200.218	32	NAB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HIVE Case #5136 TO-S-21-1197 TO-S-21-1197.01 (IP=218,US)
199.188.200.225	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
199.188.200.230	32	jkc	None	2021-04-21 00:00:00	2021-10-21 00:00:00	None	Case # 5273 IOC_TO-S-2021-1233 Malicious callback IP
199.188.200.231	32	dbc	None	2020-05-13 00:00:00	2021-05-13 00:00:00	None	Unaffiliated TO-S-2020-0503 Malicious Email Activity
199.188.200.241	32	dbc	None	2020-05-13 00:00:00	2021-05-13 00:00:00	None	Unaffiliated TO-S-2020-0503 Malicious Email Activity
199.188.200.93	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	US TO-S-2020-0535 Malware Activity
199.188.201.105	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	US Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
199.188.201.124	32	TLM	None	2021-07-29 00:00:00	2021-10-27 00:00:00	None	HIVE Case #5884 TO-S-2021-1435 (IP=124,US)
199.188.201.24	32	NAB	None	2020-10-30 00:00:00	2021-01-28 00:00:00	None	HIVE Case #4235 COLS-NA-TIP-20-0338 (IP=24,US)
199.188.201.77	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	US Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
199.188.204.134	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
199.188.204.243	32	dbc	None	2020-06-10 00:00:00	2021-06-10 00:00:00	None	Unaffiliated TO-S-2020-0601 Malicious Email Activity
199.188.205.55	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	US TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
199.188.206.16	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	US Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
199.188.206.22	32	NAB	None	2020-10-30 00:00:00	2021-11-03 00:00:00	None	HIVE Case #4238 COLS-NA-TIP-20-0344 (IP=22,US) | updated by dbc Block expiration extended with reason US Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
199.188.206.30	32	dbc	None	2020-05-13 00:00:00	2021-05-13 00:00:00	None	Unaffiliated TO-S-2020-0503 Malicious Email Activity
199.188.206.73	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
199.188.206.75	32	NAB	None	2020-10-30 00:00:00	2021-11-03 00:00:00	None	HIVE Case #4238 COLS-NA-TIP-20-0344 (IP=75,US) | updated by dbc Block expiration extended with reason US Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
199.188.206.8	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	US TO-S-2020-0698 Malicious Email Activity
199.188.222.179	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	CA Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
199.19.224.230	32	AR	None	2021-06-04 00:00:00	2021-09-02 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt (1:28556:3) - SourceFire Report (IP=230,US)
199.19.224.78	32	GM	None	2020-10-05 00:00:00	2021-01-05 00:00:00	None	Unauthorized Access-Probe / UDP: Host Sweep - TT # 21C00031 (IP=78,US)
199.19.225.173	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	US TO-S-2020-0493 Malware Activity
199.19.226.67	32	wmp	None	2021-01-28 00:00:00	2021-04-28 00:00:00	None	Imperva Suspicious Scan Activity (IP=67,US)
199.19.226.83	32	GM	None	2020-11-05 00:00:00	2021-02-05 00:00:00	None	ZmEu phpMyAdmin Vulnerability Scanner - FireEye CMS (IP=83,US)
199.191.50.188	32	wmp	None	2020-08-31 00:00:00	2021-10-29 00:00:00	None	HIVE Case #3723 COLS-NA-TIP-20-0275 (IP=188,VG) | updated by wmp Block expiration extended with reason HIVE Case #3904 COLS-NA-TIP-20-0292 (IP=188,VG) | updated by dbc Block expiration extended with reason VG Hive Case 4187 TO-S-2021-0898 Malicious Em
199.191.50.35	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	VG Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
199.192.18.108	32	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	US TO-S-2020-0838 Malicious Email Activity
199.192.18.136	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	US TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
199.192.22.107	32	JKC	None	2020-06-11 00:00:00	2021-06-11 00:00:00	None	Malicious IP Hive Case 2987 COLS-NA TIP 20-0165 CTO 20-156 (ip=107, US)
199.192.22.150	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	US TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
199.192.27.148	32	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	US TO-S-2020-0838 Malicious Email Activity
199.192.29.54	32	jkc	None	2021-04-21 00:00:00	2021-10-21 00:00:00	None	Case # 5273 IOC_TO-S-2021-1233 Malicious callback IP
199.192.31.175	32	wmp	None	2020-09-22 00:00:00	2021-10-21 00:00:00	None	HIVE Case #3941 TO-S-2020-0821 COLS-NA-TIP-20-0298 (IP=175,US) | updated by dbc Block expiration extended with reason US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
199.193.127.115	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	US Hive Case 4237 TO-S-2021-0910 Malware Activity
199.195.146.215	32	TLM	None	2021-07-29 00:00:00	2021-10-27 00:00:00	None	HIVE Case #5884 TO-S-2021-1435 (IP=215,US)
199.195.248.195	32	dbc	None	2020-06-08 00:00:00	2021-06-08 00:00:00	None	Unafiliated TO-S-2020-0592 Malicious Email Activity
199.195.251.84	32	GM	None	2019-10-29 00:00:00	2021-06-10 00:00:00	None	Possible Cyber Attack - 20C00710 (IP=84,US) | updated by RW Block was inactive. Reactivated on 20210310 with reason HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00664 (IP=84,US)
199.195.254.204	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
199.195.254.22	32	RW	None	2021-06-29 00:00:00	2021-09-27 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt (1:28556:3) - Sourcefire (IP=22,US)
199.204.248.102	32	NAB	None	2021-01-15 00:00:00	2021-04-15 00:00:00	None	HIVE Case #NA FP Security (IP=102,US)
199.204.248.133	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
199.223.114.190	32	wmp	None	2020-08-20 00:00:00	2021-10-08 00:00:00	None	HIVE Case #3601 COLS-NA-TIP-20-0260 (IP=190,US) | updated by dbc Block expiration extended with reason HIVE Case #4064 TO-S-2020-0859 (IP=190,US)
199.223.115.248	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	US Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
199.223.22.230	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=230,US)
199.223.22.243	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=243,US)
199.223.23.45	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=45,US)
199.223.23.49	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=49,US)
199.223.28.100	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=100,US)
199.229.248.214	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	GB TO-S-2020-0459 Malware Activity
199.232.58.133	32	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	US TO-S-2020-0322 Malware Activity
199.241.139.7	32	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5637 TO-S-2021-1321 (IP=7,US)
199.241.188.82	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
199.244.49.189	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	US TO-S-2021-1007 Malware Activity
199.244.73.1	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=1,US)
199.249.161.243	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=243,US)
199.249.161.245	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=245,US)
199.249.161.6	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=6,US)
199.249.230.146	32	RW	None	2021-03-10 00:00:00	2021-06-10 00:00:00	None	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00665 (IP=146,US)
199.249.230.154	32	EE	None	2021-04-20 00:00:00	2021-12-28 00:00:00	None	HIVE Case #6266 IOC_CVE-2021-22005 (IP=154,US) | updated by EE Block was inactive. Reactivated on 20210929 with reason HIVE Case #6266 IOC_CVE-2021-22005 (IP=154,US)
199.249.230.161	32	GM	None	2021-03-09 00:00:00	2021-06-07 00:00:00	None	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00620 (IP=161,US)
199.250.194.206	32	NAB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HIVE Case #5136 TO-S-21-1197 TO-S-21-1197.01 (IP=206,US)
199.250.194.83	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
199.250.203.186	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
199.250.203.214	32	TLM	None	2021-06-17 00:00:00	2021-12-17 00:00:00	None	HIVE Case #5644 TO-S-2021-1352 (IP=214,US)
199.250.203.52	32	wmp	None	2020-09-03 00:00:00	2021-10-21 00:00:00	None	HIVE Case #3770 TO-S-2020-0779 COLS-NA-TIP-20-0280 (IP=52,US) | updated by dbc Block expiration extended with reason US TO-S-2021-0876 Hive Case 4166 Malicious Web Application Activity
199.250.212.19	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
199.250.214.14	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	US TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
199.250.214.247	32	NAB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HIVE Case #5136 TO-S-21-1197 TO-S-21-1197.01 (IP=247,US)
199.250.218.2	32	NAB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HIVE Case #5136 TO-S-21-1197 TO-S-21-1197.01 (IP=2,US)
199.255.159.254	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
199.30.179.190	32	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	CA TO-S-2020-0838 Malicious Email Activity
199.34.228.151	32	RB	None	2021-06-20 00:00:00	2021-09-18 00:00:00	None	INDICATOR-OBFUSCATION javascript with hex variable names - TT# 21C01348 (IP=151,US)
199.34.228.159	32	NAB	None	2021-04-05 00:00:00	2021-07-04 00:00:00	None	HIVE Case #5201 TO-S-21-1209 (IP=159,US)
199.34.228.71	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	US Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
199.34.228.71	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	US Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
199.34.228.71	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	US Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
199.38.133.55	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	MULTIPLE UNRECOGNIZED TECHNIQUES; FORWARD TO DEV TEAM (IP=55,US)
199.59.88.246	32	GED	None	2020-12-04 00:00:00	2021-03-04 00:00:00	None	HIVE Case #NA FP CIO Policy (IP=246,US)
199.79.62.12	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=12,US)
199.79.62.243	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	US TO-S-2020-0750 Malicious Email Activity
199.79.62.78	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	US TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
199.79.63.153	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	US TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
1drv-ms.live	---	TLM	None	2021-06-15 00:00:00	2021-09-13 00:00:00	2023-01-19 22:57:31	HIVE Case #5605 TO-S-2021-1338
1dve.live	---	TLM	None	2021-06-15 00:00:00	2021-09-13 00:00:00	2023-01-19 22:57:32	HIVE Case #5605 TO-S-2021-1338
1www-bankofamerica.com	---	CJC	None	2020-04-02 00:00:00	2021-04-02 00:00:00	2023-01-19 22:37:30	HIVE Case #2432 cyberthreatcoalition.org blacklist
2.105.255.242	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	DK Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
2.119.205.70	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	IT Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
2.132.168.0	22	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	KZ Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
2.132.235.205	24	BMP	None	2020-10-01 00:00:00	2021-01-01 00:00:00	None	FTP Login Failed - 6hr Logons (IP=205,KZ)
2.133.17.180	24	DT	None	2021-08-31 00:00:00	2021-11-29 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - Failed Logons (IP=180,KZ)
2.133.69.239	24	EE	None	2021-03-15 00:00:00	2021-06-13 00:00:00	None	FTP Login Failed - Failed Logons (IP=239, KZ)
2.136.10.120	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	ES TO-S-2020-0493 Malware Activity
2.136.115.98	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	ES Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
2.136.185.0	24	KH	None	2021-09-04 00:00:00	2021-12-03 00:00:00	None	Drupal Core CVE-2018-7600 Form Rendering Post_render RCE - FE IPS (IP=0,ES)
2.136.225.179	24	EE	None	2021-03-12 00:00:00	2021-06-13 00:00:00	None	SERVER-WEBAPP Liferay arbitrary Java object deserialization attempt - Web Attacks (IP=179,ES) | updated by RW Block expiration extended with reason SERVER-WEBAPP Liferay arbitrary Java object deserialization attempt - Sourcefire (IP=179,ES)
2.136.78.176	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	ES TO-S-2020-0331 Malicious Web Application Activity
2.139.161.243	24	KH	None	2021-09-27 00:00:00	2021-12-26 00:00:00	None	Drupal Core CVE-2018-7600 Form Rendering Post_render RCE - FE IPS (IP=243,ES)
2.152.102.158	24	DT	None	2021-09-12 00:00:00	2021-12-11 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt (1:19559:13) - Source Fire (IP=158,ES)
2.196.133.16	24	GM	None	2021-01-07 00:00:00	2021-04-07 00:00:00	None	Generic URI Injection wget Attempt - FireEye CMS (IP=16,IT)
2.202.121.251	24	RR	None	2021-04-07 00:00:00	2021-07-06 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=251,DE)
2.21.85.10	32	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	DE TO-S-2020-0315 Malware Activity
2.223.213.96	24	RR	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - Web Attacks (IP=96,GB)
2.224.168.181	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	IT TO-S-2020-0298 Malicious Email Activity
2.229.101.114	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	IT Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
2.232.192.5	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	IT Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
2.233.127.102	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	IT Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
2.235.233.56	24	BMP	None	2021-09-09 00:00:00	2021-12-08 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt (1:46316:5) - SourceFire (IP=56, IT)
2.235.241.253	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	IT Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
2.236.135.237	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	IT TO-S-2020-0459 Malware Activity
2.237.19.162	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	IT TO-S-2020-0535 Malware Activity
2.238.18.160	32	srm	None	2021-01-29 00:00:00	2021-04-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=160,IT)
2.239.139.239	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	IT Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
2.239.144.111	24	RT	None	2021-06-29 00:00:00	2021-09-27 00:00:00	None	HTTP: Apache Struts2 XML Deserialization Remote Code Execution (CVE-2017-9805) - TT# 21C01385(IP=111,IT)
2.25.107.147	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	GB TO-S-2020-0303 Malicious Email Activity
2.34.1.72	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	IT TO-S-2020-0535 Malware Activity
2.39.144.45	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	IT TO-S-2020-0535 Malware Activity
2.42.205.144	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=144,IT)
2.42.210.204	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=204,IT)
2.42.60.64	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	IT TO-S-2020-0298 Malicious Email Activity
2.44.188.94	24	KH	None	2021-09-12 00:00:00	2021-12-11 00:00:00	None	Drupal Core CVE-2018-7600 Form Rendering Post_render RCE - FE IPS (IP=94,IT)
2.44.91.167	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	IT TO-S-2020-0459 Malware Activity
2.45.70.126	32	NAB	None	2021-05-04 00:00:00	2021-11-04 00:00:00	None	HIVE Case #5344 TO-S-21-1245 (IP=126,IT)
2.47.112.152	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	IT TO-S-2021-0876 Hive Case 4166 Malware Activity
2.56.213.20	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	NL Hive Case 4187 TO-S-2021-0898 Malicious Web Application Activity
2.56.254.98	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	US TO-S-2020-0493 Malware Activity
2.56.59.25	24	RW	None	2021-06-25 00:00:00	2021-09-23 00:00:00	None	SERVER-OTHER Cisco IOS truncated NTP packet processing denial of service attempt (3:39878:4) - SourceFire (IP=25,NL)
2.57.122.167	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	OM TO-S-2021-1007 Malicious Email Activity
2.57.122.192	24	RW	None	2021-01-26 00:00:00	2021-04-26 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt - Sourcefire (IP=192,EU)
2.57.122.192	32	wmp	None	2021-01-26 00:00:00	2021-04-26 00:00:00	None	Suspicious Scan Activity (IP=192,RO)
2.57.122.250	32	wmp	None	2021-06-02 00:00:00	2021-09-02 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=250,RO)
2.57.122.33	24	BMP	None	2021-09-15 00:00:00	2021-12-14 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - WebAttacks (IP=33,RO)
2.57.169.24	24	RR	None	2021-06-05 00:00:00	2021-09-03 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - SourceFire (IP=24,CA)
2.57.184.0	24	dbc	None	2020-09-17 00:00:00	2021-09-17 00:00:00	None	RU TO-S-2020-0805 Malicious Email Activity
2.57.76.0	22	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	RU Hive Case 4237 TO-S-2021-0910 Malware Activity
2.57.88.0	22	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	LT Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
2.57.89.31	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	NL TO-S-2020-0535 Malware Activity
2.58.16.0	22	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	LV TO-S-2021-0876 Hive Case 4166 Malware Activity
2.67.28.166	32	CR	None	2021-07-09 00:00:00	2021-10-07 00:00:00	None	High Attacker Suspicious Scan Activity - ArcSight ESM (IP=166,SE)
2.82.156.18	32	GM	None	2021-01-06 00:00:00	2021-04-06 00:00:00	None	suspicious scan activity (IP=18,PT)
2.83.155.193	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	PT TO-S-2020-0298 Malicious Email Activity
2.84.157.74	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	GR TO-S-2020-0535 Malware Activity
2.86.161.101	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	GR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
2.87.169.239	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	GR TO-S-2020-0298 Malicious Email Activity
2.88.80.0	20	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	SA Hive Case 4237 TO-S-2021-0910 Malware Activity
2.90.176.101	24	CR	None	2020-12-30 00:00:00	2021-04-01 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - Sourcefire (IP=101,SA)
20.102.97.27	32	SW	None	2021-08-20 00:00:00	2021-11-18 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - WebAttacks (IP=27,US)
20.106.120.67	32	RT	None	2021-09-20 00:00:00	2021-12-19 00:00:00	None	SERVER-WEBAPP Cisco Adaptive Security Appliance directory traversal attempt (3:46897:3) - SourceFire Report (IP=67,US)
20.106.139.99	32	ZH	None	2021-07-27 00:00:00	2021-10-25 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - 6hr Web Attacks (IP=99,US)
20.106.75.73	32	SW	None	2021-09-16 00:00:00	2021-12-15 00:00:00	None	attempted malicious file uploads - HIVE 6178 (IP=73,US)
20.108.35.164	24	RR	None	2021-07-27 00:00:00	2021-10-25 00:00:00	None	SERVER-WEBAPP D-Link hedwig.cgi directory traversal attempt - SourceFire (IP=164,GB)
20.109.40.251	32	RW	None	2021-09-16 00:00:00	2021-12-15 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=251,US)
20.185.47.189	32	BMP	None	2020-12-12 00:00:00	2021-03-12 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - SourceFire (IP=189,US)
20.185.48.86	32	RW	None	2020-10-30 00:00:00	2021-01-30 00:00:00	None	HTTP: Apache Struts OGNL Code Execution - TT# 21C00203 (IP=86,US)
20.185.68.29	32	BMP	None	2021-03-16 00:00:00	2021-06-14 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - 6hr Web Attacks (IP=29,US)
20.188.251.26	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	HIVE Case #Firepower Firepower (IP=26,AU)
20.190.129.128	32	dbc	None	2020-06-08 00:00:00	2021-06-08 00:00:00	None	Unafiliated TO-S-2020-0592 Malicious Email Activity
20.197.199.55	24	JKC	None	2021-08-27 00:00:00	2021-11-25 00:00:00	None	HIVE Case #NA PA web attacks (IP=55,BR)
20.197.49.242	24	DT	None	2021-04-22 00:00:00	2021-07-22 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=242,IN)
20.197.49.243	24	RR	None	2021-05-22 00:00:00	2021-08-20 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - SourceFire (IP=243,IN)
20.197.73.242	24	BMP	None	2021-03-13 00:00:00	2021-06-13 00:00:00	None	SERVER-WEBAPP Liferay arbitrary Java object deserialization attempt (1:56800:2) - SourceFire (IP=242,SG)
20.198.83.103	24	BMP	None	2021-04-10 00:00:00	2021-07-09 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=103,IN)
20.36.34.176	32	dbc	None	2020-06-04 00:00:00	2021-06-04 00:00:00	None	US TO-S-2020-0587 Malicious Email Activity
20.37.228.66	32	kmw	None	2020-01-02 00:00:00	2021-01-02 00:00:00	None	AU TO-S-2020-0228 Malicious Web Application Activity
20.37.48.63	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	HIVE Case #Firepower Firepower (IP=63,AU)
20.37.49.188	32	DT	None	2020-10-07 00:00:00	2021-01-07 00:00:00	None	Unauthorized Access-Probe // UDP: Host Sweep - TT # 21C00050 (IP=188,WA)
20.42.117.129	32	AR	None	2021-09-10 00:00:00	2021-12-09 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=129,US)
20.42.82.253	32	RW	None	2021-03-13 00:00:00	2021-06-13 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=253,US)
20.44.181.15	32	KD	None	2021-09-23 00:00:00	2021-12-22 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841)-TT# 21C01934(IP=15,JP)
20.48.43.219	24	DT	None	2021-06-23 00:00:00	2021-09-21 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=219,JP)
20.48.96.222	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=222,JP)
20.51.241.78	32	EE	None	2021-04-07 00:00:00	2021-07-06 00:00:00	None	malicious activity against the best interest of the Army - TT# 21C00983 (IP=78 ,US)
20.51.251.91	32	GM	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Adobe ColdFusion Administrator Access Restriction - 6hr web attacks (IP=91,US)
20.51.251.91	24	RW	None	2021-03-31 00:00:00	2021-04-14 00:00:00	2022-10-11 19:39:57	Adobe ColdFusion Administrator Access Restriction - 6hr web attacks (IP=91,US) | Unblocked - 20.51.251.91/24 is a US IP address and CIRT requested to be unblock.
20.52.45.37	24	BMP	None	2020-12-06 00:00:00	2021-03-06 00:00:00	None	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt - SourceFire (IP=37,DE)
20.55.89.212	32	BMP	None	2021-09-03 00:00:00	2021-12-02 00:00:00	None	SQL injection - Web Attacks (IP=212,US)
20.57.170.186	32	GM	None	2020-10-29 00:00:00	2021-01-29 00:00:00	None	MALWARE-BACKDOOR JSP webshell backdoor detected - Sourcefire (IP=186,US)
20.71.150.22	32	BMP	None	2021-03-10 00:00:00	2021-06-10 00:00:00	None	SERVER-WEBAPP LifeRay arbitrary Java object deserialization attempt - 6hr Web Attacks (IP=22,US)
20.83.224.34	32	BB	None	2021-09-09 00:00:00	2021-12-08 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - SourceFire (IP=34,US)
20.84.100.48	32	RW	None	2021-07-23 00:00:00	2021-10-21 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=48,US)
20.97.1.22	24	RW	None	2021-09-30 00:00:00	2021-12-29 00:00:00	None	Possible Cross-site Scripting Attack - Fireeye IPS (IP=22,UA)
20.97.12.43	32	CR	None	2021-06-24 00:00:00	2021-09-22 00:00:00	None	Command Injection_ABC report (IP=43,US)
20.97.15.167	32	UA	None	2021-08-03 00:00:00	2021-11-01 00:00:00	None	HTTP SQL Injection Attempt - 6hr Web Attacks (IP=167,US)
20.97.15.221	32	RT	None	2021-09-26 00:00:00	2021-12-25 00:00:00	None	Attempted Access - Inbound Brute Force - TT# 21C01950 (IP=221,US)
20.97.48.97	32	ZH	None	2021-07-22 00:00:00	2021-10-20 00:00:00	None	SQL injection - 6hr Web Attacks (IP=97,US)
20.97.61.167	32	ZH	None	2021-07-20 00:00:00	2021-10-18 00:00:00	None	HTTP: SQL Injection - Exploit - 6hr Web Attacks (IP=167,US)
20.97.62.205	32	DT	None	2021-09-03 00:00:00	2021-12-02 00:00:00	None	Possible Cross-site Scripting Attack - IPS Events (IP=205,US)
20.97.66.213	32	ZH	None	2021-09-15 00:00:00	2021-12-14 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 21C01862 (IP=213,US)
200.104.160.0	20	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	CL Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
200.105.138.2	24	RB	None	2021-03-29 00:00:00	2021-06-27 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr web attacks (IP=2,BO)
200.105.169.0	24	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	BO TO-S-2020-0298 Malicious Email Activity
200.106.124.184	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	PE TO-S-2020-0298 Malicious Email Activity
200.107.148.210	24	RW	None	2021-05-17 00:00:00	2021-08-30 00:00:00	None	HTTP: SQL Injection Attempt Detected - Web Attacks (IP=210,PE) | updated by ZH Block expiration extended with reason SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - Sourcefire Report (IP=210,PE)
200.11.241.22	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	VE TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
200.110.50.35	24	FT	None	2021-03-14 00:00:00	2021-06-30 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=35,BO) | updated by RB Block expiration extended with reason HTTP: PHPUnit Remote Code Execution Vulnerability - 6hr web attacks (IP=35,BO)
200.111.174.0	24	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	CL TO-S-2020-0298 Malicious Email Activity
200.111.180.0	24	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	CL Hive Case 4237 TO-S-2021-0910 Malware Activity
200.114.192.0	19	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	AR TO-S-2021-0876 Hive Case 4166 Malware Activity
200.118.62.43	24	ZH	None	2021-07-19 00:00:00	2021-10-17 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6hr Failed Logons (IP=43,CO)
200.119.112.0	20	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	CO Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
200.119.192.0	20	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	BO TO-S-2020-0298 Malicious Email Activity
200.120.16.0	20	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	CL TO-S-2020-0331 Malicious Web Application Activity
200.121.203.52	24	FT	None	2021-04-10 00:00:00	2021-07-09 00:00:00	None	SQL injection - 6hr web attacks (IP=52,PE)
200.124.144.253	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=253,CW)
200.129.102.127	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=127,BR)
200.131.225.147	24	RR	None	2021-03-23 00:00:00	2021-06-21 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) -SourceFire (IP=147,BR)
200.137.171.1	24	CR	None	2021-05-30 00:00:00	2021-08-28 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=1,BR)
200.137.171.1	32	RR	None	2021-09-02 00:00:00	2021-12-01 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 21C01698 (IP=1,BR)
200.137.171.24	24	BB	None	2021-09-02 00:00:00	2021-12-01 00:00:00	None	SQL union select - possible sql injection attempt - GET parameter - Web Attacks (IP=24,BR)
200.14.69.44	24	KH	None	2021-08-27 00:00:00	2021-11-25 00:00:00	None	SERVER-APACHE Apache Struts remote code execution attempt (1:49377:1) - Sourcefire (IP=44,CL)
200.146.227.146	32	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	BR TO-S-2020-0315 Malicious Web Application Activity
200.146.254.185	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	BR Hive Case 4237 TO-S-2021-0910 Malware Activity
200.148.99.53	24	BB	None	2021-07-07 00:00:00	2021-10-05 00:00:00	None	Adobe ColdFusion Administrator Access Restriction - Web Attacks (IP=53,BR)
200.150.192.0	20	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	BR Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
200.154.100.98	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	BR TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
200.158.164.138	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	BR TO-S-2020-0331 Malicious Web Application Activity
200.159.35.82	32	jkc	None	2021-04-21 00:00:00	2021-10-21 00:00:00	None	Case # 5273 IOC_TO-S-2021-1233 Malicious callback IP
200.168.128.0	19	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	BR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
200.170.163.12	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	BR Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
200.170.211.130	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	BR TO-S-2020-0298 Malicious Email Activity
200.170.96.0	20	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	BR TO-S-2020-0298 Malicious Email Activity
200.19.231.36	24	CR	None	2021-05-31 00:00:00	2021-08-29 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=36,BR)
200.192.97.11	32	srm	None	2021-04-27 00:00:00	2021-07-26 00:00:00	None	Firepower Suspicious Scan Activity (IP=11,BR)
200.217.230.70	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	BR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
200.219.245.0	24	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,BR)
200.220.202.250	32	TLM	None	2021-06-10 00:00:00	2021-12-10 00:00:00	None	HIVE CASE #5606 TO-S-2021-1338
200.229.64.0	20	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	BR TO-S-2020-0331 Malicious Web Application Activity
200.23.37.33	24	RB	None	2021-04-19 00:00:00	2021-07-18 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=33,MX)
200.232.55.175	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	BR TO-S-2020-0331 Malicious Web Application Activity
200.233.192.109	24	ZH	None	2021-06-09 00:00:00	2021-09-07 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr web attacks (IP=109,BR)
200.234.136.97	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=97,BR)
200.234.137.225	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=225,BR)
200.24.192.0	19	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	EC TO-S-2021-0876 Hive Case 4166 Malicious Web Application Activity
200.29.10.0	24	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	CL TO-S-2020-0331 Malicious Web Application Activity
200.29.232.0	21	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	CO TO-S-2020-0331 Malicious Web Application Activity
200.31.160.0	20	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	SV TO-S-2020-0459 Malware Activity
200.33.128.0	21	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	BR TO-S-2020-0331 Malicious Web Application Activity
200.33.88.0	21	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	BR TO-S-2020-0303 Malicious Email Activity
200.35.108.0	22	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	VE Hive Case 4237 TO-S-2021-0910 Malware Activity
200.35.156.0	22	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,CL)
200.37.205.130	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	PE TO-S-2020-0298 Malicious Email Activity
200.37.253.114	24	EE	None	2021-03-19 00:00:00	2021-06-17 00:00:00	None	SERVER-WEBAPP JBoss web console access attempt (1:24342:4) - SourceFire (IP=114,PR)
200.41.116.0	22	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	VE Hive Case 4187 TO-S-2021-0898 Malware Activity
200.41.120.0	21	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	AR TO-S-2021-0876 Hive Case 4166 Malware Activity
200.42.172.0	22	TLM	None	2021-07-29 00:00:00	2021-10-27 00:00:00	None	HIVE Case #5884 TO-S-2021-1435 (IP=0,CL)
200.44.218.214	24	AR	None	2021-07-28 00:00:00	2021-10-27 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6Hr Failed Logons (IP=214,VE) | updated by RR Block expiration extended with reason INDICATOR-SCAN SSH brute force login attempt - SourceFire (IP=214,VE)
200.44.224.0	19	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	VE TO-S-2021-0989 Hive Case # 4493 Malware Activity
200.44.251.198	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	US TO-S-2020-0303 Malicious Email Activity
200.45.250.4	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	AR TO-S-2020-0298 Malicious Email Activity
200.46.32.0	20	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,PA)
200.48.128.0	19	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	PE Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
200.48.31.82	24	RR	None	2021-02-26 00:00:00	2021-05-27 00:00:00	None	SERVER-WEBAPP JBoss JMXInvokerServlet access attempt - Web Attacks (IP=82,PE)
200.48.82.101	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=101,PE)
200.5.251.82	24	RB	None	2020-10-22 00:00:00	2021-01-20 00:00:00	None	SERVER-WEBAPP Tomato router web interface bruteforce scan attempt - 6hr web attacks (IP=54,AR)
200.51.94.61	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	AR TO-S-2020-0331 Malicious Web Application Activity
200.52.144.0	20	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	HN TO-S-2020-0331 Malicious Web Application Activity
200.52.16.0	20	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	BR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
200.52.228.19	32	srm	None	2021-01-28 00:00:00	2021-04-28 00:00:00	None	Firepower Suspicious Scan Activity (IP=19,BR)
200.52.228.26	32	srm	None	2021-01-28 00:00:00	2021-04-28 00:00:00	None	Firepower Suspicious Scan Activity (IP=26,BR)
200.52.228.27	32	srm	None	2021-01-28 00:00:00	2021-04-28 00:00:00	None	Firepower Suspicious Scan Activity (IP=27,BR)
200.55.217.28	24	DT	None	2021-03-14 00:00:00	2021-06-14 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=69,CL)
200.55.224.0	20	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	EC TO-S-2020-0298 Malicious Email Activity
200.55.245.0	24	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	AR Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
200.55.25.118	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	AR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
200.55.255.130	24	GM	None	2021-02-24 00:00:00	2021-06-24 00:00:00	None	SERVER-WEBAPP JBoss JMX console access attempt - Sourcefire (IP=130,EC)
200.55.53.17	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	AR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
200.56.47.176	24	EE	None	2021-02-13 00:00:00	2021-05-13 00:00:00	None	HTTP: Apache mod_cgi Bash Environment Variable Code Injection - 6 HR Web Attack (IP=176,MX)
200.57.9.69	24	DT	None	2021-03-22 00:00:00	2021-06-20 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=69,MX)
200.58.110.0	24	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=0,AR)
200.58.112.0	20	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,AR)
200.58.208.0	20	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	CO TO-S-2020-0331 Malicious Web Application Activity
200.58.80.0	20	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	BO TO-S-2020-0303 Malicious Email Activity
200.6.112.0	20	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,CL)
200.6.160.0	20	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	US TO-S-2020-0303 Malicious Email Activity
200.61.134.138	32	kmw	None	2020-01-02 00:00:00	2021-01-02 00:00:00	None	AR TO-S-2020-0228 Malicious Web Application Activity
200.62.146.174	24	CR	None	2021-05-30 00:00:00	2021-08-28 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability - Web Attacks (IP=174,PE)
200.62.54.150	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	US TO-S-2020-0493 Malware Activity
200.63.100.0	24	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,CL)
200.63.96.0	21	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5629 TO-S-2021-1303 (IP=0,CL)
200.68.64.0	20	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	AR Hive Case 4237 TO-S-2021-0910 Malware Activity
200.69.242.205	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	AR TO-S-2020-0298 Malicious Email Activity
200.69.73.0	24	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	CO Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
200.71.154.142	24	RB	None	2021-02-07 00:00:00	2021-05-08 00:00:00	None	SSH2 Failed Login Attempt - 6hr failed logons (IP=142,VE)
200.71.88.0	21	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	AR TO-S-2020-0303 Malicious Email Activity
200.72.240.135	24	DT	None	2021-01-07 00:00:00	2021-04-07 00:00:00	None	Hello Peppa Scan - IPS Events (IP=135,CL)
200.73.115.0	24	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	CL TO-S-2020-0838 Malicious Email Activity
200.73.116.0	24	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	CL Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
200.74.196.236	24	GM	None	2021-02-24 00:00:00	2021-06-24 00:00:00	None	SERVER-WEBAPP JBoss admin-console access - Web Attacks (IP=236,VE)
200.76.29.2	32	wmp	None	2021-04-16 00:00:00	2021-07-16 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=2,MX)
200.79.181.201	24	BMP	None	2021-04-01 00:00:00	2021-06-30 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr Web Attacks (IP=201,MX)
200.8.130.136	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	VE TO-S-2020-0298 Malicious Email Activity
200.8.178.0	23	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	VE Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
200.80.18.165	32	kmw	None	2020-01-02 00:00:00	2021-01-02 00:00:00	None	AR TO-S-2020-0228 Malicious Web Application Activity
200.80.32.0	19	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	AR Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
200.82.247.0	24	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	VE Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
200.83.100.42	24	RW	None	2021-05-10 00:00:00	2021-08-10 00:00:00	None	FTP Login Failed - 6 hr failed logons (IP=42,CL)
200.87.176.0	20	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	BO TO-S-2020-0298 Malicious Email Activity
200.89.174.229	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	AR TO-S-2020-0303 Malicious Web Application Activity
200.91.224.0	19	dbc	None	2020-09-29 00:00:00	2021-01-13 00:00:00	None	CO TO-S-2020-0838 Malware Activity | Unblock - TO-S-2021-1059 says to unblock 200.91.241.25/32 covered under this /19 IP block. Multiple smaller blocks added instead.
200.91.27.0	24	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	CL TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
200.93.168.0	20	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	CO TO-S-2020-0750 Malicious Email Activity
200.94.75.147	32	TLM	None	2021-06-10 00:00:00	2021-12-10 00:00:00	None	HIVE CASE #5606 TO-S-2021-1338
200.94.76.122	24	EE HTTP:	None	2021-03-19 00:00:00	2021-06-17 00:00:00	None	ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=122,MX)
200.94.83.157	24	RR	None	2021-03-30 00:00:00	2021-06-28 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=157,MX)
200.98.2.11	32	NAB	None	2020-10-30 00:00:00	2021-01-28 00:00:00	None	HIVE Case #4238 COLS-NA-TIP-20-0344 (IP=11,BR)
201.100.20.7	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	MX TO-S-2020-0459 Malware Activity
201.103.237.81	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	MX TO-S-2020-0298 Malicious Email Activity
201.103.90.55	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	MX TO-S-2020-0298 Malicious Email Activity
201.106.33.28	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	MX TO-S-2020-0298 Malicious Email Activity
201.108.231.231	24	KD	None	2021-06-07 00:00:00	2021-09-06 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt Web Attacks (IP=231,MX)
201.11.134.70	24	RW	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=70,BR)
201.110.121.187	24	BMP	None	2020-10-19 00:00:00	2021-01-17 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=187,MX)
201.111.113.161	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	MX Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
201.114.138.27	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	MX TO-S-2020-0331 Malicious Web Application Activity
201.114.247.119	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	MX Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
201.116.250.14	24	RT	None	2021-07-21 00:00:00	2021-10-19 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - Sourcefire Report (IP=14,MX)
201.116.250.14	24	RT	None	2021-07-21 00:00:00	2021-10-19 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - Sourcefire Report (IP=14,MX)
201.116.250.2	24	BMP	None	2021-03-25 00:00:00	2021-06-23 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=2,MX)
201.117.251.50	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	MX TO-S-2020-0459 Malware Activity
201.123.184.13	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	MX Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
201.124.247.116	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	MX Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
201.124.32.146	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	MX TO-S-2020-0459 Malware Activity
201.127.85.114	32	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5637 TO-S-2021-1321 (IP=114,MX)
201.130.108.97	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	MX TO-S-2021-0989 Hive Case # 4493 Unknown Malicious Activity
201.130.137.117	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=117,MX)
201.132.87.151	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=151,MX)
201.137.249.153	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	MX TO-S-2020-0331 Malicious Web Application Activity
201.140.110.78	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=78,MX)
201.140.220.0	22	dbc	None	2020-04-30 00:00:00	2021-04-30 00:00:00	None	BR TO-S-2020-0331.01 Malicious Web Application Activity
201.141.203.209	32	dbc	None	2020-09-17 00:00:00	2021-09-17 00:00:00	None	MX TO-S-2020-0805 Malware Activity
201.143.125.105	24	RR	None	2021-03-29 00:00:00	2021-06-27 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt -SourceFire (IP=105,MX)
201.143.148.122	24	RR	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=122,MX)
201.143.230.15	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=15,MX)
201.144.110.19	32	dbc	None	2020-05-22 00:00:00	2021-05-27 00:00:00	None	Unafilliated TO-S-2020-0559 Malicious Email Activity | updated by dbc Block expiration extended with reason Unafilliated TO-S-2020-0559.01 Malicious Email Activity
201.148.104.0	24	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,CL)
201.148.104.16	32	dbc	None	2020-09-23 00:00:00	2021-09-23 00:00:00	None	CL TO-S-2020-0826 Hive Case 3950 Malicious Email Activity
201.148.126.0	23	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	BR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
201.150.108.0	22	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	BR TO-S-2020-0331 Malicious Web Application Activity
201.157.35.154	24	BMP	None	2021-06-22 00:00:00	2021-09-20 00:00:00	None	SSH User Authentication Brute Force Attempt - 6hr Failed Logons (IP=154,MX)
201.16.140.109	24	RT	None	2021-09-19 00:00:00	2021-12-18 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - 6HR WebAttack (IP=109,BR)
201.17.145.86	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	BR TO-S-2021-0876 Hive Case 4166 Malware Activity
201.170.204.231	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=231,MX)
201.170.246.166	24	RB	None	2019-03-28 00:00:00	2021-09-02 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability (IP=166,MX) | updated by RW with reason HTTP: Joomla HTTP Header Unauthenticated Remote Code Execution - TT# 19C03518 (IP=166,US) | updated by BMP Block was inactive. Reactivated on 20210604 with reason HTTP:
201.171.150.41	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	MX TO-S-2021-0876 Hive Case 4166 Malware Activity
201.172.207.37	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=37,MX)
201.173.217.124	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	MX TO-S-2021-0876 Hive Case 4166 Malware Activity
201.174.183.195	24	EE	None	2021-03-28 00:00:00	2021-06-26 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=195,MX)
201.174.225.138	24	RW	None	2021-01-16 00:00:00	2021-04-16 00:00:00	None	Authentication Failure - 6 hr failed logons (IP=138,MX)
201.178.222.44	32	jkc	None	2021-04-21 00:00:00	2021-10-21 00:00:00	None	Case # 5273 IOC_TO-S-2021-1233 Malicious callback IP
201.18.21.178	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	BR Hive Case 4237 TO-S-2021-0910 Malware Activity
201.187.105.0	24	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	CL TO-S-2021-0876 Hive Case 4166 Malware Activity
201.20.64.0	20	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	BR TO-S-2020-0331 Malicious Web Application Activity
201.202.14.37	24	RB	None	2021-05-01 00:00:00	2021-07-30 00:00:00	None	INDICATOR-SCAN SSH brute force logons attempt - 6hr web attacks (IP=37,CR)
201.207.52.34	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	CR TO-S-2020-0303 Malicious Email Activity
201.21.208.119	24	GM	None	2021-02-24 00:00:00	2021-08-21 00:00:00	None	SERVER-WEBAPP JBoss JMX console access attempt - Sourcefire (IP=119,BR) | updated by RR Block expiration extended with reason HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=119,BR)
201.213.160.0	19	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	AR TO-S-2021-0876 Hive Case 4166 Malware Activity
201.213.66.147	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	AR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
201.215.128.0	20	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	CL TO-S-2020-0298 Malicious Email Activity
201.216.238.243	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	AR TO-S-2021-0876 Hive Case 4166 Malicious Web Application Activity
201.217.242.8	32	KD	None	2021-09-23 00:00:00	2021-12-22 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841)-TT# 21C01933(IP=8,CL)
201.217.248.34	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	DE TO-S-2020-0303 Malicious Email Activity
201.217.5.0	24	TLM	None	2021-06-10 00:00:00	2021-12-10 00:00:00	None	HIVE CASE #5606 TO-S-2021-1338
201.218.6.25	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	EC TO-S-2020-0331 Malicious Web Application Activity
201.218.64.0	19	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,PA)
201.22.32.246	32	GM	None	2020-10-05 00:00:00	2021-01-05 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT # 21C00032 (IP=246,BR)
201.220.144.0	20	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	AR TO-S-2020-0298 Malicious Email Activity
201.220.85.0	24	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	CO Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
201.221.128.0	20	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	US TO-S-2020-0303 Malicious Email Activity
201.222.141.33	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	CL TO-S-2020-0303 Malicious Email Activity
201.223.14.16	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	CL TO-S-2020-0298 Malicious Email Activity
201.230.200.18	32	dbc	None	2020-01-08 00:00:00	2021-01-08 00:00:00	None	PE TO-S-2020-0236 Malicious Email Activity
201.234.227.115	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	HIVE Case #Firepower Firepower (IP=115,VE)
201.235.0.0	19	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	AR TO-S-2021-0876 Hive Case 4166 Malware Activity
201.236.155.10	24	KH	None	2021-09-12 00:00:00	2021-12-11 00:00:00	None	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script - TT# 21C01832 (IP=10,CL)
201.236.214.118	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	US TO-S-2020-0303 Malicious Email Activity
201.236.214.21	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	CO TO-S-2020-0298 Malicious Email Activity
201.236.216.143	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	US TO-S-2020-0303 Malicious Email Activity
201.236.227.205	24	ZH	None	2021-08-28 00:00:00	2021-11-26 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) TT# 21C01625 (IP=205,CO)
201.24.3.66	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	BR Hive Case 4237 TO-S-2021-0910 Malware Activity
201.240.83.7	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	PE TO-S-2020-0298 Malicious Email Activity
201.241.0.131	24	SW	None	2021-07-25 00:00:00	2021-10-23 00:00:00	None	POLICY-OTHER Adobe ColdFusion admin interface access attempt (1:25975:3) - SourceFire (IP=131, CL)
201.249.146.101	24	RW	None	2021-05-02 00:00:00	2021-08-02 00:00:00	None	SSH2 Failed Login Attempt - failed logons (IP=101,VE)
201.249.147.21	24	RR	None	2021-03-08 00:00:00	2021-06-06 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - SourceFire (IP=21,VE)
201.255.184.40	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	AR TO-S-2020-0298 Malicious Email Activity
201.39.71.125	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=125,BR)
201.42.20.167	24	FT	None	2021-03-03 00:00:00	2021-06-28 00:00:00	None	HTTP: SQL Injection - Exploit II - Web Attacks (IP=167,BR) | updated by GM Block expiration extended with reason HTTP: SQL Injection - Exploit - Web Attacks (IP=167,BR) | updated by BMP Block expiration extended with reason SERVER-WEBAPP Citrix ADC an
201.54.252.0	22	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	BR Hive Case 4237 TO-S-2021-0910 Malware Activity
201.71.159.248	32	dbc	None	2020-05-22 00:00:00	2021-05-27 00:00:00	None	Unafilliated TO-S-2020-0559 Malicious Email Activity | updated by dbc Block expiration extended with reason Unafilliated TO-S-2020-0559.01 Malicious Email Activity
201.71.216.0	22	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	BR TO-S-2021-1007 Malware Activity
201.76.56.70	24	EE	None	2021-04-02 00:00:00	2021-07-01 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt (1:46316:5) - SourceFire (IP=70,BR)
201.90.233.246	24	RB	None	2021-05-22 00:00:00	2021-08-21 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - Sourcefire (IP=246,BR) | updated by RR Block expiration extended with reason INDICATOR-SCAN SSH brute force login attempt - SourceFire (IP=246,BR)
202.100.206.136	24	EE	None	2021-08-11 00:00:00	2021-11-09 00:00:00	None	HIVE Case #5975 IOC_Anatomy of Native IIS Malware (IP=136,CN)
202.100.206.136	24	EE	None	2021-08-11 00:00:00	2021-11-09 00:00:00	None	HIVE Case #5975 IOC_Anatomy of Native IIS Malware (IP=136,CN)
202.100.206.136	24	EE	None	2021-08-11 00:00:00	2021-11-09 00:00:00	None	HIVE Case #5975 IOC_Anatomy of Native IIS Malware (IP=136,CN)
202.100.206.136	24	EE	None	2021-08-11 00:00:00	2021-11-09 00:00:00	None	HIVE Case #5975 IOC_Anatomy of Native IIS Malware (IP=136,CN)
202.102.80.0	20	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	CN Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
202.106.90.251	24	EE	None	2021-03-27 00:00:00	2021-06-25 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=251,CN)
202.107.200.26	24	RW	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Sourcefire (IP=26,CN)
202.107.70.22	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	CN TO-S-2020-0303 Malicious Email Activity
202.108.2.50	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	CN TO-S-2020-0298 Malicious Email Activity
202.111.131.236	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=236,CN)
202.12.80.74	32	srm	None	2021-01-29 00:00:00	2021-04-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=74,IN)
202.120.184.75	24	RR	None	2020-10-29 00:00:00	2021-01-27 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attcks (IP=75,CN)
202.123.183.194	24	RW	None	2021-01-16 00:00:00	2021-04-16 00:00:00	None	Authentication Failure - 6 hr failed logons (IP=194,LA)
202.125.134.0	24	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	PK TO-S-2020-0298 Malicious Email Activity
202.127.209.0	24	dbc	None	2020-01-08 00:00:00	2021-01-08 00:00:00	None	CN TO-S-2020-0236 Malware Activity
202.129.240.0	24	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	IN Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
202.129.58.130	24	RB	None	2020-09-09 00:00:00	2021-09-24 00:00:00	None	SERVER-WEBAPP Zeroshell Linux Router command injection attempt - Sourcefire (IP=130,TH) | updated by WR Block was inactive. Reactivated on 20210626 with reason SERVER-WEBAPP Zeroshell Linux Router command injection attempt - 6HR Web Attack (IP=130,TH)
202.131.64.0	20	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	HK TO-S-2020-0303 Malicious Email Activity
202.133.72.98	24	RB	None	2021-03-30 00:00:00	2021-06-28 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6hr failed logons (IP=98,CN)
202.137.112.101	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	PH TO-S-2021-0876 Hive Case 4166 Malware Activity
202.137.120.241	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	PH TO-S-2020-0303 Malicious Email Activity
202.138.242.111	24	FT	None	2021-03-15 00:00:00	2021-06-15 00:00:00	None	Infection Match (CitrixNetScalerGateway) - Case 4975 (IP=111,ID)
202.138.247.149	32	DT	None	2021-09-01 00:00:00	2021-11-30 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) TT# 21C01738 (IP=149,US)
202.138.248.229	32	FT	None	2020-10-19 00:00:00	2021-01-19 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 21C00148 (IP=229,ID)
202.14.121.60	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=60,IN)
202.14.121.65	32	wmp	None	2021-05-21 00:00:00	2021-08-21 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=65,IN)
202.140.47.114	32	srm	None	2021-05-17 00:00:00	2021-08-15 00:00:00	None	Firepower Suspicious Scan Activity (IP=114,IN)
202.142.147.162	24	RB	None	2020-11-02 00:00:00	2021-01-31 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=162,PK)
202.142.154.130	24	BMP	None	2020-12-15 00:00:00	2021-03-15 00:00:00	None	FTP Login Failed - 6hr Failed Logons (IP=130,PK)
202.142.174.0	24	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	PK TO-S-2020-0331 Malicious Web Application Activity
202.146.218.45	24	EE	None	2021-01-20 00:00:00	2021-04-20 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6 HR Web Attacks (IP=45,HK)
202.146.218.45	32	wmp	None	2021-01-20 00:00:00	2021-04-21 00:00:00	None	Suspicious Scan Activity (IP=45,HK)
202.146.219.3	24	RW	None	2020-10-10 00:00:00	2021-01-10 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr web attacks (IP=3,HK)
202.146.244.5	24	KF	None	2020-03-08 00:00:00	2021-08-14 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability - TT# 20C02075 (IP=5,ID) | updated by RW Block was inactive. Reactivated on 20210516 with reason HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=5,ID)
202.147.182.17	24	BB	None	2021-07-26 00:00:00	2021-10-24 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt (1:19559:13) - SourceFire (IP=17,PK)
202.147.206.2	32	NAB	None	2020-10-30 00:00:00	2021-01-28 00:00:00	None	HIVE Case #4238 COLS-NA-TIP-20-0344 (IP=2,ID)
202.148.5.0	24	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	ID Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
202.149.91.0	24	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	ID Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
202.151.16.0	20	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	FJ TO-S-2020-0298 Malicious Email Activity
202.152.22.0	24	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	ID Hive Case 4237 TO-S-2021-0910 Malware Activity
202.152.32.0	20	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	ID TO-S-2020-0303 Malicious Email Activity
202.152.62.0	24	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=0,ID)
202.153.223.41	24	EE	None	2021-01-15 00:00:00	2021-04-15 00:00:00	None	BROWSER-IE Microsoft Edge Chakra scripting engine memory corruption attempt (1:44813:3)- Sourcefire (IP=41,AU)
202.153.37.194	24	RW	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr web attacks (IP=194,IN)
202.153.37.194	24	RW	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Sourcefire (IP=194,NL)
202.154.58.138	24	EE	None	2021-03-22 00:00:00	2021-06-20 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attack(IP=138,ID)
202.162.108.55	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	SG Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
202.162.41.51	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=51,ID)
202.164.138.172	32	srm	None	2021-05-17 00:00:00	2021-08-15 00:00:00	None	Firepower Suspicious Scan Activity (IP=172,IN)
202.164.138.242	24	GM	None	2020-10-31 00:00:00	2021-01-31 00:00:00	None	Generic URI Injection wget Attempt - FireEye CMS (IP=242,IN)
202.164.153.80	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=80,IN)
202.165.33.0	24	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	ID Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
202.166.208.0	20	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	US TO-S-2020-0303 Malicious Email Activity
202.166.210.224	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	US TO-S-2020-0303 Malicious Email Activity
202.168.152.0	22	dbc	None	2020-03-24 00:00:00	2021-03-24 00:00:00	None	HK TO-S-2020-0369 Malicious Email Activity
202.168.192.0	20	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	TW Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
202.168.64.0	20	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	MY Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
202.169.63.42	24	ZH	None	2021-07-22 00:00:00	2021-10-20 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt (1:19559:13) - Sourcefire Rpt (IP=42,ID)
202.173.125.4	24	RB	None	2021-03-18 00:00:00	2021-06-16 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - Sourcefire (IP=4,IN)
202.173.81.12	24	EE	None	2021-03-28 00:00:00	2021-06-26 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks(IP=12,ID)
202.178.113.222	32	srm	None	2021-01-29 00:00:00	2021-04-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=222,KH)
202.179.22.173	24	AR	None	2021-09-21 00:00:00	2021-12-20 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6Hr Web Attacks (IP=173,MN)
202.179.75.131	24	RW	None	2021-02-19 00:00:00	2021-05-19 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6 hr failed logons (IP=131,IN)
202.180.16.2	24	BMP	None	2021-01-20 00:00:00	2021-04-21 00:00:00	None	Redirect - CMS Report (IP=2,ID)
202.181.149.0	24	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	HK TO-S-2021-0989 Hive Case # 4493 Malware Activity
202.181.207.89	24	RW	None	2021-04-28 00:00:00	2021-08-12 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web attacks (IP=11,HK) | updated by RB Block expiration extended with reason HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=89,HK)
202.181.99.25	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	JP TO-S-2020-0331 Malicious Email Activity
202.182.100.198	24	GM	None	2021-03-11 00:00:00	2021-06-11 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=198,JP)
202.182.106.201	32	dbc	None	2020-08-26 00:00:00	2021-08-26 00:00:00	None	JP TO-S-2020-0758 Malicious Email Activity
202.182.109.85	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	JP Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
202.182.164.0	24	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	ID Hive Case 4237 TO-S-2021-0910 Malware Activity
202.184.27.145	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	MY Hive Case 4237 TO-S-2021-0910 Malware Activity
202.184.75.105	32	TLM	None	2021-07-29 00:00:00	2021-10-27 00:00:00	None	HIVE Case #5884 TO-S-2021-1435 (IP=105,MY)
202.188.192.0	19	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	MY Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
202.190.118.155	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	MY Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
202.191.123.135	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	HIVE Case #Firepower Firepower (IP=135,BD)
202.191.62.27	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	AU TO-S-2020-0750 Malicious Email Activity
202.201.161.204	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	CN TO-S-2020-0331 Malicious Web Application Activity
202.201.165.44	24	RR	None	2020-11-07 00:00:00	2021-02-05 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=44,CN)
202.202.217.76	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	CN TO-S-2020-0698 Malicious Reconnaissance Activity
202.21.111.58	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	US TO-S-2020-0303 Malicious Email Activity
202.21.116.11	24	RB	None	2021-04-01 00:00:00	2021-06-30 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=11,MN)
202.21.96.0	19	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5629 TO-S-2021-1303 (IP=0,MN)
202.21.99.2	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	MN TO-S-2020-0298 Malicious Email Activity
202.210.8.50	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	JP TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
202.218.48.85	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	JP TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
202.22.159.244	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	NC TO-S-2020-0459 Malware Activity
202.254.236.136	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	JP TO-S-2020-0331 Malicious Email Activity
202.254.236.159	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	JP Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
202.254.236.18	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	JP TO-S-2020-0698 Malware Activity
202.254.239.95	32	dbc	None	2020-09-17 00:00:00	2021-09-17 00:00:00	None	JP TO-S-2020-0805 Malicious Email Activity
202.28.194.163	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=163,TH)
202.29.214.13	24	AR	None	2021-06-04 00:00:00	2021-09-02 00:00:00	None	SSH2 Failed Login Attempt - 6 HR Failed Logons (IP=13,TH)
202.29.24.196	24	RW	None	2021-02-01 00:00:00	2021-05-01 00:00:00	None	Hello Peppa Scan - Fireeye IPS (IP=196,TH)
202.38.86.69	24	DT	None	2021-07-12 00:00:00	2021-10-10 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt (1:48837:6) - Source Fire (IP=69,CN)
202.4.119.44	24	BMP	None	2021-08-15 00:00:00	2021-11-13 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6hr Failed Logons (IP=44,BD)
202.4.32.0	19	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	WS TO-S-2021-0876 Hive Case 4166 Malware Activity
202.40.176.0	20	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	BD Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
202.43.176.0	20	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,ID)
202.45.144.24	32	jkc	None	2021-04-21 00:00:00	2021-10-21 00:00:00	None	Case # 5273 IOC_TO-S-2021-1233 Malicious callback IP
202.45.146.117	24	GM	None	2020-11-29 00:00:00	2021-03-01 00:00:00	None	Generic URI Injection wget Attempt - FireEye CMS (IP=117,NP)
202.46.29.43	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	US TO-S-2020-0303 Malicious Email Activity
202.46.69.180	24	RB	None	2021-03-30 00:00:00	2021-06-28 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=180,ID)
202.5.42.0	24	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	BD Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
202.5.46.0	23	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	BD TO-S-2021-0876 Hive Case 4166 Malware Activity
202.51.179.70	24	RB	None	2021-03-29 00:00:00	2021-06-27 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - 6hr web attacks (IP=70,BR)
202.51.191.218	32	srm	None	2021-03-30 00:00:00	2021-06-30 00:00:00	None	Firepower Suspicious Scan Activity (IP=218,BD)
202.51.74.0	23	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	NP TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
202.51.88.154	24	EE	None	2021-04-19 00:00:00	2021-07-18 00:00:00	None	INDICATOR-OBFUSCATION select concat statement - possible sql injection (1:19437:6) - Sourcefire (IP=154,NL)
202.51.88.154	32	wmp	None	2021-04-19 00:00:00	2021-07-19 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=154,NP)
202.51.88.6	32	wmp	None	2021-04-19 00:00:00	2021-07-19 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=6,NP)
202.51.91.142	32	srm	None	2021-03-30 00:00:00	2021-06-30 00:00:00	None	Firepower Suspicious Scan Activity (IP=142,NP)
202.51.92.211	24	RB	None	2021-04-19 00:00:00	2021-07-18 00:00:00	None	SERVER-WEBAPP WordPress SocialWarfare deprecated function access attempt - 6hr web attacks (IP=211,NP)
202.51.92.74	32	wmp	None	2021-04-19 00:00:00	2021-07-19 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=74,NP)
202.53.136.0	22	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	HK TO-S-2020-0298 Malicious Email Activity
202.53.237.91	24	GM	None	2020-10-24 00:00:00	2021-01-24 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=91,ID)
202.55.133.78	24	BB	None	2021-08-06 00:00:00	2021-11-04 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - SourceFire (IP=78,VN)
202.55.17.39	24	EE	None	2021-04-08 00:00:00	2021-07-07 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=39,HK)
202.58.231.80	32	dbc	None	2020-05-22 00:00:00	2021-05-27 00:00:00	None	Unafilliated TO-S-2020-0559 Malicious Email Activity | updated by dbc Block expiration extended with reason Unafilliated TO-S-2020-0559.01 Malicious Email Activity
202.58.242.0	23	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	ID TO-S-2020-0331 Malicious Web Application Activity
202.59.128.0	20	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	BD TO-S-2020-0303 Malicious Email Activity
202.59.74.139	24	BB	None	2021-08-06 00:00:00	2021-11-04 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - SourceFire (IP=139,PK)
202.59.91.5	24	BMP	None	2021-05-10 00:00:00	2021-08-08 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - 6hr Web Attacks (IP=5,PK)
202.59.91.5	32	srm	None	2021-05-11 00:00:00	2021-08-09 00:00:00	None	Firepower Suspicious Scan Activity (IP=5,PK)
202.6.224.0	20	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	ID TO-S-2020-0303 Malicious Email Activity
202.60.194.25	24	ZH	None	2021-08-29 00:00:00	2021-11-27 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) 6hr Web Attack (IP=25,TH)
202.60.248.0	22	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	HK TO-S-2020-0535 Malicious Email Activity
202.62.112.0	22	TLM	None	2021-06-10 00:00:00	2021-12-10 00:00:00	None	HIVE CASE #5606 TO-S-2021-1338
202.62.227.132	32	srm	None	2021-04-26 00:00:00	2021-07-25 00:00:00	None	Firepower Suspicious Scan Activity (IP=132,IN)
202.62.51.11	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	KH TO-S-2020-0303 Malicious Email Activity
202.62.92.2	32	dbc	None	2020-01-08 00:00:00	2021-01-08 00:00:00	None	IN TO-S-2020-0236 Malicious Reconnaissance Activity
202.63.242.195	24	AR	None	2021-07-12 00:00:00	2021-10-10 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6 Hr Failed Logon (IP=195,NP)
202.63.33.30	24	RR	None	2020-11-03 00:00:00	2021-02-01 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attcks (IP=30,AU)
202.65.118.130	24	EE	None	2021-02-15 00:00:00	2021-05-15 00:00:00	None	FTP Login Failed - 6 HR Failed Logon (IP=130,ID)
202.66.175.232	32	TLM	None	2021-07-29 00:00:00	2021-10-27 00:00:00	None	HIVE Case #5884 TO-S-2021-1435 (IP=232,IN)
202.72.211.213	24	GM	None	2021-04-23 00:00:00	2021-07-23 00:00:00	None	SERVER-WEBAPP Liferay arbitrary Java object deserialization attempt - Web Attacks (IP=213,ID)
202.72.240.0	21	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,MN)
202.73.58.54	24	GM	None	2020-11-27 00:00:00	2021-02-27 00:00:00	None	SERVER-WEBAPP ZyXEL P660HN ADSL Router viewlog.asp command injection attempt - Sourcefire (IP=54,SG)
202.74.238.0	24	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	ID Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
202.77.96.0	19	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	ID TO-S-2021-0989 Hive Case # 4493 Malicious Web Application Activity
202.78.233.205	24	RW	None	2021-01-28 00:00:00	2021-04-28 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - Sourcefire (IP=205,IN)
202.78.235.41	24	RR	None	2021-05-28 00:00:00	2021-08-26 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - Failed Logons (IP=41,IN)
202.79.173.12	32	KF	None	2019-08-28 00:00:00	2021-03-24 00:00:00	None	Immediate Inbound Network Block - TT# 19C03022 (IP=12,US) | updated by KF Block was inactive. Reactivated on 20200209 with reason HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability - TT# 20C01655 (IP=12,US) | updated by dbc Block expiration
202.83.16.0	22	TLM	None	2021-06-10 00:00:00	2021-12-10 00:00:00	None	HIVE CASE #5606 TO-S-2021-1338
202.83.192.0	19	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	HK TO-S-2021-0876 Hive Case 4166 Malware Activity
202.83.25.83	24	RW	None	2020-12-05 00:00:00	2021-03-05 00:00:00	None	Authentication Failed - 6hr Failed Logon (IP=83,IN)
202.83.56.3	24	AR	None	2021-07-02 00:00:00	2021-09-30 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6 Hr Failed Logons (IP=3,IN)
202.86.216.0	24	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	BD Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
202.87.31.222	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	AU Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
202.91.10.0	24	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	ID TO-S-2020-0838 Malicious Email Activity
202.92.4.232	32	NAB	None	2020-10-30 00:00:00	2021-01-28 00:00:00	None	HIVE Case #4238 COLS-NA-TIP-20-0344 (IP=232,VN)
202.93.153.246	24	BMP	None	2021-07-03 00:00:00	2021-10-01 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6hr Failed Logons (IP=246,KH)
202.93.236.46	24	RW	None	2021-05-08 00:00:00	2021-08-08 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=46,ID)
202.96.96.68	24	JKC	None	2021-08-30 00:00:00	2021-11-28 00:00:00	None	HIVE Case #NA AC HUNTER Malicious websites (IP=68,CN)
202.98.157.195	24	EE	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attack (IP=195,CN)
202.98.32.0	21	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	CN TO-S-2020-0298 Malicious Email Activity
203.113.4.0	24	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	TH Hive Case 4187 TO-S-2021-0898 Malware Activity
203.113.96.0	19	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	TH Hive Case 4187 TO-S-2021-0898 Malicious Web Application Activity
203.115.102.0	24	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	IN TO-S-2020-0298 Malicious Email Activity
203.115.103.170	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	IN TO-S-2020-0535 Malicious Email Activity
203.115.104.0	24	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	IN Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
203.115.104.34	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	IN TO-S-2020-0303 Malicious Email Activity
203.115.107.0	24	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	IN TO-S-2020-0331 Malicious Web Application Activity
203.115.73.35	24	GM	None	2020-11-12 00:00:00	2021-02-12 00:00:00	None	Generic URI Injection wget Attempt - FireEye CMS (IP=35,IN)
203.115.85.151	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	HIVE Case #Firepower Firepower (IP=151,IN)
203.115.85.64	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	HIVE Case #Firepower Firepower (IP=64,IN)
203.117.253.142	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	SG TO-S-2021-0876 Hive Case 4166 Malware Activity
203.119.13.170	24	DT	None	2021-03-30 00:00:00	2021-06-28 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=170,ID)
203.119.8.107	32	NAB	None	2020-10-30 00:00:00	2021-01-28 00:00:00	None	HIVE Case #4238 COLS-NA-TIP-20-0344 (IP=107,VN)
203.119.95.53	32	wmp	None	2021-04-19 00:00:00	2021-07-19 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=53,AU)
203.124.43.226	32	NAB	None	2020-10-30 00:00:00	2021-01-28 00:00:00	None	HIVE Case #4238 COLS-NA-TIP-20-0344 (IP=226,PK)
203.125.240.114	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	SG TO-S-2020-0459 Malware Activity
203.129.254.50	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	IN TO-S-2020-0303 Malicious Email Activity
203.135.49.233	24	FT	None	2021-01-06 00:00:00	2021-04-06 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - 6hr Web Attacks (IP=233,PK)
203.138.99.49	24	FT	None	2021-03-14 00:00:00	2021-06-14 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=49,JP)
203.146.4.0	22	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	TH TO-S-2021-0876 Hive Case 4166 Malware Activity
203.150.159.211	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	TH TO-S-2020-0298 Malicious Email Activity
203.150.176.0	20	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	TH TO-S-2020-0315 Malicious Web Application Activity
203.150.243.246	24	BMP	None	2021-03-13 00:00:00	2021-06-11 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=246,TH)
203.153.112.0	21	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	ID TO-S-2020-0298 Malicious Email Activity
203.153.216.0	22	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	ID TO-S-2021-0876 Hive Case 4166 Malware Activity
203.154.91.91	24	DT	None	2021-03-21 00:00:00	2021-06-19 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=91,TH)
203.157.103.189	24	BMP	None	2021-03-27 00:00:00	2021-06-25 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=189,TH)
203.157.103.190	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=190,TH)
203.159.80.184	24	KD	None	2021-06-04 00:00:00	2021-09-03 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (1:42857:3)- Source Fire (IP=184,NL)
203.159.80.188	32	srm	None	2021-03-30 00:00:00	2021-06-30 00:00:00	None	Firepower Suspicious Scan Activity (IP=188,NL)
203.159.80.55	32	wmp	None	2021-04-26 00:00:00	2021-07-26 00:00:00	None	McAfee IDS Report Suspicious Scan Activity (IP=55,NL)
203.159.80.75	32	wmp	None	2021-05-10 00:00:00	2021-08-10 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=75,NL)
203.159.80.90	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=90,NL)
203.160.128.171	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	ID TO-S-2021-0989 Hive Case # 4493 Malware Activity
203.160.128.171	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	ID TO-S-2021-0989 Hive Case # 4493 Malware Activity
203.160.128.171	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	ID TO-S-2021-0989 Hive Case # 4493 Malware Activity
203.160.56.0	21	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	ID TO-S-2020-0331 Malicious Web Application Activity
203.161.184.0	23	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	ID TO-S-2020-0698 Malicious Email Activity
203.162.120.0	21	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	VN Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
203.162.147.248	24	CR	None	2019-03-11 00:00:00	2021-03-29 00:00:00	None	HTTP: WordPress portable phpmyadmin plugin authentication bypass vulnerability (IP=248,VN) | updated by RR Block was inactive. Reactivated on 20201229 with reason HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=248,VN)
203.162.251.114	24	EE	None	2021-04-04 00:00:00	2021-07-03 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attack (IP=114,VN)
203.170.112.3	24	GM	None	2020-11-28 00:00:00	2021-02-28 00:00:00	None	Generic URI Injection wget Attempt - FireEye CMS (IP=3,KR)
203.170.132.0	22	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	TH Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
203.170.193.86	24	FT	None	2021-03-19 00:00:00	2021-06-19 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=86,TH)
203.171.20.51	24	RT	None	2021-06-18 00:00:00	2021-09-16 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - Sourcefire Report (IP=51,VN)
203.171.21.0	24	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,VN)
203.176.128.0	20	dbc	None	2020-06-10 00:00:00	2021-06-10 00:00:00	None	KH TO-S-2020-0601 Malware Activity
203.177.145.81	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=81,PH)
203.177.252.230	32	jkc	None	2021-04-21 00:00:00	2021-10-21 00:00:00	None	Case # 5273 IOC_TO-S-2021-1233 Malicious callback IP
203.177.52.85	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	PH TO-S-2021-0989 Hive Case # 4493 Malware Activity
203.181.17.17	24	RW	None	2021-04-30 00:00:00	2021-07-30 00:00:00	None	SSH User Authentication Brute Force Attempt - 6 hr failed logons (IP=17,JP)
203.184.128.0	19	NAB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HIVE Case #5136 TO-S-21-1197 TO-S-21-1197.01 (IP=0,HK)
203.187.225.182	24	EE	None	2021-01-31 00:00:00	2021-05-01 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6 HR Web Attack (IP=182,IN) | updated by RW Block expiration extended with reason SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Sourcefire (IP=182,IN)
203.188.240.0	21	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	BD TO-S-2020-0298 Malicious Email Activity
203.189.128.0	20	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	KH TO-S-2020-0303 Malicious Email Activity
203.189.128.0	19	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	KH Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
203.189.200.37	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	CN TO-S-2020-0331 Malicious Web Application Activity
203.189.237.42	24	BMP	None	2021-05-12 00:00:00	2021-08-10 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr Web Attacks (IP=42,HK)
203.19.191.121	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	AU TO-S-2020-0459 Malware Activity
203.19.191.122	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	AU TO-S-2020-0459 Malware Activity
203.19.191.71	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	AU TO-S-2020-0459 Malware Activity
203.19.191.71	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	AU TO-S-2020-0459 Malware Activity
203.19.191.72	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	AU TO-S-2020-0459 Malware Activity
203.19.191.74	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	AU TO-S-2020-0459 Malware Activity
203.19.191.75	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	AU TO-S-2020-0459 Malware Activity
203.190.112.0	21	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	ID Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
203.190.12.162	24	RR	None	2021-06-21 00:00:00	2021-09-19 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - SourceFire (IP=162,BG)
203.193.148.24	24	RB	None	2021-04-08 00:00:00	2021-07-07 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=24,IN)
203.197.142.35	24	DT	None	2021-08-31 00:00:00	2021-11-29 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - Source Fire (IP=35,IN)
203.197.142.40	24	RR	None	2021-03-11 00:00:00	2021-06-09 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=40,IN)
203.198.216.0	21	dbc	None	2020-08-26 00:00:00	2021-08-26 00:00:00	None	HK TO-S-2020-0758 Malicious Web Application Activity
203.198.83.27	24	DT	None	2021-09-03 00:00:00	2021-12-02 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - Failed Logons (IP=185,HK)
203.201.167.0	24	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	ID TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
203.202.233.0	24	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	IN Hive Case 4237 TO-S-2021-0910 Malware Activity
203.205.24.0	21	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	VN TO-S-2020-0331 Malicious Web Application Activity
203.208.175.150	24	EE	None	2021-04-19 00:00:00	2021-07-18 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) Web Attack (IP=150,SG)
203.212.212.191	32	RW	None	2021-01-28 00:00:00	2021-04-28 00:00:00	None	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - TT# 21C00443 (IP=191,IN)
203.212.238.250	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	IN TO-S-2020-0331 Malicious Reconnaissance Activity
203.223.34.0	24	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	KH Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
203.231.146.88	24	EE	None	2021-04-06 00:00:00	2021-07-05 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - Sourcefire (IP=88,KR )
203.238.107.34	32	TLM	None	2021-06-10 00:00:00	2021-12-10 00:00:00	None	HIVE CASE #5606 TO-S-2021-1338
203.24.186.0	24	dbc	None	2020-09-17 00:00:00	2021-09-17 00:00:00	None	CN TO-S-2020-0805 Malicious Email Activity
203.245.134.19	32	wmp	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=19,KR)
203.245.30.34	24	RW	None	2021-06-17 00:00:00	2021-09-15 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - SourceFire (IP=34,KR)
203.248.175.71	24	CR	None	2021-05-11 00:00:00	2021-08-11 00:00:00	None	SERVER-WEBAPP Zeroshell Linux Router command injection attempt - Sourcefire (IP=71,KR)
203.253.23.238	24	FT	None	2021-03-20 00:00:00	2021-06-18 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=238,KR)
203.26.199.70	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	AU TO-S-2020-0459 Malware Activity
203.30.44.22	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	AU Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
203.56.240.169	24	BMP	None	2021-03-07 00:00:00	2021-06-07 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=169,CN)
203.56.95.164	24	BMP	None	2021-06-17 00:00:00	2021-09-15 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=164,CN)
203.66.57.117	24	DT	None	2021-01-06 00:00:00	2021-04-06 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr Web Attacks (IP=117,TW)
203.66.57.117	24	CR	None	2020-12-29 00:00:00	2021-03-29 00:00:00	None	SERVER-WEBAPP vBulletin template rendering arbitrary PHP code execution attempt - Sourcefire (IP=117,TW)
203.70.224.0	19	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	TW Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
203.73.62.97	32	wmp	None	2021-01-27 00:00:00	2021-04-27 00:00:00	None	Firepower Suspicious Scan Activity (IP=97,TW)
203.77.208.0	20	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	ID TO-S-2020-0298 Malicious Email Activity
203.78.96.0	20	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	TH Hive Case 4187 TO-S-2021-0898 Malware Activity
203.80.17.0	24	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	MY Hive Case 4187 TO-S-2021-0898 Malware Activity
203.81.71.211	24	RW	None	2021-01-17 00:00:00	2021-04-17 00:00:00	None	Authentication Failure - 6 hr failed logons(IP=211,MY)
203.86.232.0	21	dbc	None	2020-06-10 00:00:00	2021-06-10 00:00:00	None	HK TO-S-2020-0601 Malicious Web Application Activity
203.88.154.0	24	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	IN TO-S-2020-0331 Malware Activity
203.88.154.47	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	IN TO-S-2020-0331 Malicious Reconnaissance Activity
203.89.24.0	21	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	ID Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
203.90.236.199	24	RW	None	2020-10-30 00:00:00	2021-01-30 00:00:00	None	SERVER-ORACLE Oracle iPlanet Web Server unauthenticated information disclosure attempt - Sourcefire (IP=199,HK)
203.93.6.28	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=28,CN)
203.94.240.0	20	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,IN)
203.95.200.0	23	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	BD Hive Case 4237 TO-S-2021-0910 Malware Activity
203.98.64.3	32	wmp	None	2020-08-20 00:00:00	2021-10-08 00:00:00	None	HIVE Case #3601 COLS-NA-TIP-20-0260 (IP=3,AU) | updated by dbc Block expiration extended with reason HIVE Case #4064 TO-S-2020-0859 (IP=3,AU)
203.99.116.178	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	ID TO-S-2020-0303 Malicious Email Activity
203.99.117.0	24	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	ID TO-S-2020-0331 Malicious Web Application Activity
203.99.118.0	24	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	ID TO-S-2020-0298 Malicious Email Activity
204.10.132.7	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	US TO-S-2020-0331 Malware Activity
204.109.58.19	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
204.11.58.33	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=33,US)
204.11.58.87	32	JKC	None	2021-06-08 00:00:00	2021-07-29 00:00:00	None	Malicious IP Hive Case 2977 TIPPER 20-0172 (ip=87, US) | updated by dbc Block expiration extended with reason US TO-S-2020-0698 Malicious Email Activity
204.11.59.195	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
204.11.59.88	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=88,US)
204.111.161.3	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=3,US)
204.12.208.125	32	NAB	None	2021-06-03 00:00:00	2021-09-01 00:00:00	None	HIVE Case #NA FP Security (IP=125,US)
204.12.220.114	32	NAB	None	2021-08-06 00:00:00	2021-11-04 00:00:00	None	HIVE Case #NA FP Security (IP=114,US)
204.13.154.47	24	RW	None	2021-05-08 00:00:00	2021-08-08 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=47,US)
204.13.250.29	32	EE	None	2021-04-02 00:00:00	2021-07-01 00:00:00	None	PROTOCOL-DNS glibc getaddrinfo A record stack buffer overflow attempt (1:37730:5) - SourceFire(IP=29,US)
204.13.251.29	32	SW	None	2021-05-19 00:00:00	2021-08-17 00:00:00	None	PROTOCOL-DNS glibc getaddrinfo A record stack buffer overflow attempt (IP=29,US)
204.131.83.138	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=138,US)
204.131.94.186	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=186,US)
204.15.51.131	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=131,US)
204.152.248.9	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
204.156.182.173	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=173,US)
204.156.182.175	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=175,US)
204.16.247.116	32	GM	None	2020-11-27 00:00:00	2021-02-27 00:00:00	None	SERVER-WEBAPP ZyXEL P660HN ADSL Router viewlog.asp command injection attempt - Web Attacks (IP=116,US)
204.188.205.176	18	CJC	None	2020-12-13 00:00:00	2021-12-13 00:00:00	None	Hive Case # 4481 - FireEye Blog IP related to SunBurst Backdoor (IP=176,US)
204.19.142.84	32	RT	None	2021-09-26 00:00:00	2021-12-25 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 21C01962 (IP=84,US)
204.19.142.86	32	RT	None	2021-09-26 00:00:00	2021-12-25 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 21C01963 (IP=86,US)
204.194.189.90	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=90,US)
204.195.122.22	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=22,US)
204.197.146.48	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malware Activity
204.197.229.193	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=193,US)
204.197.230.61	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=61,US)
204.197.230.62	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=62,US)
204.197.240.202	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=202,US)
204.225.249.100	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	CA TO-S-2021-0876 Hive Case 4166 Malware Activity
204.232.178.212	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	US TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
204.232.199.179	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=179,US)
204.236.64.0	21	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	BS Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
204.244.182.138	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	CA TO-S-2020-0459 Malware Activity
204.44.192.65	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
204.44.192.75	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	CA Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
204.44.192.76	32	dbc	None	2020-09-23 00:00:00	2021-09-23 00:00:00	None	CA TO-S-2020-0826 Hive Case 3950 Malicious Email Activity
204.44.71.119	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	US TO-S-2021-1007 Malicious Email Activity
204.44.82.53	32	wmp	None	2020-07-15 00:00:00	2021-09-17 00:00:00	None	HIVE Case #3343 COLS-NA-TIP-20-0220 (IP=53,US) | updated by dbc Block expiration extended with reason US TO-S-2020-0805 Malicious Email Activity
204.44.83.225	32	NAB	None	2021-04-05 00:00:00	2021-07-04 00:00:00	None	HIVE Case #5201 TO-S-21-1209 (IP=225,US)
204.44.83.95	32	NAB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HIVE Case #5136 TO-S-21-1197 TO-S-21-1197.01 (IP=95,US)
204.48.17.118	32	RT	None	2021-06-29 00:00:00	2021-09-27 00:00:00	None	SQL injection - 6 HR WebAttack (IP=118,US)
204.48.17.47	32	BMP	None	2021-06-25 00:00:00	2021-09-26 00:00:00	None	SQL injection - 6hr Web Attacks (IP=47,US) | updated by RR Block expiration extended with reason Command Injection (IP=47,US)
204.48.20.207	32	ZH	None	2021-07-21 00:00:00	2021-10-19 00:00:00	None	SERVER-WEBAPP VMWare vSphere Client remote code execution attempt - ABC Report (IP=207,US)
204.48.21.146	32	BB	None	2021-09-02 00:00:00	2021-12-01 00:00:00	None	- Web Attacks (IP=146,US)
204.48.22.163	32	CR	None	2021-06-24 00:00:00	2021-09-22 00:00:00	None	Command Injection_ABC report (IP=163,US)
204.48.22.190	32	BMP	None	2021-09-03 00:00:00	2021-12-02 00:00:00	None	INDICATOR-OBFUSCATION select concat statement - possible sql injection (1:19437:6) - SourceFire (IP=190,US)
204.48.22.86	32	DT	None	2021-08-20 00:00:00	2021-11-18 00:00:00	None	SERVER-WEBAPP Atlassian OAuth plugin multiple versions server side request forgery attempt (1:46898:1) - Sourcefire (IP=86,US)
204.48.24.34	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
204.48.27.178	32	CR	None	2021-06-08 00:00:00	2021-09-07 00:00:00	None	Webshell.Binary.php.FEC2_ FE Web Malware Object Download (IP=178,US)
204.48.27.50	32	BMP	None	2021-04-29 00:00:00	2021-07-28 00:00:00	None	Unauthorized Access-Probe/UDP: Host Sweep - TT# 21C01098 (IP=50,US)
204.48.28.120	32	RT	None	2021-06-29 00:00:00	2021-09-27 00:00:00	None	SQL injection - 6 HR WebAttack (IP=120,US)
204.8.232.7	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
204.85.32.24	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	Unaffiliated TO-S-2020-0535 Malware Activity
204.85.32.25	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
204.85.32.26	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
204.85.32.27	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
204.85.32.32	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
204.85.32.96	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	US TO-S-2020-0493 Malware Activity
204.93.154.194	32	CR	None	2018-11-23 06:00:00	2021-10-17 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (IP=194,US) | updated by RW Block was inactive. Reactivated on 20210119 with reason SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack att | updated by KH Block was inactive. Reactivated on 20210719 with reason SSLv2 Client Hello Request Detected - FE IPS (IP=194,US)
204.93.154.195	32	CR	None	2018-09-21 05:00:00	2021-09-21 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (IP=195,US) | updated by RW Block was inactive. Reactivated on 20191223 with reason SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack a
204.93.154.196	32	RB	None	2019-01-06 06:00:00	2021-09-13 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (IP=196,US) | updated by DT Block was inactive. Reactivated on 20200618 with reason SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack at
204.93.154.208	32	CR	None	2018-12-03 06:00:00	2021-11-09 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (IP=208,US) | updated by RW Block was inactive. Reactivated on 20200217 with reason SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack atte | updated by RT Block was inactive. Reactivated on 20210811 with reason SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire Report (IP=208,US)
204.93.154.209	32	DT	None	2021-03-03 00:00:00	2021-06-02 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=209,US)
204.93.154.210	32	CR	None	2019-04-17 00:00:00	2021-09-16 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (IP=210,US) | updated by EE Block was inactive. Reactivated on 20210227 with reason SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack at
204.93.161.64	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=64,US)
204.93.169.34	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	US TO-S-2020-0493 Malware Activity
204.93.178.39	32	CR	None	2019-08-19 00:00:00	2021-04-23 00:00:00	None	Possible SQLi attempt - TT# 19C02882 (IP=39,US) | updated by dbc Block was inactive. Reactivated on 20200423 with reason US TO-S-2020-0459 Malware Activity
204.93.183.38	32	dbc	None	2020-09-23 00:00:00	2021-09-23 00:00:00	None	US TO-S-2020-0826 Hive Case 3950 Malicious Email Activity
204.93.193.167	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	US TO-S-2020-0750 Malicious Email Activity
204.93.197.202	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	US TO-S-2021-1007 Malicious Email Activity
205.134.253.185	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
205.134.253.6	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
205.134.254.97	32	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	US TO-S-2020-0838 Malicious Email Activity
205.144.171.103	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	US Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
205.144.171.103	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	US Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
205.144.171.103	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	US Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
205.144.171.117	32	dbc	None	2020-04-08 00:00:00	2021-04-08 00:00:00	None	US TO-S-2020-0419 Malicious Email Activity
205.144.171.120	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	US Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
205.144.171.120	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	US Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
205.144.171.120	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	US Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
205.144.171.135	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
205.144.171.162	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	US Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
205.144.171.162	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	US Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
205.144.171.162	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	US Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
205.144.171.169	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	US TO-S-2020-0493 Malware Activity
205.144.171.173	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	US TO-S-2020-0493 Malware Activity
205.144.171.202	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
205.144.171.225	32	NAB	None	2020-10-30 00:00:00	2021-01-28 00:00:00	None	HIVE Case #4238 COLS-NA-TIP-20-0344 (IP=225,US)
205.144.171.227	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	HIVE Case #3941 TO-S-2020-0821 COLS-NA-TIP-20-0298 (IP=227,US)
205.144.171.43	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=43,US)
205.144.171.5	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	US TO-S-2020-0493 Malware Activity
205.144.171.64	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
205.144.171.71	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
205.144.171.78	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
205.144.171.80	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	US TO-S-2020-0493 Malware Activity
205.144.171.99	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
205.153.86.79	32	dbc	None	2020-03-24 00:00:00	2021-03-24 00:00:00	None	US TO-S-2020-0369 Malicious Email Activity
205.166.171.146	32	dbc	None	2020-05-22 00:00:00	2021-05-27 00:00:00	None	Unafilliated TO-S-2020-0559 Malicious Email Activity | updated by dbc Block expiration extended with reason Unafilliated TO-S-2020-0559.01 Malicious Email Activity
205.185.114.165	32	BMP	None	2021-06-18 00:00:00	2021-09-16 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt (1:28556:3) - SourceFire (IP=165,US)
205.185.114.201	32	ZH	None	2021-06-09 00:00:00	2021-09-07 00:00:00	None	Attempted Access - Inbound Brute Force / SSH: SSH Login - TT# 21C01276 (IP=201,US)
205.185.114.251	32	RB	None	2021-05-17 00:00:00	2021-08-15 00:00:00	None	Attempted Access - Inbound Brute - TT# 21C01178 (IP=251,US)
205.185.114.54	32	wmp	None	2021-04-15 00:00:00	2021-07-15 00:00:00	None	McAfee IDS Report Suspicious Scan Activity (IP=54,US)
205.185.114.6	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
205.185.115.53	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	US TO-S-2020-0331 Malicious Email Activity
205.185.118.106	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
205.185.118.227	32	ZH	None	2021-06-07 00:00:00	2021-09-06 00:00:00	None	Attempted Access - Inbound Brute Force - TT# 21C01269 (IP=227,US)
205.185.120.121	32	NAB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HIVE Case #5136 TO-S-21-1197 TO-S-21-1197.01 (IP=121,US)
205.185.121.104	32	RB	None	2021-05-17 00:00:00	2021-08-15 00:00:00	None	Attempted Access - Inbound Brute - TT# 21C01177 (IP=104,US)
205.185.121.3	32	EE	None	2021-02-07 00:00:00	2021-05-08 00:00:00	None	SERVER-WEBAPP JBoss JMX console access attempt - SourceFire (IP=3,US)
205.185.122.42	24	DT	None	2021-02-15 00:00:00	2021-05-15 00:00:00	None	Unauthorized Access-Probe / UDP: Host Sweep - TT# 21C00503 (IP=42,US)
205.185.123.173	32	GM	None	2020-11-05 00:00:00	2021-02-05 00:00:00	None	ZmEu phpMyAdmin Vulnerability Scanner - FireEye CMS (IP=173,US)
205.185.125.171	32	BMP	None	2020-11-19 00:00:00	2021-02-19 00:00:00	None	Unauthorized Access-Probe - TT# 21C00243 (IP=171,US)
205.185.126.151	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=151,US)
205.185.126.93	32	GM	None	2020-12-25 00:00:00	2021-03-25 00:00:00	None	ZmEu phpMyAdmin Vulnerability Scanner - FireEye CMS (IP=93,US)
205.185.127.217	32	GM	None	2021-03-09 00:00:00	2021-06-07 00:00:00	None	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00647 (IP=217,US)
205.185.127.48	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	US TO-S-2020-0493 Malware Activity
205.185.180.218	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=218,US)
205.185.214.222	32	RW	None	2021-07-18 00:00:00	2021-10-16 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - Sourcefire (IP=222,US)
205.185.216.10	32	GLM	None	2017-05-01 05:00:00	2021-01-28 00:00:00	None	FILE-IMAGE Directshow GIF logical width overflow attempt (IP=10,US) | updated by kmw with reason US TO-S-2019-0136 Malicious | updated by NAB Block was inactive. Reactivated on 20201030 with reason HIVE Case #4238 COLS-NA-TIP-20-0344 (IP=10,US)
205.186.143.176	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
205.186.153.237	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
205.186.162.13	32	TLM	None	2021-06-17 00:00:00	2021-12-17 00:00:00	None	HIVE Case #5644 TO-S-2021-1352 (IP=13,US)
205.186.165.215	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=215,US)
205.200.180.37	24	SW	None	2021-07-24 00:00:00	2021-10-22 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - WebAttacks (IP=37, CA)
205.204.186.54	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=54,US)
205.205.150.26	32	KF	None	2019-10-22 00:00:00	2021-04-26 00:00:00	None	Generic ArcSight scan attempt (IP=26,US) | updated by wmp Block was inactive. Reactivated on 20210126 with reason Suspicious Scan Activity (IP=26,US)
205.213.187.35	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	US TO-S-2020-0698 Malware Activity
205.251.148.130	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	US TO-S-2020-0493 Malware Activity
205.254.131.57	32	dbc	None	2020-05-22 00:00:00	2021-05-27 00:00:00	None	Unafilliated TO-S-2020-0559 Malicious Email Activity | updated by dbc Block expiration extended with reason Unafilliated TO-S-2020-0559.01 Malicious Email Activity
206.116.52.23	32	wmp	None	2021-04-22 00:00:00	2021-07-22 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=23,CA)
206.116.52.9	32	wmp	None	2021-04-22 00:00:00	2021-07-22 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=9,CA)
206.123.128.0	19	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	KZ TO-S-2020-0698 Malicious Email Activity
206.124.200.233	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=233,US)
206.130.100.149	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	US TO-S-2020-0331 Malicious Email Activity
206.161.32.6	32	RT	None	2021-09-26 00:00:00	2021-12-25 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 21C01960 (IP=6,US)
206.166.248.0	23	GL	None	2021-01-06 00:00:00	2021-04-06 00:00:00	None	HIVE Case #4689 Hack The Army Master Case (IP=0,US)
206.166.251.249	32	NAB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HIVE Case #5136 TO-S-21-1197 TO-S-21-1197.01 (IP=249,NL)
206.174.115.78	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=78,US)
206.174.116.105	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=105,US)
206.174.36.7	32	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5629 TO-S-2021-1303 (IP=7,US)
206.174.46.13	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=13,US)
206.187.18.73	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	US TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
206.188.193.162	32	alj	None	2018-11-28 06:00:00	2021-12-11 00:00:00	None	FILE-PDF Multiple productsincomplete JP2K image geometry potentially malicious PDF detected(1:25459:15) (ip=162,us) | updated by jkc Block was inactive. Reactivated on 20201211 with reason US TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
206.189.0.9	32	wmp	None	2021-02-09 00:00:00	2021-05-09 00:00:00	None	Firepower Suspicious Scan Activity (IP=9,NL)
206.189.1.252	24	RW	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=252,NL) | updated by RW Block expiration extended with reason SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Sourcefire (IP=252,NL) SERVER-WEBAPP PHPUnit PHP remote code executi
206.189.1.252	24	DT	None	2021-03-25 00:00:00	2021-06-24 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=252,NL) | updated by RW Block expiration extended with reason SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Sourcefire (IP=252,NL) SERVER-WEBAPP PHPUnit PHP remote code executi
206.189.103.238	32	wmp	None	2021-01-27 00:00:00	2021-04-27 00:00:00	None	Firepower Suspicious Scan Activity (IP=238,NL)
206.189.103.7	24	BMP	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=7,NL)
206.189.106.14	32	wmp	None	2021-05-13 00:00:00	2021-08-13 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=14,NL)
206.189.112.148	32	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	GB TO-S-2020-0315 Malicious Email Activity
206.189.129.126	32	GM	None	2021-03-03 00:00:00	2021-06-03 00:00:00	None	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - TT # 21C00546 (IP=126,US)
206.189.132.97	24	GM	None	2021-03-11 00:00:00	2021-06-11 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=97,IN)
206.189.140.181	32	dbc	None	2020-03-24 00:00:00	2021-03-24 00:00:00	None	IN TO-S-2020-0369 Malicious Email Activity
206.189.140.223	24	RW	None	2021-05-09 00:00:00	2021-08-09 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=223,IN)
206.189.140.227	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=227,IN)
206.189.141.227	24	BMP	None	2021-03-27 00:00:00	2021-06-25 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=227,IN)
206.189.147.177	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	SG TO-S-2020-0459 Malware Activity
206.189.149.121	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	SG TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
206.189.149.121	32	NAB	None	2020-10-30 00:00:00	2021-01-28 00:00:00	None	HIVE Case #4238 COLS-NA-TIP-20-0344 (IP=121,SG)
206.189.15.77	24	BMP	None	2021-03-23 00:00:00	2021-06-21 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=77,NL)
206.189.150.61	24	DT	None	2021-03-30 00:00:00	2021-06-28 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=61,SG)
206.189.155.75	32	srm	None	2021-04-23 00:00:00	2021-07-22 00:00:00	None	Firepower Suspicious Scan Activity (IP=75,SG)
206.189.158.132	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	SG TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
206.189.16.203	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	GB TO-S-2020-0459 Malware Activity
206.189.162.153	32	RW	None	2021-01-03 00:00:00	2021-04-03 00:00:00	None	HTTP: SQL Injection - Exploit II - Web Attacks (IP=153,US)
206.189.164.221	32	RR	None	2020-11-14 00:00:00	2021-02-12 00:00:00	None	SERVER-WEBAPP F5 BIG-IP Traffic Management User Interface remote code execution attempt - SourceFire (IP=221,US)
206.189.165.15	32	FT	None	2021-03-27 00:00:00	2021-06-25 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=15,US)
206.189.174.24	32	EE	None	2021-04-13 00:00:00	2021-07-12 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attack (IP=24,US)
206.189.175.134	32	CR	None	2021-01-06 00:00:00	2021-04-06 00:00:00	None	Nuclei Vulnerability Scanner - IPS Events (IP=134,US)
206.189.182.142	32	WR	None	2021-06-27 00:00:00	2021-09-25 00:00:00	None	Adobe ColdFusion Administrator Access Restriction - 6hr Web Attacks (IP=142,US)
206.189.182.19	32	WR	None	2021-06-27 00:00:00	2021-09-25 00:00:00	None	Adobe ColdFusion Administrator Access Restriction - 6hr Web Attacks (IP=19,US)
206.189.182.56	32	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	US TO-S-2020-0838 Malicious Email Activity
206.189.183.152	32	WR	None	2021-06-27 00:00:00	2021-09-25 00:00:00	None	SERVER-WEBAPP generic SQL select statement possible sql injection - 6hr Web Attacks (IP=152,US)
206.189.184.167	32	RW	None	2021-03-31 00:00:00	2021-06-30 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability - 6hr web attacks (IP=167,US)
206.189.185.143	32	KH	None	2021-08-03 00:00:00	2021-11-01 00:00:00	None	HTTP: SQL Injection - Exploit - Web Attacks (IP=143,US)
206.189.189.190	32	WR	None	2021-06-27 00:00:00	2021-09-25 00:00:00	None	SERVER-WEBAPP YouPHPTube getImageMP4.php command injection attempt - 6hr Web Attacks (IP=190,US)
206.189.191.121	32	UA	None	2021-08-04 00:00:00	2021-11-02 00:00:00	None	HTTP: SQL Injection - Exploit - 6hr Web Attacks (IP=121,US)
206.189.195.50	32	RR	None	2021-04-23 00:00:00	2021-07-23 00:00:00	None	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - TT# 21C01063 (IP=503,US)
206.189.199.250	24	RW	None	2021-04-19 00:00:00	2021-07-19 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=250,US)
206.189.2.205	24	FT	None	2021-01-11 00:00:00	2021-04-11 00:00:00	None	SSH User Authentication Brute Force Attempt - 6hr failed logons (IP=205,NL)
206.189.20.70	24	RR	None	2021-03-29 00:00:00	2021-06-28 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt -SourceFire (IP=70,GB) | updated by BMP Block expiration extended with reason SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=70,GB)
206.189.203.95	32	EE	None	2021-01-08 00:00:00	2021-04-08 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire (IP=95,US)
206.189.206.155	32	BMP	None	2021-06-25 00:00:00	2021-09-23 00:00:00	None	SQL injection - 6hr Web Attacks (IP=155,US)
206.189.207.48	32	GM	None	2021-04-22 00:00:00	2021-07-21 00:00:00	None	Adobe ColdFusion Administrator Access Restriction - Web Attacks (IP=48,US)
206.189.208.113	32	BMP	None	2021-02-16 00:00:00	2021-05-15 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt (1:51395:1) - SourceFire (IP=113,US)
206.189.208.169	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	US TO-S-2020-0298 Malware Activity
206.189.209.162	32	RB	None	2021-01-09 00:00:00	2021-04-11 00:00:00	None	Suspicious Scan Activity - Hive Case #4744 (IP=162,US) | updated by BMP Block expiration extended with reason Backdoor.TROCHILUS - Hive Case 4744 (IP=162,US)
206.189.212.66	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	US TO-S-2020-0698 Malware Activity
206.189.219.59	32	wmp	None	2021-02-25 00:00:00	2021-05-25 00:00:00	None	McAfee Network Security Report Suspicious Scan Activity (IP=59,US)
206.189.221.167	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	US TO-S-2020-0493 Malware Activity
206.189.222.100	32	RB	None	2021-01-10 00:00:00	2021-04-11 00:00:00	None	Suspicious Scan Activity - Hive Case #4744 (IP=100,US) | updated by BMP Block expiration extended with reason Backdoor.TROCHILUS - Hive Case 4744 (IP=100,US)
206.189.222.96	32	RB	None	2021-01-09 00:00:00	2021-04-11 00:00:00	None	Suspicious Scan Activity - Hive Case #4744 (IP=96,US) | updated by BMP Block expiration extended with reason Backdoor.TROCHILUS - Hive Case 4744 (IP=96,US)
206.189.223.170	32	RW	None	2020-12-05 00:00:00	2021-03-05 00:00:00	None	Nuclei Vulnerability Scanner - Fireeye IPS (IP=170,US)
206.189.227.101	32	RR	None	2021-06-20 00:00:00	2021-09-27 00:00:00	None	SQL injection - Web Attacks (IP=101,US) | updated by RW Block expiration extended with reason Command Injection (IP=101,US)
206.189.227.179	32	AR	None	2021-06-25 00:00:00	2021-09-23 00:00:00	None	Self-report / Path Traversal Attempts - TT# 21C01369 (IP=179,US)
206.189.227.67	32	BMP	None	2021-03-13 00:00:00	2021-06-11 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=67,US)
206.189.228.49	32	GM	None	2021-04-23 00:00:00	2021-07-23 00:00:00	None	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - IR# 21C01062 (IP=49,US)
206.189.230.119	32	SW	None	2021-08-11 00:00:00	2021-11-09 00:00:00	None	Self Report/Coldfusion Error - TT# 21C01546 (IP=119, US)
206.189.230.255	32	BB	None	2021-09-02 00:00:00	2021-12-01 00:00:00	None	Command Injection - SourceFire (IP=255,US)
206.189.231.11	32	KD	None	2021-08-10 00:00:00	2021-11-08 00:00:00	None	POLICY-OTHER Micro Focus Operations Bridge default credentials login attempt - SourceFire (IP=11,US)
206.189.231.122	32	RT	None	2021-07-21 00:00:00	2021-10-19 00:00:00	None	SERVER-WEBAPP D-Link hedwig.cgi directory traversal attempt (1:44454:2) - Sourcefire Report (IP=122,US)
206.189.234.215	32	RB	None	2021-06-20 00:00:00	2021-09-18 00:00:00	None	File /etc/passwd Access Attempt Detect- IPS Events (IP=215,US)
206.189.235.68	32	wmp	None	2021-03-16 00:00:00	2021-06-16 00:00:00	None	FireEye IPS Nuclei Vulnerability Scanner (IP=68,US)
206.189.237.17	32	EE	None	2021-03-27 00:00:00	2021-06-25 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=17,US)
206.189.237.184	32	BMP	None	2021-06-25 00:00:00	2021-09-23 00:00:00	None	SQL injection - 6hr Web Attacks (IP=184,US)
206.189.237.253	32	dbc	None	2020-01-08 00:00:00	2021-01-08 00:00:00	None	US TO-S-2020-0236 Malicious Email Activity
206.189.238.112	32	ABC	None	2021-06-27 00:00:00	2021-09-25 00:00:00	None	Command Injection (IP=112,US)
206.189.238.17	32	BMP	None	2021-03-27 00:00:00	2021-06-25 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=17,US)
206.189.238.244	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
206.189.239.210	32	RB	None	2021-02-17 00:00:00	2021-05-17 00:00:00	None	Nuclei Vulnerability Scanner - IPS Events (IP=210,US) | updated by wmp Block expiration extended with reason Imperva Distributed Nuclei Scanner (IP=210,US)
206.189.36.135	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	HIVE Case #Firepower Firepower (IP=135,SG)
206.189.39.197	24	FT	None	2021-03-20 00:00:00	2021-06-18 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=197,SG)
206.189.41.221	32	FT	None	2020-10-03 00:00:00	2021-01-03 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - TT # 21C00015 (IP=221,SG)
206.189.42.170	24	EE	None	2021-03-19 00:00:00	2021-06-17 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attack (IP=170,SG)
206.189.46.218	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	SG TO-S-2020-0535 Malware Activity
206.189.48.19	24	RW	None	2021-05-15 00:00:00	2021-08-13 00:00:00	None	SQL injection - Web Attacks (IP=19,DE)
206.189.49.109	32	wmp	None	2021-05-14 00:00:00	2021-08-14 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=109,DE)
206.189.49.146	24	RW	None	2021-05-15 00:00:00	2021-08-13 00:00:00	None	SQL injection - Web Attacks (IP=146,DE)
206.189.5.79	32	wmp	None	2021-05-13 00:00:00	2021-08-13 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=79,NL)
206.189.50.36	24	RB	None	2021-05-02 00:00:00	2021-07-31 00:00:00	None	SQL injection - 6hr web attacks (IP=36,DE)
206.189.51.181	24	RW	None	2021-05-15 00:00:00	2021-08-13 00:00:00	None	SQL injection - Web Attacks (IP=181,DE)
206.189.52.197	24	CR	None	2021-04-30 00:00:00	2021-07-30 00:00:00	None	Webshell.Binary.php.FEC2 (IP=197,DE)
206.189.55.23	24	RR	None	2020-12-29 00:00:00	2021-03-29 00:00:00	None	POLICY-OTHER SAP NetWeaver AS LM Configuration Wizard access detected - SourceFire (IP=23,DE)
206.189.60.161	24	BMP	None	2021-05-11 00:00:00	2021-08-09 00:00:00	None	SQL injection - 6hr Web Attacks (IP=161,DE)
206.189.61.126	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	DE TO-S-2020-0298 Malicious Email Activity
206.189.61.175	24	RR	None	2021-05-04 00:00:00	2021-08-02 00:00:00	None	SQL injection - Web Attacks (IP=175,DE)
206.189.62.161	24	RB	None	2021-05-02 00:00:00	2021-07-31 00:00:00	None	SQL injection - 6hr web attacks (IP=161,DE)
206.189.63.252	24	RW	None	2021-05-15 00:00:00	2021-08-13 00:00:00	None	SQL injection - Web Attacks (IP=252,DE)
206.189.64.126	32	BMP	None	2021-02-16 00:00:00	2021-05-15 00:00:00	None	SERVER-WEBAPP Cisco Ultra Services Framework command injection attempt - 6hr Web Attacks (IP=126,US)
206.189.66.184	32	BMP	None	2020-12-31 00:00:00	2021-03-31 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - 6hr Web attacks (IP=184,US)
206.189.68.222	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	US TO-S-2020-0493 Malware Activity
206.189.71.105	32	GM	None	2021-01-03 00:00:00	2021-04-03 00:00:00	None	SQL 1 = 1 - possible sql injection attempt - Sourcefire (IP=105,US)
206.189.74.166	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	US TO-S-2020-0493 Malware Activity
206.189.80.120	32	wmp	None	2021-01-27 00:00:00	2021-04-27 00:00:00	None	Firepower Suspicious Scan Activity (IP=120,SG)
206.189.80.67	32	wmp	None	2021-01-27 00:00:00	2021-04-27 00:00:00	None	Firepower Suspicious Scan Activity (IP=67,SG)
206.189.81.196	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=196,SG)
206.189.83.124	24	DT	None	2021-03-30 00:00:00	2021-06-28 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=124,SG)
206.189.83.140	32	srm	None	2021-03-30 00:00:00	2021-06-30 00:00:00	None	Firepower Suspicious Scan Activity (IP=140,SG)
206.189.87.217	24	ZH	None	2021-09-21 00:00:00	2021-12-20 00:00:00	None	SERVER-WEBAPP VMWare vSphere Client remote code execution attempt (1:57720:1) - Sourcefire Rpt (IP=217,SG)
206.189.87.217	32	BB	None	2021-09-18 00:00:00	2021-12-17 00:00:00	None	HTTP: Apache Struts2 XML Deserialization Remote Code Execution (CVE-2017-9805) - IR# 21C01890 (IP=217, US)
206.189.87.64	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=64,SG)
206.189.88.147	32	srm	None	2021-03-30 00:00:00	2021-06-30 00:00:00	None	Firepower Suspicious Scan Activity (IP=147,SG)
206.189.97.77	24	KH	None	2021-09-22 00:00:00	2021-12-21 00:00:00	None	Possible Cross-site Scripting Attack - Sourcefire (IP=77,NL)
206.198.248.173	32	PS	None	2021-05-19 00:00:00	2021-08-30 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2)-Sourcefire Report (IP=173,US) | updated by ZH Block expiration extended with reason SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SS
206.214.228.33	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=33,US)
206.219.255.160	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=160,US)
206.221.176.229	32	RT	None	2021-07-23 00:00:00	2021-10-21 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt (1:28556:3) - Sourcefire Report (IP=229,US)
206.248.172.128	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	CA TO-S-2021-0876 Hive Case 4166 Malicious Web Application Activity
206.72.192.74	32	NAB	None	2021-04-05 00:00:00	2021-07-04 00:00:00	None	HIVE Case #5201 TO-S-21-1209 (IP=74,US)
206.74.13.39	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	US TO-S-2020-0698 Malicious Email Activity
206.81.1.170	32	BB	None	2021-09-02 00:00:00	2021-12-01 00:00:00	None	Command Injection - ABC Report(IP=170,US)
206.81.1.43	32	RT	None	2021-07-21 00:00:00	2021-10-19 00:00:00	None	POLICY-OTHER PHP uri tag injection attempt (1:23111:14) - Sourcefire Report (IP=43,US)
206.81.1.57	32	SW	None	2021-06-17 00:00:00	2021-09-15 00:00:00	None	SQL injection - Web Attacks (IP=57,US)
206.81.10.215	32	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	US TO-S-2020-0315 Malicious Email Activity
206.81.16.51	24	RB	None	2021-05-02 00:00:00	2021-07-31 00:00:00	None	SQL injection - 6hr web attacks (IP=51,DE)
206.81.17.76	32	wmp	None	2021-05-05 00:00:00	2021-08-05 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=76,DE)
206.81.19.151	24	RB	None	2021-05-02 00:00:00	2021-07-31 00:00:00	None	SQL injection - 6hr web attacks (IP=151,DE)
206.81.20.101	24	CR	None	2021-04-30 00:00:00	2021-07-30 00:00:00	None	HTTP SQL injection_Web Attack Report (IP=101,DE)
206.81.21.91	24	RB	None	2021-04-01 00:00:00	2021-06-30 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=91,DE)
206.81.22.139	32	wmp	None	2021-05-03 00:00:00	2021-08-03 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=139,DE)
206.81.22.139	24	RB	None	2021-05-03 00:00:00	2021-08-01 00:00:00	None	SQL injection - 6hr failed logons (IP=139 DE)
206.81.23.118	24	RB	None	2021-05-02 00:00:00	2021-07-31 00:00:00	None	SQL injection - 6hr web attacks (IP=118,DE)
206.81.25.102	24	RW	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr web attacks (IP=102,DE)
206.81.25.26	24	BMP	None	2021-05-13 00:00:00	2021-08-11 00:00:00	None	SQL injection - 6hr Web Attacks (IP=26,DE)
206.81.26.37	32	wmp	None	2021-04-30 00:00:00	2021-07-30 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=37,DE)
206.81.27.91	24	RW	None	2021-05-02 00:00:00	2021-08-02 00:00:00	None	SQL injection - Web attacks (IP=91,DE)
206.81.29.230	24	RB	None	2021-05-02 00:00:00	2021-07-31 00:00:00	None	SQL injection - 6hr web attacks (IP=230,DE)
206.81.30.136	24	RB	None	2021-05-02 00:00:00	2021-07-31 00:00:00	None	HTTP SQL Injection Attempt - 6hr web attacks (IP=136,DE)
206.81.7.77	32	RB	None	2021-06-19 00:00:00	2021-09-17 00:00:00	None	SQL injection - 6hr web attacks (IP=77,US)
206.81.9.180	32	SW	None	2021-06-17 00:00:00	2021-09-16 00:00:00	None	SQL injection - Web Attacks (IP=180,US) | updated by ZH Block expiration extended with reason SQL Injection - 6hr Web Attacks (IP=180,US)
206.81.9.181	32	RT	None	2021-07-21 00:00:00	2021-10-19 00:00:00	None	POLICY-OTHER Adobe ColdFusion component browser access attempt (1:25977:3) - Sourcefire Report (IP=181,US)
206.84.141.78	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=78,PK)
207.102.64.26	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	CA TO-S-2020-0459 Malware Activity
207.11.112.19	32	dbc	None	2020-05-22 00:00:00	2021-05-27 00:00:00	None	Unafilliated TO-S-2020-0559 Malicious Email Activity | updated by dbc Block expiration extended with reason Unafilliated TO-S-2020-0559.01 Malicious Email Activity
207.144.103.227	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malware Activity
207.148.102.158	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	JP Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
207.148.120.0	32	TLM	None	2021-06-17 00:00:00	2021-12-17 00:00:00	None	HIVE Case #5644 TO-S-2021-1352 (IP=0,SG)
207.148.124.19	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	SG TO-S-2020-0298 Malicious Email Activity
207.148.67.184	24	ZH	None	2021-09-21 00:00:00	2021-12-20 00:00:00	None	SERVER-WEBAPP Atlassian Confluence OGNL injection remote code execution attempt - 6hr web attacks (IP=184,SG)
207.148.68.124	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	SG TO-S-2020-0298 Malicious Email Activity
207.148.68.42	32	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	SG TO-S-2020-0315 Malicious Email Activity
207.148.69.114	24	BB	None	2021-08-10 00:00:00	2021-11-08 00:00:00	None	SERVER-WEBAPP Microsoft Exchange autodiscover server side request forgery attempt - Web Attacks (IP=114,SG)
207.148.71.111	32	wmp	None	2020-06-24 00:00:00	2021-08-24 00:00:00	None	HIVE Case #3110 COLS-NA-TIP-20-0193 (IP=111,SG) | updated by dbc Block expiration extended with reason SG TO-S-2020-0750 Malicious Email Activity
207.148.94.89	32	dbc	None	2020-09-23 00:00:00	2021-09-23 00:00:00	None	JP TO-S-2020-0826 Hive Case 3950 Malicious Email Activity
207.150.192.36	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
207.150.220.204	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=204,US)
207.154.195.179	24	RR	None	2021-03-30 00:00:00	2021-06-28 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=179,DE)
207.154.199.41	24	BMP	None	2021-03-25 00:00:00	2021-06-23 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=41,DE)
207.154.200.151	32	RW	None	2021-04-18 00:00:00	2021-07-18 00:00:00	None	HTTP: Apache Struts OGNL Code Execution - TT# 21C01033 (IP=151,US)
207.154.200.151	24	RW	None	2021-04-18 00:00:00	2021-07-18 00:00:00	None	SQL injection - Web attacks (IP=151,DE)
207.154.201.24	32	wmp	None	2021-05-03 00:00:00	2021-08-03 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=24,DE)
207.154.212.156	32	dbc	None	2020-06-10 00:00:00	2021-06-10 00:00:00	None	Unaffiliated TO-S-2020-0601 Malicious Email Activity
207.154.215.11	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	HIVE Case #Firepower Firepower (IP=11,DE)
207.154.215.151	24	RW	None	2021-05-15 00:00:00	2021-08-13 00:00:00	None	SQL injection - Web Attacks (IP=151,DE)
207.154.216.244	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	DE TO-S-2020-0303 Malicious Email Activity
207.154.217.7	24	RB	None	2021-03-11 00:00:00	2021-06-09 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=7,DE)
207.154.221.121	24	RW	None	2021-05-15 00:00:00	2021-08-13 00:00:00	None	SQL injection - Web Attacks (IP=121,DE)
207.154.221.187	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=187,DE)
207.154.223.53	32	wmp	None	2021-02-09 00:00:00	2021-05-09 00:00:00	None	Firepower Suspicious Scan Activity (IP=53,DE)
207.154.223.64	24	GM	None	2021-04-16 00:00:00	2021-07-16 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=64,DE)
207.154.226.10	24	EE	None	2021-04-02 00:00:00	2021-07-01 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attack (IP=10,DE)
207.154.227.53	24	GM	None	2020-11-20 00:00:00	2021-02-20 00:00:00	None	Masscan TCP Port Scanner - FireEye CMS (IP=53,DE)
207.154.230.141	24	RW	None	2021-05-15 00:00:00	2021-08-13 00:00:00	None	SQL injection - Web Attacks (IP=141,DE)
207.154.231.88	32	kmw	None	2020-01-02 00:00:00	2021-01-02 00:00:00	None	DE TO-S-2020-0228 Malicious Web Application Activity
207.154.235.4	24	EE	None	2021-03-12 00:00:00	2021-06-10 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=4,DE)
207.154.240.22	24	BMP	None	2021-06-26 00:00:00	2021-09-24 00:00:00	None	SQL injection - 6hr Web Attacks (IP=22,DE)
207.154.240.66	32	wmp	None	2021-02-11 00:00:00	2021-05-11 00:00:00	None	Firepower Suspicious Scan Activity (IP=66,DE)
207.154.245.254	24	CR	None	2021-04-30 00:00:00	2021-07-30 00:00:00	None	HTTP SQL injection_Web Attack Report (IP=254,DE)
207.154.246.132	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=132,DE)
207.154.246.132	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=132,DE)
207.154.246.31	24	RW	None	2021-05-15 00:00:00	2021-08-13 00:00:00	None	SQL injection - Web Attacks (IP=31,DE)
207.154.247.20	24	DT	None	2021-03-22 00:00:00	2021-06-20 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=20,DE)
207.154.251.110	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	DE TO-S-2020-0303 Malicious Email Activity
207.154.254.192	24	DT	None	2021-03-30 00:00:00	2021-06-28 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=192,DE)
207.155.193.229	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=229,US)
207.174.213.126	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	US Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
207.174.214.239	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	US TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
207.174.214.40	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
207.174.215.159	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
207.180.192.120	24	RW	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Sourcefire (IP=120,CN)
207.180.197.36	32	dbc	None	2020-06-10 00:00:00	2021-06-10 00:00:00	None	Unaffiliated TO-S-2020-0601 Malicious Email Activity
207.180.198.80	32	dbc	None	2020-03-24 00:00:00	2021-03-24 00:00:00	None	DE TO-S-2020-0369 Malicious Email Activity
207.180.198.9	32	RW	None	2021-09-21 00:00:00	2021-12-20 00:00:00	None	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - TT# 21C01906 (IP=9,DE)
207.180.203.126	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	DE TO-S-2020-0303 Malicious Email Activity
207.180.203.16	24	RW	None	2021-03-31 00:00:00	2021-06-30 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability - 6hr web attacks (IP=16,DE)
207.180.204.169	32	TLM	None	2021-07-29 00:00:00	2021-10-27 00:00:00	None	HIVE Case #5884 TO-S-2021-1435 (IP=169,DE)
207.180.207.25	32	wmp	None	2020-08-20 00:00:00	2021-10-08 00:00:00	None	HIVE Case #3601 COLS-NA-TIP-20-0260 (IP=25,DE) | updated by dbc Block expiration extended with reason HIVE Case #4064 TO-S-2020-0859 (IP=25,DE)
207.180.210.115	32	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	DE TO-S-2020-0315 Malicious Email Activity
207.180.219.238	24	RW	None	2020-12-27 00:00:00	2021-04-04 00:00:00	None	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt - 6 hr web attacks (IP=238,DE) | updated by BMP Block expiration extended with reason HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr Web Attacks (IP=238,DE)
207.180.220.217	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	DE TO-S-2020-0303 Malicious Web Application Activity
207.180.226.143	32	wmp	None	2020-09-16 00:00:00	2021-10-08 00:00:00	None	HIVE Case #3904 COLS-NA-TIP-20-0292 (IP=143,DE) | updated by dbc Block expiration extended with reason HIVE Case #4064 TO-S-2020-0859 (IP=143,DE)
207.180.227.58	32	dbc	None	2020-09-17 00:00:00	2021-09-17 00:00:00	None	DE TO-S-2020-0805 Malicious Email Activity
207.180.228.101	24	GM	None	2021-03-11 00:00:00	2021-06-11 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=101,DE)
207.180.240.95	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	HIVE Case #Firepower Firepower (IP=95,DE)
207.180.244.196	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=196,DE)
207.180.245.68	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	DE Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
207.180.247.73	24	BB	None	2021-07-05 00:00:00	2021-10-03 00:00:00	None	HTTP: SQL Injection - Exploit II - Web Attacks (IP=73,DE)
207.180.252.156	32	dbc	None	2020-06-10 00:00:00	2021-06-10 00:00:00	None	Unaffiliated TO-S-2020-0601 Malicious Email Activity
207.180.253.170	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	DE TO-S-2020-0298 Malicious Email Activity
207.180.254.168	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	DE Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
207.188.75.25	32	wmp	None	2021-01-27 00:00:00	2021-04-27 00:00:00	None	Firepower Suspicious Scan Activity (IP=25,CA)
207.191.248.0	21	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	LC TO-S-2020-0298 Malicious Email Activity
207.200.24.174	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	US TO-S-2021-1007 Malicious Email Activity
207.201.215.65	32	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	US TO-S-2020-0838 Malicious Email Activity
207.201.218.182	32	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5637 TO-S-2021-1321 (IP=182,US)
207.210.200.146	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
207.210.202.111	32	wmp	None	2020-09-22 00:00:00	2021-10-29 00:00:00	None	HIVE Case #3941 TO-S-2020-0821 COLS-NA-TIP-20-0298 (IP=111,US) | updated by dbc Block expiration extended with reason US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
207.210.202.47	32	wmp	None	2020-09-22 00:00:00	2021-10-21 00:00:00	None	HIVE Case #3941 TO-S-2020-0821 COLS-NA-TIP-20-0298 (IP=47,US) | updated by dbc Block expiration extended with reason US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
207.210.229.252	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
207.211.34.83	32	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	US TO-S-2020-0315 Malicious Email Activity
207.231.65.94	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=94,US)
207.241.224.2	32	dbc	None	2020-06-08 00:00:00	2021-06-08 00:00:00	None	US TO-S-2020-0592 Malware Activity
207.241.228.158	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	US TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
207.243.15.50	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	US TO-S-2020-0298 Malicious Email Activity
207.244.109.182	32	BMP	None	2020-11-17 00:00:00	2021-02-15 00:00:00	None	HTTP SQL Injection Attempt - 6hr Web Attacks (IP=182,US)
207.244.126.150	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
207.244.227.34	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=34,US)
207.244.229.214	32	wmp	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	McAfee IDS Report Suspicious Scan Activity (IP=214,US)
207.244.229.23	32	ZH	None	2021-05-17 00:00:00	2021-08-15 00:00:00	None	SSH User Authentication Brute Force Attempt - 6 hr Failed Logons (IP=23,US)
207.244.244.117	32	DT	None	2021-03-30 00:00:00	2021-06-28 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=117,US)
207.244.253.35	32	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5637 TO-S-2021-1321 (IP=35,US)
207.244.67.139	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	US Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
207.244.67.214	32	wmp	None	2020-09-22 00:00:00	2021-10-21 00:00:00	None	HIVE Case #3941 TO-S-2020-0821 COLS-NA-TIP-20-0298 (IP=214,US) | updated by dbc Block expiration extended with reason US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
207.244.67.215	32	wmp	None	2020-09-25 00:00:00	2021-11-03 00:00:00	None	HIVE Case #3980 COLS-NA-TIP-20-0305 (IP=215,US) | updated by dbc Block expiration extended with reason US Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
207.244.67.218	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
207.244.67.86	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	US TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
207.245.239.118	24	GM	None	2021-01-20 00:00:00	2021-04-21 00:00:00	None	SSH User Authentication Brute Force Attempt - Failed Logons (IP=118,CA)
207.246.240.113	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	US TO-S-2020-0493 Malware Activity
207.246.240.114	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	US TO-S-2020-0493 Malware Activity
207.246.240.115	32	RR	None	2018-09-28 05:00:00	2021-05-07 00:00:00	None	SQL 1 = 1 - possible sql injection attempt (IP=115,US) | updated by dbc Block was inactive. Reactivated on 20200507 with reason US TO-S-2020-0493 Malware Activity
207.246.240.116	32	GLM	None	2018-12-25 06:00:00	2021-05-07 00:00:00	None	SQL union select - possible sql injection attempt - GET parameter (IP=116,US) | updated by dbc Block was inactive. Reactivated on 20200507 with reason US TO-S-2020-0493 Malware Activity
207.246.240.118	32	GM	None	2020-02-10 00:00:00	2021-05-07 00:00:00	None	SQL 1 = 1 - possible sql injection attempt - Web Attacks (IP=118,US) | updated by KF Block expiration extended with reason HTTP: SQL Injection - Exploit II - Web Attacks (IP=118,US) | updated by dbc Block expiration extended with reason US TO-S-2020-0
207.246.240.119	32	GLM	None	2018-10-02 05:00:00	2021-05-07 00:00:00	None	SQL 1 = 1 - possible sql injection attempt (IP=119,US) | updated by GM Block was inactive. Reactivated on 20200208 with reason HTTP: Blind SQL Injection - Timing - Web Attacks (IP=119,US) | updated by dbc Block expiration extended with reason US TO-S-2
207.246.240.120	32	wmp	None	2018-10-05 05:00:00	2021-05-07 00:00:00	None	possible sql injection attempt (IP=120,US) | updated by dbc Block was inactive. Reactivated on 20200507 with reason US TO-S-2020-0493 Malware Activity
207.246.240.121	32	GLM	None	2018-10-03 05:00:00	2021-05-07 00:00:00	None	SQL 1 = 1 - possible sql injection attempt (IP=121,US) | updated by dbc Block was inactive. Reactivated on 20200507 with reason US TO-S-2020-0493 Malware Activity
207.246.240.122	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	US TO-S-2020-0493 Malware Activity
207.246.240.123	32	ALJ	None	2018-09-28 05:00:00	2021-05-07 00:00:00	None	SQL union select - possible sql injection attempt - GET parameter (ip=123,us) | updated by dbc Block was inactive. Reactivated on 20200507 with reason US TO-S-2020-0493 Malware Activity
207.246.240.124	32	RR	None	2018-10-07 05:00:00	2021-05-07 00:00:00	None	SQL 1 = 1 - possible sql injection attempt (IP=124,US) 46.124.117.190/24 ! 20181007 20190105 RR Authentication Failed (IP=190,A | updated by dbc Block was inactive. Reactivated on 20200507 with reason US TO-S-2020-0493 Malware Activity
207.246.240.125	32	GLM	None	2018-10-02 05:00:00	2021-05-07 00:00:00	None	SQL 1 = 1 - possible sql injection attempt (IP=125,US) | updated by dbc Block was inactive. Reactivated on 20200507 with reason US TO-S-2020-0493 Malware Activity
207.248.223.99	24	DT	None	2021-09-01 00:00:00	2021-11-30 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - Web Attacks (IP=99,CL)
207.249.77.188	24	GM	None	2021-03-29 00:00:00	2021-06-29 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=188,MX)
207.251.52.146	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=146,US)
207.38.88.185	32	dbc	None	2020-06-08 00:00:00	2021-06-08 00:00:00	None	US TO-S-2020-0592 Malware Activity
207.45.187.34	32	dbc	None	2020-09-17 00:00:00	2021-09-17 00:00:00	None	US TO-S-2020-0805 Malicious Email Activity
207.46.13.60	32	SW	None	2021-08-11 00:00:00	2021-11-09 00:00:00	None	Self-Report / sql injection attacks - TT# 21C01544 (IP=60,US)
207.46.156.73	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=73,HK)
207.58.128.230	32	wmp	None	2020-09-25 00:00:00	2021-11-03 00:00:00	None	HIVE Case #3980 COLS-NA-TIP-20-0305 (IP=230,US) | updated by dbc Block expiration extended with reason US Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
207.7.80.244	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	US TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
207.70.155.114	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=114,US)
208.100.26.229	32	GLM	None	2016-08-24 05:00:00	2021-02-14 00:00:00	None	Failed FTP login attempt (IP=229,US) | updated by CR with reason OS-WINDOWS Microsoft Windows Terminal server RDP over non-standard port attempt - SourceFire (IP=229,US) | updated by CR with reason OS-WINDOWS Microsoft Windows Terminal server RDP ov
208.103.169.235	32	DT	None	2020-10-06 00:00:00	2021-01-06 00:00:00	None	Unauthorized Access-Probe / UDP: Host Sweep - TT # 21C00048 (IP=235,US)
208.109.175.207	32	dbc	None	2020-05-13 00:00:00	2021-05-13 00:00:00	None	Unaffiliated TO-S-2020-0503 Malicious Email Activity
208.109.192.71	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=71,US)
208.109.53.185	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	US TO-S-2020-0493 Malware Activity
208.109.53.99	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
208.109.76.93	32	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5629 TO-S-2021-1303 (IP=93,US)
208.109.77.173	32	TLM	None	2021-06-17 00:00:00	2021-12-17 00:00:00	None	HIVE Case #5644 TO-S-2021-1352 (IP=173,US)
208.113.171.192	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	US TO-S-2020-0493 Malware Activity
208.113.199.73	32	TLM	None	2021-06-17 00:00:00	2021-12-17 00:00:00	None	HIVE Case #5644 TO-S-2021-1352 (IP=73,US)
208.113.214.124	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
208.113.35.58	24	EE	None	2021-07-14 00:00:00	2021-10-12 00:00:00	None	HIVE Case #5791 IOC_SolarWinds-Serv-U (IP=58,CA)
208.115.211.88	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	US TO-S-2020-0698 Malicious Web Application Activity
208.115.215.202	32	GED	None	2020-12-04 00:00:00	2021-03-04 00:00:00	None	HIVE Case #NA FP CIO Policy (IP=202,US)
208.126.16.110	32	EE	None	2021-02-12 00:00:00	2021-05-12 00:00:00	None	OS-OTHER Bash CGI environment variable injection attempt (1:31978:5) - SourceFire (IP=110,US)
208.126.199.61	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=61,US)
208.138.18.0	24	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	JM TO-S-2021-0989 Hive Case # 4493 Malware Activity
208.168.240.0	21	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	KY TO-S-2020-0298 Malicious Email Activity
208.168.248.0	21	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	KY Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
208.70.12.151	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=151,US)
208.70.248.230	32	EE	None	2021-08-18 00:00:00	2021-11-15 00:00:00	None	HIVE Case #5918 IOC_LOKIBOT (IP=230,US)
208.71.171.202	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
208.71.222.193	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	US TO-S-2020-0303 Malicious Email Activity
208.73.205.62	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	US TO-S-2020-0493 Malware Activity
208.73.210.85	32	TLM	None	2021-06-17 00:00:00	2021-12-17 00:00:00	None	HIVE Case #5644 TO-S-2021-1352 (IP=85,undefined)
208.75.122.1	32	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	US TO-S-2020-0315 Malicious Email Activity
208.75.148.5	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	US TO-S-2020-0331 Malicious Email Activity
208.76.140.143	32	wmp	None	2020-09-25 00:00:00	2021-11-19 00:00:00	None	HIVE Case #3980 COLS-NA-TIP-20-0305 (IP=143,US) | updated by dbc Block expiration extended with reason US TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
208.77.22.211	32	FT	None	2020-10-06 00:00:00	2021-01-06 00:00:00	None	Unauthorized Access-Probe / UDP: Host Sweep - TT# 21C00049 (IP=211,US)
208.82.114.162	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
208.82.185.30	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
208.83.246.203	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=203,US)
208.86.154.224	32	dbc	None	2020-09-01 00:00:00	2021-09-01 00:00:00	None	US HIVE Case #3744 TO-S-2020-0772 Malicious Email Activity
208.87.233.201	24	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=201,GB)
208.87.234.180	24	GLM	None	2021-04-03 00:00:00	2021-07-04 00:00:00	None	Web (HTTP) Attacks (IP=180,GB) | updated by GLM Block expiration extended with reason Web (HTTP) Attacks (IP=180,GB)
208.89.96.71	32	TLM	None	2021-07-29 00:00:00	2021-10-27 00:00:00	None	HIVE Case #5884 TO-S-2021-1435 (IP=71,US)
208.91.197.46	32	NAB	None	2021-03-03 00:00:00	2021-06-01 00:00:00	None	HIVE Case #NA FP Security (IP=46,VG)
208.91.198.131	32	wmp	None	2020-10-26 00:00:00	2021-01-24 00:00:00	None	HIVE Case #4196 COLS-NA-TIP-20-0323 (IP=131,US)
208.91.198.131	32	wmp	None	2020-10-26 00:00:00	2021-01-24 00:00:00	None	HIVE Case #4196 COLS-NA-TIP-20-0323 (IP=131,US)
208.91.199.100	32	NAB	None	2020-10-30 00:00:00	2021-01-28 00:00:00	None	HIVE Case #4238 COLS-NA-TIP-20-0344 (IP=100,US)
208.93.152.10	32	GM	None	2020-12-03 00:00:00	2021-03-03 00:00:00	None	SSLv2 Client Hello Request Detected - FireEye CMS (IP=10,US)
208.93.152.33	32	GM	None	2020-11-20 00:00:00	2021-11-29 00:00:00	None	SSLv2 Client Hello Request Detected - FireEye CMS (IP=33,US) | updated by KH Block was inactive. Reactivated on 20210831 with reason SSLv2 Client Hello Request Detected - FE IPS (IP=33,US) SSLv2 Client Hello Request Detected - FE IPS (IP=33,US)
208.93.152.33	32	KH	None	2021-08-31 00:00:00	2021-11-29 00:00:00	None	SSLv2 Client Hello Request Detected - FireEye CMS (IP=33,US) | updated by KH Block was inactive. Reactivated on 20210831 with reason SSLv2 Client Hello Request Detected - FE IPS (IP=33,US) SSLv2 Client Hello Request Detected - FE IPS (IP=33,US)
208.97.151.108	32	TLM	None	2021-06-17 00:00:00	2021-12-17 00:00:00	None	HIVE Case #5644 TO-S-2021-1352 (IP=108,US)
208.97.188.13	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	US TO-S-2020-0493 Malware Activity
208.97.188.181	32	wmp	None	2020-09-22 00:00:00	2021-10-29 00:00:00	None	HIVE Case #3941 TO-S-2020-0821 COLS-NA-TIP-20-0298 (IP=181,US) | updated by dbc Block expiration extended with reason US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
2082532591.scootmobiel-cursus.nl	---	TLM	None	2021-06-15 00:00:00	2021-09-13 00:00:00	2023-01-19 22:57:28	HIVE Case #5605 TO-S-2021-1338
209.10.98.125	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=125,US)
209.105.243.246	32	BMP	None	2020-03-04 00:00:00	2021-12-18 00:00:00	None	SERVER-WEBAPP Blueimp jQuery File Upload arbitrary PHP file upload attempt - SourceFire (IP=146,US) | updated by dbc Block was inactive. Reactivated on 20201218 with reason US TO-S-2021-1007 Malware Activity
209.107.204.70	32	ZH	None	2021-07-24 00:00:00	2021-10-22 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - 6hr Web Attacks (IP=70,US)
209.107.204.88	32	RB	None	2021-05-02 00:00:00	2021-07-31 00:00:00	None	SQL injection - 6hr web attacks (IP=88,US)
209.11.168.92	32	GM	None	2020-10-31 00:00:00	2021-01-31 00:00:00	None	SSLv2 Client Hello Request Detected - FireEye CMS (IP=92,US)
209.11.168.95	32	GM	None	2020-11-03 00:00:00	2021-02-03 00:00:00	None	SSLv2 Client Hello Request Detected - FireEye CMS (IP=95,US)
209.11.168.96	32	GM	None	2020-11-21 00:00:00	2021-02-21 00:00:00	None	SSLv2 Client Hello Request Detected - FireEye CMS (IP=96,US)
209.112.204.222	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=222,US)
209.123.88.38	32	FT	None	2021-03-27 00:00:00	2021-06-25 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=38,US)
209.124.80.247	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	US TO-S-2020-0698 Malicious Email Activity
209.124.88.123	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	US TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
209.126.10.25	32	TLM	None	2021-06-17 00:00:00	2021-12-17 00:00:00	None	HIVE Case #5644 TO-S-2021-1352 (IP=25,US)
209.126.10.98	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	US TO-S-2021-1007 Malicious Email Activity
209.126.102.171	32	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5629 TO-S-2021-1303 (IP=171,US)
209.126.103.102	32	klb	None	2016-08-14 05:00:00	2021-10-08 00:00:00	None	ET SCAN Sipvicious User-Agent Detected (friendly-scanner) (IP=102 US) | updated by dbc Block was inactive. Reactivated on 20201008 with reason HIVE Case #4064 TO-S-2020-0859 (IP=102,US)
209.126.106.240	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
209.126.11.246	32	GM	None	2020-10-08 00:00:00	2021-01-08 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=246,US)
209.126.123.11	32	dbc	None	2020-09-23 00:00:00	2021-09-23 00:00:00	None	US TO-S-2020-0826 Hive Case 3950 Malicious Email Activity
209.126.127.5	32	GLM	None	2017-01-07 06:00:00	2021-08-24 00:00:00	None	ET SCAN Sipvicious User-Agent Detected (friendly-scanner) (IP=5,US) | updated by dbc Block was inactive. Reactivated on 20200824 with reason US TO-S-2020-0750 Malicious Email Activity
209.126.148.164	32	NAB	None	2021-03-04 00:00:00	2021-06-02 00:00:00	None	HIVE Case #NA FP Security (IP=164,US)
209.126.17.30	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
209.126.230.74	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	US TO-S-2020-0298 Malicious Email Activity
209.126.6.222	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malware Activity
209.126.7.201	32	TLM	None	2021-07-29 00:00:00	2021-10-27 00:00:00	None	HIVE Case #5884 TO-S-2021-1435 (IP=201,US)
209.126.7.27	32	RW	None	2021-04-28 00:00:00	2021-08-30 00:00:00	None	SQL injection - Web attacks (IP=27,US) | updated by RW Block expiration extended with reason HTTP SQL Injection Attempt - Web Attacks (IP=27,US)
209.126.80.66	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=66,US)
209.126.82.86	32	CR	None	2021-05-18 00:00:00	2021-08-16 00:00:00	None	SSLv2 Client Hello Request Detected - IPS Events (IP=86,US)
209.126.82.89	32	CR	None	2021-05-18 00:00:00	2021-08-16 00:00:00	None	SSLv2 Client Hello Request Detected - IPS Events (IP=89,US)
209.127.17.234	32	RB	None	2021-03-09 00:00:00	2021-06-07 00:00:00	None	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - IR# 21C00566 (IP=234,CA)
209.127.234.72	32	TLM	None	2021-07-29 00:00:00	2021-10-27 00:00:00	None	HIVE Case #5884 TO-S-2021-1435 (IP=72,US)
209.132.252.4	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=4,US)
209.133.205.218	32	NAB	None	2021-04-05 00:00:00	2021-07-04 00:00:00	None	HIVE Case #5201 TO-S-21-1209 (IP=218,US)
209.133.217.143	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
209.134.25.150	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
209.14.30.163	32	srm	None	2021-03-30 00:00:00	2021-06-30 00:00:00	None	Firepower Suspicious Scan Activity (IP=163,BR)
209.14.30.198	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=198,BR)
209.14.30.24	32	srm	None	2021-03-30 00:00:00	2021-06-30 00:00:00	None	Firepower Suspicious Scan Activity (IP=24,BR)
209.14.30.33	32	srm	None	2021-03-30 00:00:00	2021-06-30 00:00:00	None	Firepower Suspicious Scan Activity (IP=33,BR)
209.14.30.69	32	srm	None	2021-03-30 00:00:00	2021-06-30 00:00:00	None	Firepower Suspicious Scan Activity (IP=69,BR)
209.14.31.155	24	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks,Command Injection (IP=155,BR)
209.14.31.193	32	srm	None	2021-03-30 00:00:00	2021-06-30 00:00:00	None	Firepower Suspicious Scan Activity (IP=193,BR)
209.14.31.66	32	srm	None	2021-03-30 00:00:00	2021-06-30 00:00:00	None	Firepower Suspicious Scan Activity (IP=66,BR)
209.14.31.89	32	srm	None	2021-03-30 00:00:00	2021-06-30 00:00:00	None	Firepower Suspicious Scan Activity (IP=89,BR)
209.141.32.85	32	SW	None	2021-06-11 00:00:00	2021-09-09 00:00:00	None	Attempted Access - Inbound Brute Force - TT# 21C01289 (IP=85,US)
209.141.33.206	32	BB	None	2021-06-21 00:00:00	2021-09-19 00:00:00	None	Attempted Access - Inbound Brute Force / SSH: SSH Login - TT# 21C01291 (IP= 206, US)
209.141.33.215	32	GM	None	2020-11-05 00:00:00	2021-02-05 00:00:00	None	ZmEu phpMyAdmin Vulnerability Scanner - FireEye CMS (IP=215,US)
209.141.33.74	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	MULTIPLE UNRECOGNIZED TECHNIQUES; FORWARD TO DEV TEAM (IP=74,US)
209.141.35.110	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	US TO-S-2020-0331 Malware Activity
209.141.36.20	32	DT	None	2021-07-22 00:00:00	2021-10-20 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt (1:28556:3) - Source Fire (IP=20,US)
209.141.37.184	32	WR	None	2021-05-27 00:00:00	2021-08-25 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (1:42857:3) - SourceFire (IP=184,US)
209.141.38.86	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	US TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
209.141.41.134	32	BMP	None	2020-12-05 00:00:00	2021-03-05 00:00:00	None	SSH User Authentication Brute Force Attempt - 6hr Failed Logons (IP=134,US)
209.141.42.102	32	ZH	None	2021-06-07 00:00:00	2021-09-07 00:00:00	None	Attempted Access - Inbound Brute Force - TT# 21C01268 (IP=102,US)
209.141.43.226	32	RW	None	2020-11-09 00:00:00	2021-02-09 00:00:00	None	ZmEu phpMyAdmin Vulnerability Scanner - Fireeye IPS (IP=226,US)
209.141.43.56	32	wmp	None	2021-03-11 00:00:00	2021-06-11 00:00:00	None	Firepower Suspicious Scan Activity (IP=56,US)
209.141.45.212	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
209.141.46.206	32	wmp	None	2021-03-05 00:00:00	2021-06-05 00:00:00	None	Firepower Suspicious Scan Activity (IP=206,US)
209.141.47.237	32	PS	None	2021-06-03 00:00:00	2021-09-01 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt - SourceFire (1:28556:3) (IP=237,US)
209.141.47.35	32	wmp	None	2021-05-13 00:00:00	2021-08-13 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=35,US)
209.141.48.242	32	RW	None	2020-12-15 00:00:00	2021-03-15 00:00:00	None	ZmEu phpMyAdmin Vulnerability Scanner - Fireeye IPS (IP=242,US)
209.141.50.225	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
209.141.51.176	32	JKC	None	2021-08-27 00:00:00	2021-11-25 00:00:00	None	HIVE Case #NA PA web attacks (IP=176,US)
209.141.51.195	32	FT	None	2021-04-08 00:00:00	2021-07-07 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt (1:28556:3) - Sourcefire (IP=195,US)
209.141.51.242	32	wmp	None	2021-04-29 00:00:00	2021-07-29 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=242,US)
209.141.52.132	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	US TO-S-2020-0750 Malicious Email Activity
209.141.52.208	32	RB	None	2021-02-24 00:00:00	2021-05-25 00:00:00	None	Unauthorized Access-Probe / UDP: Host Sweep - TT# 21C00528 (IP=208,US)
209.141.54.221	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malware Activity
209.141.55.11	32	ZH	None	2021-06-27 00:00:00	2021-09-25 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt (1:28556:3) - Sourcefire Rpt (IP=11,US)
209.141.55.179	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	US TO-S-2021-1007 Malware Activity
209.141.55.65	32	WR	None	2021-05-27 00:00:00	2021-08-25 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (1:42857:3) - SourceFire (IP=65,US)
209.141.57.91	32	SW	None	2021-06-09 00:00:00	2021-09-07 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt (1:28556:3) - Source Fire (IP=91,US)
209.141.58.145	32	RT	None	2021-05-27 00:00:00	2021-08-25 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt - Sourcefire Report (IP=145,US)
209.141.58.232	24	RW	None	2021-01-28 00:00:00	2021-04-28 00:00:00	None	ZmEu phpMyAdmin Vulnerability Scanner - Fireeye IPS (IP=232,US)
209.141.58.77	32	DT	None	2021-06-24 00:00:00	2021-09-22 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt (1:28556:3) - Source Fire (IP=77,US)
209.141.60.195	32	wmp	None	2021-01-19 00:00:00	2021-04-19 00:00:00	None	Suspicious Scan Activity (IP=195,US)
209.141.60.208	32	DT	None	2021-09-20 00:00:00	2021-12-19 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt (1:28556:3) - Source Fire (IP=208,US)
209.141.60.226	32	RR	None	2021-02-10 00:00:00	2021-05-11 00:00:00	None	Unauthorized Access-Probe/UDP: Host Sweep - IR# 21C00484 (IP=226,US)
209.141.61.146	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=146,US)
209.141.61.16	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	TCP: SYN Port Scan (IP=16,US)
209.141.62.184	32	GM	None	2021-03-09 00:00:00	2021-06-07 00:00:00	None	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00609 (IP=184,US)
209.141.62.237	32	RW	None	2021-06-01 00:00:00	2021-08-30 00:00:00	None	Attempted Access - Inbound Brute Force / SSH: SSH Login Bruteforce Detected - TT# 21C01240 (IP=237,US)
209.142.173.2	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=2,US)
209.145.55.127	32	KH	None	2021-07-19 00:00:00	2021-10-17 00:00:00	None	Masscan TCP Port Scanner - FE IPS (IP=127,US)
209.145.55.241	32	EE	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=241,US)
209.145.60.197	32	KD	None	2021-05-28 00:00:00	2021-08-27 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=197,US)
209.146.24.133	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	PH TO-S-2020-0298 Malicious Email Activity
209.151.194.144	32	wmp	None	2020-08-20 00:00:00	2021-10-08 00:00:00	None	HIVE Case #3601 COLS-NA-TIP-20-0260 (IP=144,US) | updated by dbc Block expiration extended with reason HIVE Case #4064 TO-S-2020-0859 (IP=144,US)
209.151.194.242	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
209.159.155.2	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	US TO-S-2020-0331 Malicious Email Activity
209.159.157.74	32	dbc	None	2020-06-08 00:00:00	2021-06-08 00:00:00	None	Unafiliated TO-S-2020-0592 Malicious Email Activity
209.159.158.234	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	US TO-S-2020-0303 Malicious Web Application Activity
209.160.107.116	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	US TO-S-2021-1007 Malware Activity
209.177.95.62	32	dbc	None	2020-06-08 00:00:00	2021-06-08 00:00:00	None	US TO-S-2020-0592 Malware Activity
209.182.193.47	32	NAB	None	2020-10-30 00:00:00	2021-01-28 00:00:00	None	HIVE Case #4238 COLS-NA-TIP-20-0344 (IP=47,US)
209.182.195.173	32	dbc	None	2020-03-24 00:00:00	2021-03-24 00:00:00	None	US TO-S-2020-0369 Malicious Email Activity
209.182.198.103	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	US TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
209.182.198.65	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
209.182.204.55	32	dbc	None	2020-04-08 00:00:00	2021-04-08 00:00:00	None	US TO-S-2020-0419 Malicious Email Activity
209.182.205.234	32	wmp	None	2020-08-25 00:00:00	2021-10-08 00:00:00	None	HIVE Case #3649 COLS-NA-TIP-20-0268 (IP=234,US) | updated by wmp Block expiration extended with reason HIVE Case #3723 COLS-NA-TIP-20-0275 (IP=234,US) | updated by dbc Block expiration extended with reason HIVE Case #4064 TO-S-2020-0859 (IP=234,US)
209.182.213.43	32	NAB	None	2020-10-30 00:00:00	2021-01-28 00:00:00	None	HIVE Case #4238 COLS-NA-TIP-20-0344 (IP=43,US)
209.182.232.126	32	GM	None	2021-01-11 00:00:00	2021-04-11 00:00:00	None	SQL HTTP URI blind injection attempt - Sourcefire (IP=126,US)
209.182.232.44	32	EE	None	2021-02-27 00:00:00	2021-05-27 00:00:00	None	SERVER-WEBAPP LifeRay arbitrary Java object deserialization attempt - 6hr Web Attack (IP=44,US)
209.190.5.205	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
209.191.188.56	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
209.193.11.110	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=110,US)
209.193.11.138	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=138,US)
209.193.11.78	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=78,US)
209.201.5.158	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=158,US)
209.205.200.218	32	dbc	None	2020-06-10 00:00:00	2021-06-10 00:00:00	None	Unaffiliated TO-S-2020-0601 Malicious Email Activity
209.205.201.162	32	KF	None	2019-01-25 00:00:00	2021-04-23 00:00:00	None	Generic ArcSight scan attempt (IP=162,US) | updated by dbc Block was inactive. Reactivated on 20200423 with reason US TO-S-2020-0459 Malware Activity
209.205.209.130	32	YM	None	2018-06-08 05:00:00	2021-05-07 00:00:00	None	SQL 1 = 1 - possible sql injection attempt (IP=130,US) | updated by dbc Block was inactive. Reactivated on 20200507 with reason US TO-S-2020-0493 Malware Activity
209.205.211.242	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=242,US)
209.205.218.178	32	BMP	None	2021-09-22 00:00:00	2021-12-21 00:00:00	None	FIREEYE Web: Riskware - Hive Case 6230 (IP=178,US)
209.217.224.187	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
209.236.118.251	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	US TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
209.236.123.42	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malware Activity
209.237.150.20	32	GLM	None	2017-06-23 05:00:00	2021-12-17 00:00:00	None	FILE-PDF Multiple products incomplete JP2K image geometry potentially malicious PDF detected (IP=20,US) | updated by TLM Block was inactive. Reactivated on 20210617 with reason HIVE Case #5644 TO-S-2021-1352 (IP=20,US)
209.237.152.12	32	dbc	None	2020-06-10 00:00:00	2021-06-10 00:00:00	None	Unaffiliated TO-S-2020-0601 Malicious Email Activity
209.250.225.52	32	wmp	None	2020-08-26 00:00:00	2021-10-08 00:00:00	None	HIVE Case #3650 COLS-NA-TIP-20-0271 (IP=52,GB) | updated by dbc Block expiration extended with reason HIVE Case #4064 TO-S-2020-0859 (IP=52,GB)
209.250.231.224	24	BMP	None	2021-06-01 00:00:00	2021-08-30 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=224,GB)
209.40.192.188	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	US TO-S-2020-0698 Malicious Web Application Activity
209.42.194.253	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	NL TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
209.50.62.36	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	US TO-S-2021-1007 Malware Activity
209.54.126.32	32	DT	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=32,US)
209.58.142.159	32	RW	None	2020-11-19 00:00:00	2021-02-19 00:00:00	None	Nuclei Vulnerability Scanner - Fireeye IPS (IP=159,US)
209.58.142.232	32	DT	None	2021-06-21 00:00:00	2021-09-19 00:00:00	None	SERVER-WEBAPP Ulterius web server directory traversal attempt - Web Attacks (IP=232,US)
209.58.142.234	32	RB	None	2021-06-19 00:00:00	2021-09-17 00:00:00	None	SQL injection - 6hr web attacks (IP=234,US)
209.58.144.210	32	GM	None	2020-11-20 00:00:00	2021-02-20 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=210,US)
209.58.167.82	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	SG TO-S-2020-0298 Malware Activity
209.59.135.26	32	wmp	None	2020-07-30 00:00:00	2021-08-24 00:00:00	None	HIVE Case #3433 COLS-NA-TIP-20-0238 (IP=26,US) | updated by dbc Block expiration extended with reason US TO-S-2020-0750 Malicious Email Activity
209.59.138.165	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	US TO-S-2020-0698 Malicious Email Activity
209.59.154.26	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
209.59.154.88	32	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	US TO-S-2020-0838 Malicious Email Activity
209.59.156.144	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
209.59.170.72	32	wmp	None	2020-09-22 00:00:00	2021-10-29 00:00:00	None	HIVE Case #3941 TO-S-2020-0821 COLS-NA-TIP-20-0298 (IP=72,US) | updated by dbc Block expiration extended with reason US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
209.59.180.22	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	US TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
209.59.186.42	32	NAB	None	2021-04-05 00:00:00	2021-07-04 00:00:00	None	HIVE Case #5201 TO-S-21-1209 (IP=42,US)
209.59.191.142	32	dbc	None	2020-06-08 00:00:00	2021-06-08 00:00:00	None	Unafiliated TO-S-2020-0592 Malicious Email Activity
209.59.202.31	32	wmp	None	2020-09-03 00:00:00	2021-11-03 00:00:00	None	HIVE Case #3770 TO-S-2020-0779 COLS-NA-TIP-20-0280 (IP=31,US) | updated by dbc Block expiration extended with reason US Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
209.62.218.42	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=42,US)
209.73.190.12	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Web Application Activity
209.85.146.95	32	wmp	None	2020-06-23 00:00:00	2021-08-24 00:00:00	None	HIVE Case #3072 COLS-NA-TIP-20-0190 (IP=95,US) | updated by wmp Block expiration extended with reason HIVE Case #3255 TO-S-2020-0661 COLS-NA-TIP-20-0207 (IP=95,US) | updated by wmp Block expiration extended with reason HIVE Case #3374 COLS-NA-TIP-20-0
209.95.34.77	32	GM	None	2020-10-25 00:00:00	2021-01-25 00:00:00	None	SERVER-WEBAPP Wordpress File Manager plugin elFinder remote code execution attempt - Sourcefire (IP=77,US)
209.95.48.105	32	TLM	None	2021-06-17 00:00:00	2021-12-17 00:00:00	None	HIVE Case #5644 TO-S-2021-1352 (IP=105,US)
209.97.136.90	24	RW	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Sourcefire (IP=26,CN)
209.97.139.26	24	DT	None	2021-03-30 00:00:00	2021-06-28 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=26,GB)
209.97.153.50	32	wmp	None	2021-03-09 00:00:00	2021-06-09 00:00:00	None	FireEye IPS Nuclei Vulnerability Scanner (IP=50,US)
209.97.153.75	32	SW	None	2021-06-17 00:00:00	2021-09-15 00:00:00	None	SQL injection - Web Attacks (IP=75,US)
209.97.155.58	32	CR	None	2021-05-19 00:00:00	2021-08-17 00:00:00	None	Self Report / Scanning Historical blast - 21C01192 (IP=58,US)
209.97.158.113	32	BMP	None	2021-05-12 00:00:00	2021-08-10 00:00:00	None	SQL injection - 6hr Web Attacks (IP=113,US)
209.97.161.119	24	ZH	None	2021-07-05 00:00:00	2021-10-03 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - Sourcefire Rpt (IP=119,SG)
209.97.162.101	24	AR	None	2021-07-08 00:00:00	2021-10-06 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6 HR WEB ATTACK (IP=101,SG)
209.97.165.230	32	CR	None	2021-05-06 00:00:00	2021-08-06 00:00:00	None	167.99.120.171 - Sourcefire (IP=230,US)
209.97.167.45	24	GM	None	2021-03-24 00:00:00	2021-06-24 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=45,SG)
209.97.172.97	24	GM	None	2020-11-03 00:00:00	2021-02-03 00:00:00	None	OpenSSL TLSv1.2 Heartbeat (Heartbleed) Information Leak Vulnerability - FireEye CMS (IP=97,SG)
209.97.174.27	32	srm	None	2021-04-27 00:00:00	2021-07-26 00:00:00	None	Firepower Suspicious Scan Activity (IP=27,SG)
209.97.182.201	24	BMP	None	2021-05-08 00:00:00	2021-08-14 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=201,GB) | updated by RB Block expiration extended with reason HTTP: PHPUnit Remote Code Execution Vulnerability - 6hr web attacks (IP=201,GB) HTTP: PHPUnit Remote Code Execution Vulnerabil
209.97.182.201	24	RB	None	2021-05-14 00:00:00	2021-08-14 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=201,GB) | updated by RB Block expiration extended with reason HTTP: PHPUnit Remote Code Execution Vulnerability - 6hr web attacks (IP=201,GB) HTTP: PHPUnit Remote Code Execution Vulnerabil
209.97.187.40	24	UA	None	2021-08-15 00:00:00	2021-11-13 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire (IP=40,GB)
209.97.188.132	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	GB TO-S-2020-0298 Malicious Email Activity
209.97.188.177	24	RR	None	2021-03-30 00:00:00	2021-06-28 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt -SourceFire (IP=177,GB)
209.97.188.177	24	RB	None	2021-03-30 00:00:00	2021-06-28 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr web attacks (IP=177,GB)
209.99.16.119	32	wmp	None	2020-08-20 00:00:00	2021-12-16 00:00:00	None	HIVE Case #3601 COLS-NA-TIP-20-0260 (IP=119,US) | updated by TLM Block was inactive. Reactivated on 20210616 with reason HIVE Case #5637 TO-S-2021-1321 (IP=119,US)
209.99.16.16	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	US TO-S-2020-0698 Malicious Email Activity
209.99.16.217	32	NAB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HIVE Case #5136 TO-S-21-1197 TO-S-21-1197.01 (IP=217,US)
209.99.196.170	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	US TO-S-2020-0303 Malicious Web Application Activity
209.99.64.51	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	US TO-S-2021-0949 Hive Case 4363 Malicious Email Activity
210.1.56.0	22	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,TH)
210.114.19.73	24	EE	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=73,KR)
210.114.22.67	24	RB	None	2021-03-24 00:00:00	2021-06-22 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - 6hr web attacks (IP=67 KR)
210.116.50.211	24	GM	None	2021-04-02 00:00:00	2021-07-02 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=211,KR)
210.13.110.60	24	CR	None	2021-05-11 00:00:00	2021-08-17 00:00:00	None	SERVER-WEBAPP Zeroshell Linux Router command injection attempt_Sourcefire (IP=60,CN) | updated by RR Block expiration extended with reason SERVER-WEBAPP Zeroshell Linux Router command injection attempt - Web Attacks (IP=60,CN) SERVER-WEBAPP Zeroshell L
210.13.110.60	24	RR	None	2021-05-19 00:00:00	2021-08-17 00:00:00	None	SERVER-WEBAPP Zeroshell Linux Router command injection attempt_Sourcefire (IP=60,CN) | updated by RR Block expiration extended with reason SERVER-WEBAPP Zeroshell Linux Router command injection attempt - Web Attacks (IP=60,CN) SERVER-WEBAPP Zeroshell L
210.13.110.61	24	CR	None	2021-05-11 00:00:00	2021-08-11 00:00:00	None	SERVER-WEBAPP Zeroshell Linux Router command injection attempt_Sourcefire (IP=61,CN)
210.13.247.185	32	BMP	None	2020-06-05 00:00:00	2021-01-11 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C03067 (IP=185,CN) | updated by BMP Block was inactive. Reactivated on 20201011 with reason HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-1675
210.13.247.185	32	BMP	None	2020-06-05 00:00:00	2021-01-11 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C03067 (IP=185,CN) | updated by BMP Block was inactive. Reactivated on 20201011 with reason HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-1675
210.13.47.168	24	RB	None	2021-03-11 00:00:00	2021-06-09 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=168,CN)
210.13.67.42	32	srm	None	2021-03-30 00:00:00	2021-06-30 00:00:00	None	Firepower Suspicious Scan Activity (IP=42,CN)
210.131.150.111	32	dbc	None	2020-01-08 00:00:00	2021-01-08 00:00:00	None	JP TO-S-2020-0236 Malicious Email Activity
210.140.82.233	24	EE	None	2021-03-28 00:00:00	2021-06-26 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=233,JP)
210.16.120.180	32	wmp	None	2021-05-07 00:00:00	2021-08-07 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=180,SG)
210.16.121.54	32	TLM	None	2021-07-29 00:00:00	2021-10-27 00:00:00	None	HIVE Case #5884 TO-S-2021-1435 (IP=54,SG)
210.16.180.0	24	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	CN Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
210.16.188.0	23	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,CN)
210.184.64.0	19	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	HK TO-S-2020-0698 Malicious Email Activity
210.186.25.236	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	MY Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
210.187.243.88	32	dbc	None	2020-03-24 00:00:00	2021-03-24 00:00:00	None	MY TO-S-2020-0369 Malicious Email Activity
210.190.168.90	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	JP TO-S-2020-0459 Malware Activity
210.195.189.87	24	FT	None	2021-01-24 00:00:00	2021-04-24 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6hr Failed Logons (IP=87,MY)
210.195.43.239	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	MY TO-S-2020-0331 Malware Activity
210.204.22.39	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	KR TO-S-2020-0331 Malware Activity
210.204.226.76	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	KR TO-S-2020-0331 Malware Activity
210.209.180.37	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	TW TO-S-2021-0989 Hive Case # 4493 Unknown Malicious Activity
210.210.116.0	24	TLM	None	2021-06-17 00:00:00	2021-12-17 00:00:00	None	HIVE Case #5644 TO-S-2021-1352 (IP=0,IN)
210.211.117.109	24	BMP	None	2021-03-27 00:00:00	2021-06-25 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - 6hr Web Attacks (IP=109,VN)
210.216.153.142	32	srm	None	2021-01-29 00:00:00	2021-04-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=142,KR)
210.217.32.25	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=25,KR)
210.222.25.166	32	srm	None	2021-01-29 00:00:00	2021-04-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=166,KR)
210.245.126.37	32	srm	None	2021-02-02 00:00:00	2021-05-03 00:00:00	None	Firepwer Suspicious Scan Activity (IP=37,VN)
210.245.87.140	24	BMP	None	2021-04-21 00:00:00	2021-07-20 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks IP=140,VN
210.245.89.247	24	CR	None	2020-12-29 00:00:00	2021-03-29 00:00:00	None	Masscan TCP Port Scanner - IPS Events (IP=247,TW)
210.26.80.0	20	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	CN TO-S-2020-0331 Malicious Web Application Activity
210.3.125.162	24	RW	None	2020-12-21 00:00:00	2021-03-21 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - 6hr web attacks (IP=162,HK)
210.4.100.178	32	TLM	None	2021-06-10 00:00:00	2021-12-10 00:00:00	None	HIVE CASE #5606 TO-S-2021-1338
210.4.109.6	32	TLM	None	2021-06-10 00:00:00	2021-12-10 00:00:00	None	HIVE CASE #5606 TO-S-2021-1338
210.4.114.98	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	PH TO-S-2020-0459 Malware Activity
210.4.64.0	20	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	BD TO-S-2020-0298 Malicious Email Activity
210.5.40.0	21	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	MY TO-S-2020-0331 Malicious Email Activity
210.56.15.27	24	AR	None	2021-07-28 00:00:00	2021-10-26 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6Hr Failed Logons (IP=27,PK)
210.56.56.27	24	FT	None	2020-10-24 00:00:00	2021-01-24 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr Web Attacks (IP=27,HK)
210.65.11.24	24	RR	None	2020-10-14 00:00:00	2021-01-12 00:00:00	None	SERVER-WEBAPP vBulletin pre-authenticated command injection attempt - Web Attacks (IP=24,TW)
210.65.88.218	24	CR	None	2021-05-30 00:00:00	2021-08-28 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability - Web Attacks (IP=218,TW)
210.66.64.53	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	TW TO-S-2020-0303 Malicious Email Activity
210.7.0.0	19	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	FJ Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
210.75.240.132	24	RB	None	2021-03-24 00:00:00	2021-06-22 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability- 6hr web attack (IP=132,CN)
210.89.64.0	19	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	HK TO-S-2021-0876 Hive Case 4166 Malware Activity
210.92.18.180	32	AR	None	2021-05-27 00:00:00	2021-11-23 00:00:00	None	TO-S-2021-1286 - TO-S-2021-1286 (IP=180,US)
211.106.252.92	24	BMP	None	2021-06-03 00:00:00	2021-09-04 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=92,KO) | updated by KD Block expiration extended with reason HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841)- Web Attacks (IP=92,KR) HTTP: PHPUnit Re
211.106.252.92	24	KD	None	2021-06-03 00:00:00	2021-09-04 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=92,KO) | updated by KD Block expiration extended with reason HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841)- Web Attacks (IP=92,KR) HTTP: PHPUnit Re
211.106.252.92	24	BMP	None	2021-06-03 00:00:00	2021-09-01 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=92,KO)
211.106.252.92	24	KD	None	2021-06-03 00:00:00	2021-09-04 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841)- Web Attacks (IP=92,KR)
211.112.69.161	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	KR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
211.115.212.73	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	KR TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
211.115.91.189	24	GM	None	2021-04-02 00:00:00	2021-07-02 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=189,KR)
211.118.101.131	32	wmp	None	2021-01-28 00:00:00	2021-04-28 00:00:00	None	Imperva Suspicious Scan Activity (IP=131,KR)
211.120.68.253	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	JP TO-S-2020-0303 Malicious Email Activity
211.137.10.125	24	DT	None	2021-01-28 00:00:00	2021-04-28 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 12hr SSH SCAN (IP=125,FR)
211.137.10.125	24	DT	None	2021-01-28 00:00:00	2021-04-28 00:00:00	None	SSH User Authentication Brute Force Attempt - 6hr Failed Logons (IP=125,CN)
211.141.32.89	24	GM	None	2020-11-28 00:00:00	2021-02-28 00:00:00	None	Generic URI Injection wget Attempt - FireEye CMS (IP=89,CN)
211.149.149.42	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=42,CN)
211.149.154.92	24	BMP	None	2021-04-28 00:00:00	2021-07-27 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=92,CN)
211.149.237.148	24	RB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Sourcefire (IP=148,CN)
211.149.237.148	24	BMP	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt (1:48837:6) - SourceFire (IP=148,CN)
211.159.152.88	24	RR	None	2020-11-21 00:00:00	2021-02-19 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=88,CN)
211.159.169.232	24	RB	None	2021-05-22 00:00:00	2021-08-20 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=232,CN) | updated by RB Block expiration extended with reason HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=232,CN) HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web at
211.159.169.232	24	BMP	None	2021-05-10 00:00:00	2021-08-20 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=232,CN) | updated by RB Block expiration extended with reason HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=232,CN) HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web at
211.171.12.211	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	KR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
211.178.250.167	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	KR TO-S-2020-0331 Malicious Web Application Activity
211.193.188.155	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	KR TO-S-2020-0303 Malicious Email Activity
211.195.114.140	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	KR TO-S-2020-0331 Malicious Web Application Activity
211.204.244.88	24	EE	None	2021-01-10 00:00:00	2021-04-10 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt (1:37078:4) - SourceFire (IP=88,KR)
211.208.91.249	24	EE	None	2021-04-15 00:00:00	2021-07-14 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt (1:19559:13) Sourcefire (IP=249,KR)
211.213.14.185	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	KR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
211.223.178.217	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	KR TO-S-2020-0331 Malicious Web Application Activity
211.228.97.29	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	KR TO-S-2020-0331 Malicious Web Application Activity
211.23.211.65	24	KH	None	2021-08-09 00:00:00	2021-11-07 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt (1:19559:13) - Sourcefire (IP=65,TW)
211.23.45.27	32	wmp	None	2021-04-19 00:00:00	2021-07-19 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=27,TW)
211.237.6.142	24	KD	None	2021-08-10 00:00:00	2021-11-08 00:00:00	None	BROWSER-IE Microsoft Internet Explorer Typed Array use after free attempt - SourceFire (IP=142,KR)
211.253.25.235	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=235,KR)
211.255.177.237	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	KR TO-S-2020-0303 Malicious Email Activity
211.34.170.207	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	KR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
211.36.141.163	24	EE	None	2021-04-22 00:00:00	2021-07-21 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt Failed Logon (IP=163,KR)
211.36.150.153	32	wmp	None	2021-05-07 00:00:00	2021-08-07 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=153,KR)
211.36.150.37	32	wmp	None	2021-06-02 00:00:00	2021-09-02 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=37,KR)
211.40.129.246	24	RR	None	2021-05-19 00:00:00	2021-09-03 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=246,KR) | updated by RR Block expiration extended with reason HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=246,KR) HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=24
211.40.129.246	24	RR	None	2021-05-24 00:00:00	2021-09-03 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=246,KR) | updated by RR Block expiration extended with reason HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=246,KR) HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=24
211.40.129.246	24	EE	None	2021-03-27 00:00:00	2021-09-03 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=246,KR) | updated by RR Block expiration extended with reason HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=246,KR) HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=24
211.40.129.246	24	RR	None	2021-06-05 00:00:00	2021-09-03 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=246,KR) | updated by RR Block expiration extended with reason HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=246,KR) HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=24
211.44.183.189	32	NAB	None	2021-05-04 00:00:00	2021-11-04 00:00:00	None	HIVE Case #5344 TO-S-21-1245 (IP=189,KR)
211.46.46.32	24	BMP	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=32,KR)
211.48.189.31	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	KR TO-S-2020-0303 Malicious Email Activity
211.49.242.69	24	GM	None	2020-12-27 00:00:00	2021-03-27 00:00:00	None	Generic URI Injection wget Attempt - FireEye CMS (IP=69,KR)
211.50.233.130	24	ZH	None	2021-06-09 00:00:00	2021-09-07 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - 6hr web attacks (IP=130,KR)
211.51.62.226	24	DT	None	2021-03-13 00:00:00	2021-08-15 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=226,KR) | updated by RB Block expiration extended with reason SERVER-WEBAPP PHPUnit PHP remote code execution attempt - 6hr web attacks (IP=226,KR) SERVER-WEBAPP PHPUnit PHP remote code execut
211.51.62.226	24	RB	None	2021-05-17 00:00:00	2021-08-15 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=226,KR) | updated by RB Block expiration extended with reason SERVER-WEBAPP PHPUnit PHP remote code execution attempt - 6hr web attacks (IP=226,KR) SERVER-WEBAPP PHPUnit PHP remote code execut
211.56.144.0	21	dbc	None	2020-06-08 00:00:00	2021-06-08 00:00:00	None	KR TO-S-2020-0592 Malware Activity
211.72.117.60	24	KD	None	2021-06-04 00:00:00	2021-09-03 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability- Web Attacks (IP=60,TW)
211.75.164.36	24	RR	None	2020-12-23 00:00:00	2021-04-03 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - Web Attacks (IP=36,TW) | updated by RW Block expiration extended with reason Authentication Failure - Web Attacks (IP=36,TW)
211.75.2.169	24	JKC	None	2020-04-13 00:00:00	2021-04-13 00:00:00	None	CTR-20-0628 MALWARE CAMPAIGN HIVE CASE #2510 (IP=169, TW)
212.0.128.0	20	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	SD TO-S-2020-0298 Malicious Email Activity
212.0.128.0	19	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,SD)
212.1.208.121	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
212.1.210.150	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
212.1.210.220	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	US TO-S-2020-0303 Malicious Web Application Activity
212.1.210.50	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	US TO-S-2020-0303 Malicious Web Application Activity
212.1.211.4	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
212.1.212.3	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
212.1.212.4	32	MLJ	None	2018-01-10 06:00:00	2021-04-23 00:00:00	None	SQL 1 = 1 - possible sql injection attempt (IP=4,US) | updated by KF Block was inactive. Reactivated on 20200202 with reason HTTP: SQL Injection - Exploit II (IP=4,US) | updated by dbc Block expiration extended with reason US TO-S-2020-0459 Malware A
212.102.33.131	32	AR	None	2021-06-22 00:00:00	2021-09-20 00:00:00	None	SQL injection - 6 HR WEB ATTACK (IP=131,US)
212.102.33.132	24	BMP	None	2021-06-23 00:00:00	2021-09-21 00:00:00	None	SQL injection - 6hr Web Attacks (IP=132,IT)
212.102.33.137	32	DT	None	2021-06-21 00:00:00	2021-09-19 00:00:00	None	SQL injection - Web Attacks (IP=137,US)
212.102.33.153	32	KD	None	2021-06-15 00:00:00	2021-09-14 00:00:00	None	SERVER-WEBAPP Symantec Messaging Gateway KavaChart Component directory traversal attempt (1:40451:2) - Source fire (IP=153,US)
212.102.34.240	24	RT	None	2021-07-01 00:00:00	2021-09-29 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6 HR Web Attacks (IP=240,NL)
212.104.237.177	32	wmp	None	2021-03-11 00:00:00	2021-06-11 00:00:00	None	ArcSight High Attacker (IP=177,LK)
212.108.132.250	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	TR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
212.109.0.0	19	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	RU TO-S-2020-0750 Malicious Email Activity
212.109.220.0	23	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5629 TO-S-2021-1303 (IP=0,RU)
212.112.111.79	24	BMP	None	2020-12-15 00:00:00	2021-03-15 00:00:00	None	FTP Login Failed - 6hr Failed Logons (IP=79,KG)
212.113.32.0	19	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,UA)
212.114.109.230	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=230,NL)
212.114.252.10	24	BMP	None	2021-04-11 00:00:00	2021-07-10 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=10,DE)
212.115.48.0	22	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	RU Hive Case 4237 TO-S-2021-0910 Malware Activity
212.117.6.89	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	LT TO-S-2020-0331 Malicious Web Application Activity
212.117.95.47	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	DE TO-S-2021-0876 Hive Case 4166 Malicious Web Application Activity
212.119.40.75	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	US TO-S-2020-0493 Malware Activity
212.119.44.0	22	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	RU Hive Case 4237 TO-S-2021-0910 Malware Activity
212.124.197.186	32	dbc	None	2020-04-08 00:00:00	2021-04-08 00:00:00	None	GB TO-S-2020-0419 Malicious Email Activity
212.125.128.1	32	dbc	None	2020-04-08 00:00:00	2021-04-08 00:00:00	None	NL TO-S-2020-0419 Malware Activity
212.125.21.51	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	TR TO-S-2020-0303 Malicious Email Activity
212.129.153.225	24	RB	None	2020-10-27 00:00:00	2021-01-25 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=225,CN)
212.129.2.12	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	FR TO-S-2020-0331 Malicious Web Application Activity
212.129.29.208	32	wmp	None	2021-02-11 00:00:00	2021-05-11 00:00:00	None	Firepower Suspicious Scan Activity (IP=208,FR)
212.129.33.59	32	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	FR TO-S-2020-0838 unknown activity
212.129.41.254	32	FT	None	2020-10-17 00:00:00	2021-01-17 00:00:00	None	Known Attack Tool User Agent V2 // BOT: Muieblackcat Traffic
212.129.43.193	32	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5629 TO-S-2021-1303 (IP=193,FR)
212.130.94.76	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	DK TO-S-2020-0459 Malware Activity
212.145.45.53	32	TLM	None	2021-07-29 00:00:00	2021-10-27 00:00:00	None	HIVE Case #5884 TO-S-2021-1435 (IP=53,ES)
212.15.105.130	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	RU TO-S-2020-0331 Malicious Web Application Activity
212.154.196.0	22	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	KZ TO-S-2020-0750 Malicious Email Activity
212.154.80.40	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	TR TO-S-2020-0303 Malicious Email Activity
212.154.80.74	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	TR TO-S-2020-0331 Malicious Web Application Activity
212.156.204.126	24	FT	None	2021-01-07 00:00:00	2021-04-07 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - 6hr Web attacks (IP=126,TR)
212.156.216.49	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	TR TO-S-2020-0303 Malicious Email Activity
212.156.83.114	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	TR TO-S-2020-0331 Malicious Web Application Activity
212.159.94.69	24	BMP	None	2020-11-06 00:00:00	2021-02-05 00:00:00	None	HTTP: SQL Injection Attempt Detected - 6hr Web Attacks (IP=69,GB)
212.162.149.20	32	TLM	None	2021-06-17 00:00:00	2021-12-17 00:00:00	None	HIVE Case #5644 TO-S-2021-1352 (IP=20,US)
212.164.38.0	23	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,RU)
212.164.65.0	24	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	RU TO-S-2020-0750 Malicious Email Activity
212.170.12.107	32	jkc	None	2021-04-21 00:00:00	2021-10-21 00:00:00	None	Case # 5273 IOC_TO-S-2021-1233 Malicious callback IP
212.171.41.139	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	IT TO-S-2020-0493 Malware Activity
212.174.25.78	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	TR TO-S-2020-0298 Malicious Email Activity
212.174.75.38	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=38,TR)
212.178.135.62	32	wmp	None	2021-03-09 00:00:00	2021-06-09 00:00:00	None	ArcSight ESM High Attacker (IP=62,NL)
212.18.237.34	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	GB TO-S-2021-1007 Malicious Email Activity
212.180.225.210	24	GM	None	2020-12-19 00:00:00	2021-03-19 00:00:00	None	Masscan TCP Port Scanner - FireEye CMS (IP=210,PL)
212.199.32.0	19	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	IL TO-S-2020-0750 Malicious Email Activity
212.210.249.82	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	IT Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
212.225.176.150	24	GM	None	2021-01-03 00:00:00	2021-04-03 00:00:00	None	SERVER-WEBAPP LifeRay arbitrary Java object deserialization attempt - Web Attacks (IP=150,ES)
212.227.174.242	24	BMP	None	2021-03-27 00:00:00	2021-06-25 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=242,DE)
212.227.210.81	24	BMP	None	2021-01-19 00:00:00	2021-04-19 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=81,DE)
212.234.204.97	24	KD	None	2021-06-15 00:00:00	2021-09-14 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt- Web Attacks (IP=97,FR)
212.237.100.250	32	jkc	None	2021-04-21 00:00:00	2021-10-21 00:00:00	None	Case # 5273 IOC_TO-S-2021-1233 Malicious callback IP
212.237.102.180	24	CR	None	2021-05-19 00:00:00	2021-08-18 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - Web Attacks (IP=180,DK)
212.237.122.77	24	KH	None	2021-10-01 00:00:00	2021-12-30 00:00:00	None	Suspicious Telerik UI Request - FE IPS (IP=77,IQ)
212.237.123.79	24	DT	None	2021-07-12 00:00:00	2021-10-10 00:00:00	None	SERVER-WEBAPP YouPHPTube getImage.php command injection attempt (1:51924:4) - Source Fire (IP=79,IQ)
212.237.124.0	22	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	IQ TO-S-2020-0331 Malicious Web Application Activity
212.237.33.52	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	IT TO-S-2020-0298 Malicious Email Activity
212.24.103.59	32	FT	None	2021-03-14 00:00:00	2021-06-14 00:00:00	None	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - TT# 21C00676 (IP=59,LT)
212.24.45.0	24	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	RU TO-S-2020-0298 Malicious Email Activity
212.244.87.227	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	PL TO-S-2020-0331 Malicious Web Application Activity
212.25.2.5	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=5,CH)
212.250.16.3	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	GB TO-S-2020-0459 Malware Activity
212.252.30.170	32	dbc	None	2020-09-17 00:00:00	2021-09-17 00:00:00	None	TR TO-S-2020-0805 Malicious Web Application Activity
212.3.165.171	24	KD	None	2021-09-04 00:00:00	2021-12-03 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt - Web Attacks (IP=171,IT)
212.3.185.98	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	IT TO-S-2020-0298 Malicious Email Activity
212.32.250.2	32	wmp	None	2020-07-22 00:00:00	2021-09-17 00:00:00	None	HIVE Case #3384 COLS-NA-TIP-20-0232 (IP=2,NL) | updated by dbc Block expiration extended with reason NL TO-S-2020-0805 Malicious Email Activity
212.32.255.139	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	DE TO-S-2021-1007 Malicious Email Activity
212.32.255.164	32	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5629 TO-S-2021-1303 (IP=164,NL)
212.36.192.0	19	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	LB TO-S-2020-0838 Malware Activity
212.36.69.212	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	ES TO-S-2020-0459 Malware Activity
212.36.9.245	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	BG TO-S-2020-0303 Malicious Email Activity
212.37.105.2	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	SE TO-S-2020-0459 Malware Activity
212.37.72.141	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	SK Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
212.38.168.185	24	JKC	None	2021-08-30 00:00:00	2021-11-28 00:00:00	None	HIVE Case #NA AC HUNTER Malicious websites (IP=185,GB)
212.42.118.0	24	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	KG TO-S-2020-0331 Malicious Web Application Activity
212.42.96.0	19	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	KG Hive Case 4187 TO-S-2021-0898 Malware Activity
212.44.101.99	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	SI TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
212.44.101.99	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	SI TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
212.44.101.99	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	SI TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
212.46.103.60	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=60,DE)
212.46.238.86	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=86,RU)
212.47.245.155	32	wmp	None	2020-09-03 00:00:00	2021-11-03 00:00:00	None	HIVE Case #3770 TO-S-2020-0779 COLS-NA-TIP-20-0280 (IP=155,FR) | updated by dbc Block expiration extended with reason FR Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
212.47.253.20	24	BMP	None	2021-05-25 00:00:00	2021-08-23 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - 6hr Web Attacks (IP=20,FR)
212.48.253.67	32	dbc	None	2020-05-13 00:00:00	2021-05-13 00:00:00	None	Unaffiliated TO-S-2020-0503 Malicious Email Activity
212.48.85.212	32	dbc	None	2020-09-17 00:00:00	2021-09-17 00:00:00	None	GB TO-S-2020-0805 Malicious Email Activity
212.49.95.0	24	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	KE TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
212.51.128.0	19	jkc	None	2021-04-21 00:00:00	2021-10-21 00:00:00	None	Case # 5273 IOC_TO-S-2021-1233 Malicious callback IP
212.51.144.0	20	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	CH TO-S-2020-0331 Malicious Web Application Activity
212.52.166.73	32	NAB	None	2020-10-30 00:00:00	2021-01-28 00:00:00	None	HIVE Case #4238 COLS-NA-TIP-20-0344 (IP=73,HU)
212.58.208.235	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	RU TO-S-2020-0298 Malicious Email Activity
212.59.186.61	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	CH TO-S-2020-0459 Malware Activity
212.60.20.0	22	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	RU Hive Case 4237 TO-S-2021-0910 Malware Activity
212.63.109.142	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	ES TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
212.64.21.149	24	DT	None	2021-04-24 00:00:00	2021-08-13 00:00:00	None	SERVER-WEBAPP vBulletin pre-authenticated command injection attempt - 6hr web attacks (IP=149,CN) | updated by RB Block expiration extended with reason HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr web attacks (IP=149,CN)
212.64.24.151	24	EE	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attack (IP=151,CN)
212.64.57.179	24	RR	None	2021-03-06 00:00:00	2021-06-04 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=179,CN)
212.64.90.129	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepwer Suspicious Scan Activity (IP=129,CN)
212.64.98.122	24	GM	None	2021-02-14 00:00:00	2021-05-14 00:00:00	None	HTTP: SQL Injection Attempt Detected - Web Attacks (IP=122,CN)
212.69.141.11	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	IT TO-S-2020-0298 Malicious Email Activity
212.69.160.0	19	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	AT Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
212.7.204.175	24	BMP	None	2020-10-17 00:00:00	2021-01-15 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - SourceFire (IP=163,NL)
212.7.208.66	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	NL TO-S-2020-0298 Malicious Email Activity
212.71.130.116	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	CZ TO-S-2020-0303 Malicious Email Activity
212.71.232.54	24	BMP	None	2021-04-02 00:00:00	2021-07-01 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=54,GB)
212.71.233.179	32	wmp	None	2021-03-11 00:00:00	2021-06-11 00:00:00	None	ArcSight High Attacker (IP=179,GB)
212.71.234.238	24	ZH	None	2021-07-05 00:00:00	2021-10-03 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire Rpt (IP=238,GB)
212.71.235.242	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	GB TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
212.71.237.140	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	GB TO-S-2021-0876 Hive Case 4166 Malware Activity
212.71.245.55	32	wmp	None	2021-04-19 00:00:00	2021-07-19 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=55,GB)
212.71.253.100	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	GB TO-S-2020-0493 Malware Activity
212.71.255.214	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	GB Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
212.72.0.0	19	dbc	None	2020-09-17 00:00:00	2021-09-17 00:00:00	None	OM TO-S-2020-0805 Malicious Email Activity
212.72.139.205	24	FT	None	2021-04-08 00:00:00	2021-07-07 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr web attacks (IP=205,GE)
212.73.150.245	32	wmp	None	2021-03-02 00:00:00	2021-06-02 00:00:00	None	FireEye IPS Nikto Web Vulnerability Scanner (IP=245,CY)
212.73.150.245	24	RB	None	2021-03-02 00:00:00	2021-05-31 00:00:00	None	Nikto Web Vulnerability Scanner - IPS Events (IP=245,CY)
212.73.159.209	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	BG TO-S-2020-0331 Malicious Web Application Activity
212.77.3.192	32	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	VA TO-S-2020-0315 Malware Activity
212.77.3.219	32	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	VA TO-S-2020-0315 Malware Activity
212.77.3.228	32	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	VA TO-S-2020-0315 Malware Activity
212.77.3.234	32	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	VA TO-S-2020-0315 Malware Activity
212.77.3.65	32	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	VA TO-S-2020-0315 Malware Activity
212.8.107.29	24	RW	None	2020-12-21 00:00:00	2021-03-21 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Sourcefire (IP=29,ES)
212.8.249.34	24	FT	None	2021-04-25 00:00:00	2021-07-25 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - 6hr web attacks (IP=34,NL)
212.80.216.172	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	NL Hive Case 4187 TO-S-2021-0898 Malicious Web Application Activity
212.82.77.178	24	EE	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attack (IP=178,GB)
212.83.140.95	32	NAB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HIVE Case #5136 TO-S-21-1197 TO-S-21-1197.01 (IP=95,FR)
212.83.147.143	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	FR TO-S-2020-0493 Malware Activity
212.83.149.136	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	FR TO-S-2020-0331 Malicious Web Application Activity
212.83.150.149	24	RW	None	2021-01-26 00:00:00	2021-04-26 00:00:00	None	SQL injection - web attacks (IP=149,FR)
212.83.150.48	32	NAB	None	2021-04-05 00:00:00	2021-07-04 00:00:00	None	HIVE Case #5201 TO-S-21-1209 (IP=48,FR)
212.83.150.48	32	NAB	None	2021-04-05 00:00:00	2021-07-04 00:00:00	None	HIVE Case #5201 TO-S-21-1209 (IP=48,FR) HIVE Case #5201 TO-S-21-1209 (IP=48,FR)
212.83.157.49	32	dbc	None	2020-06-08 00:00:00	2021-06-08 00:00:00	None	Unafiliated TO-S-2020-0592 Malicious Email Activity
212.83.164.31	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	FR TO-S-2020-0459 Malware Activity
212.83.172.100	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	FR TO-S-2020-0331 Malicious Web Application Activity
212.83.190.59	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	FR Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
212.83.8.74	32	wmp	None	2021-05-28 00:00:00	2021-08-28 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=74,RU)
212.83.8.76	32	wmp	None	2021-05-27 00:00:00	2021-08-27 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=76,RU)
212.83.8.77	32	wmp	None	2021-05-28 00:00:00	2021-08-28 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=77,RU)
212.86.109.31	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	NL Hive Case 4237 TO-S-2021-0910 Malware Activity
212.88.227.235	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	BE TO-S-2020-0493 Malware Activity
212.90.11.34	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	IT TO-S-2020-0303 Malicious Email Activity
212.90.148.8	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	DE TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
212.90.148.8	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	DE TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
212.90.148.8	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	DE TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
212.90.160.0	19	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	GB TO-S-2020-0838 Malware Activity
212.91.6.85	32	dbc	None	2020-03-24 00:00:00	2021-03-24 00:00:00	None	PL TO-S-2020-0369 Malicious Email Activity
212.93.198.68	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	SA TO-S-2020-0535 Malware Activity
212.93.96.0	19	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	LV TO-S-2021-0876 Hive Case 4166 Malware Activity
212.98.170.101	32	dbc	None	2020-01-08 00:00:00	2021-01-08 00:00:00	None	BY TO-S-2020-0236 Malicious Email Activity
213.1.208.210	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	GB Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
213.10.7.176	32	AR	None	2021-09-16 00:00:00	2021-12-15 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 21C01871 (IP=176,US)
213.101.148.245	32	srm	None	2021-01-29 00:00:00	2021-04-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=245,LT)
213.105.187.243	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	GB TO-S-2020-0459 Malware Activity
213.108.14.57	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	PL TO-S-2020-0298 Malicious Email Activity
213.108.196.109	24	RB	None	2021-04-16 00:00:00	2021-07-15 00:00:00	None	Masscan TCP Port Scanner - IPS Events (IP=109,RU)
213.108.196.20	32	wmp	None	2021-02-12 00:00:00	2021-05-12 00:00:00	None	ArcSight High Attacker (IP=20,RU)
213.108.198.30	32	dbc	None	2020-03-24 00:00:00	2021-03-24 00:00:00	None	US TO-S-2020-0369 Malicious Email Activity
213.110.0.0	19	TLM	None	2021-06-10 00:00:00	2021-12-10 00:00:00	None	HIVE CASE #5606 TO-S-2021-1338
213.110.206.48	24	CR	None	2021-05-11 00:00:00	2021-08-11 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt_Sourcefire (IP=48,RU)
213.110.206.48	32	wmp	None	2021-02-05 00:00:00	2021-05-05 00:00:00	None	Firepower Suspicious Scan Activity (IP=48,RU)
213.110.224.0	19	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=0,RU)
213.121.222.147	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	GB Hive Case 4237 TO-S-2021-0910 Malware Activity
213.123.206.197	32	srm	None	2021-01-29 00:00:00	2021-04-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=197,GB)
213.123.6.12	24	RR	None	2021-05-30 00:00:00	2021-08-28 00:00:00	None	SERVER-WEBAPP Terramaster TOS command injection attempt - SourceFire (IP=12,GB)
213.129.112.10	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	RU TO-S-2020-0303 Malicious Email Activity
213.129.134.205	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	CZ TO-S-2020-0298 Malicious Email Activity
213.135.88.0	22	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	RU TO-S-2020-0331 Malicious Web Application Activity
213.136.68.63	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	DE Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
213.136.73.44	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	DE Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
213.136.83.203	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	DE TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
213.136.88.15	24	EE	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=15,DE)
213.136.88.15	24	EE	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attack (IP=15,DE)
213.136.89.137	32	wmp	None	2021-05-04 00:00:00	2021-08-04 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=137,DE)
213.136.91.215	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=215,DE)
213.136.91.69	32	TLM	None	2021-06-17 00:00:00	2021-12-17 00:00:00	None	HIVE Case #5644 TO-S-2021-1352 (IP=69,DE)
213.136.92.223	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	DE TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
213.136.96.0	19	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,CI)
213.139.59.185	32	wmp	None	2021-05-27 00:00:00	2021-08-27 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=185,GB)
213.14.10.131	24	RB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Sourcefire (IP=131,TR)
213.14.216.0	24	TLM	None	2021-07-29 00:00:00	2021-10-27 00:00:00	None	HIVE Case #5884 TO-S-2021-1435 (IP=0,TR)
213.14.216.253	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	TR Hive Case 4237 TO-S-2021-0910 Malware Activity
213.141.234.3	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	RU TO-S-2020-0535 Malware Activity
213.145.224.0	19	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	AT TO-S-2020-0838 Malicious Email Activity
213.152.161.229	24	FT	None	2020-10-24 00:00:00	2021-01-21 00:00:00	None	HTTP: Apache mod_cgi Bash Environment Variable Code Injection - 6hr Web Attacks (IP=229,GB)
213.152.168.169	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	NL TO-S-2020-0459 Malware Activity
213.152.173.133	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	NL TO-S-2020-0459 Malware Activity
213.152.176.185	32	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	NL TO-S-2020-0838 Malicious Web Application Activity
213.152.176.206	32	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	NL TO-S-2020-0838 Malicious Web Application Activity
213.152.186.7	24	RT	None	2021-06-23 00:00:00	2021-09-21 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt (1:28556:3) - Sourcefire Report (IP=7,NL)
213.155.174.76	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	PL TO-S-2020-0303 Malicious Web Application Activity
213.156.136.92	32	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5637 TO-S-2021-1321 (IP=92,US)
213.157.192.0	19	dbc	None	2020-09-23 00:00:00	2021-09-23 00:00:00	None	GE TO-S-2020-0826 Hive Case 3950 Malicious Email Activity
213.157.47.0	24	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	KZ TO-S-2020-0298 Malicious Email Activity
213.159.208.0	21	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	RU TO-S-2020-0535 Malware Activity
213.16.63.201	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	HIVE Case #Firepower Firepower (IP=201,BG)
213.16.63.201	24	GM	None	2020-12-08 00:00:00	2021-03-08 00:00:00	None	Masscan TCP Port Scanner - FireEye CMS (IP=201,BG)
213.16.99.82	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=82,HU)
213.162.209.79	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	ES Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
213.163.104.10	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=10,AL)
213.163.104.12	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=12,AL)
213.163.104.138	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=138,AL)
213.163.104.142	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=142,AL)
213.163.104.160	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=160,AL)
213.163.104.63	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	AL TO-S-2020-0750 Malicious Email Activity
213.163.104.7	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=7,AL)
213.163.104.99	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=99,AL)
213.163.113.100	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=100,AL)
213.163.113.20	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=20,AL)
213.163.113.225	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=225,AL)
213.163.113.23	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=23,AL)
213.163.113.237	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=237,AL)
213.163.113.37	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=37,AL)
213.163.113.46	32	srm	None	2021-05-14 00:00:00	2021-08-12 00:00:00	None	Firepower Suspicious Scan Activity (IP=46,undefined)
213.163.113.51	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=51,AL)
213.163.113.72	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	HIVE Case #Firepower Firepower (IP=72,AL)
213.163.113.79	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=79,AL)
213.163.114.107	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=107,AL)
213.163.114.158	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=158,AL)
213.163.114.165	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=165,AL)
213.163.114.190	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=190,AL)
213.163.115.1	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=1,AL)
213.163.115.102	32	srm	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=102,AL)
213.163.115.11	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=11,AL)
213.163.115.15	32	NAB	None	2021-04-05 00:00:00	2021-07-04 00:00:00	None	HIVE Case #5201 TO-S-21-1209 (IP=15,AL)
213.163.115.26	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=26,AL)
213.163.115.42	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=42,AL)
213.163.115.71	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=71,AL)
213.163.115.74	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=74,AL)
213.163.115.77	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=77,AL)
213.163.116.132	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=132,AL)
213.163.116.160	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=160,AL)
213.163.116.163	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=163,AL)
213.163.116.164	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=164,AL)
213.163.116.197	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=197,AL)
213.163.116.203	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=203,AL)
213.163.116.51	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=51,AL)
213.163.116.85	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=85,AL)
213.163.117.48	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=48,AL)
213.163.118.108	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=108,AL)
213.163.118.199	24	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=199,AL)
213.163.119.15	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=15,AL)
213.163.119.236	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=236,AL)
213.163.119.240	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=240,AL)
213.163.119.34	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=34,AL)
213.163.119.37	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=37,AL)
213.163.119.54	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=54,AL)
213.163.126.104	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=104,AL)
213.163.126.112	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=112,AL)
213.163.126.201	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=201,AL)
213.163.126.60	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=60,AL)
213.163.126.7	32	srm	None	2021-04-26 00:00:00	2021-07-25 00:00:00	None	Firepower Suspicious Scan Activity (IP=7,AL)
213.163.127.155	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=155,AL)
213.163.127.178	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=178,AL)
213.163.127.204	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=204,AL)
213.163.127.46	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=46,AL)
213.163.64.53	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	NL Hive Case 4187 TO-S-2021-0898 Malicious Web Application Activity
213.164.240.0	20	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	RO TO-S-2020-0331 Malicious Web Application Activity
213.168.248.26	32	wmp	None	2021-03-11 00:00:00	2021-06-11 00:00:00	None	ArcSight High Attacker (IP=26,GB)
213.168.250.126	32	wmp	None	2021-03-11 00:00:00	2021-06-11 00:00:00	None	ArcSight High Attacker (IP=126,GB)
213.168.251.57	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	NL TO-S-2020-0298 Malware Activity
213.170.247.209	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	ES TO-S-2020-0303 Malicious Email Activity
213.170.247.210	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	ES TO-S-2020-0303 Malicious Email Activity
213.171.197.111	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	GB TO-S-2020-0459 Malware Activity
213.171.210.61	24	RR	None	2021-04-23 00:00:00	2021-07-23 00:00:00	None	SERVER-OTHER Adobe ColdFusion unauthenticated file upload attempt - Web Attacks (IP=38,GB)
213.174.0.0	19	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,UA)
213.175.184.50	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	LB TO-S-2020-0331 Malicious Web Application Activity
213.177.0.0	19	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	RO TO-S-2020-0298 Malicious Email Activity
213.181.192.70	32	wmp	None	2020-08-26 00:00:00	2021-09-29 00:00:00	None	HIVE Case #3650 COLS-NA-TIP-20-0271 (IP=70,HU) | updated by dbc Block expiration extended with reason HU TO-S-2020-0838 Malicious Email Activity
213.182.75.234	24	RW	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	Hello Peppa Scan - Fireeye IPS (IP=234,IT)
213.183.32.154	24	DT	None	2021-04-24 00:00:00	2021-07-24 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt (1:28556:3) - Sourcefire (IP=154,RU)
213.186.33.105	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=105,FR)
213.186.33.186	32	NAB	None	2020-10-30 00:00:00	2021-01-28 00:00:00	None	HIVE Case #4238 COLS-NA-TIP-20-0344 (IP=186,FR)
213.186.33.186	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	FR TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
213.186.33.19	32	NAB	None	2020-10-30 00:00:00	2021-01-28 00:00:00	None	HIVE Case #4238 COLS-NA-TIP-20-0344 (IP=19,FR)
213.187.96.0	19	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	RU Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
213.188.119.206	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	DE TO-S-2020-0331 Malicious Web Application Activity
213.188.253.141	32	RW	None	2020-10-10 00:00:00	2021-01-10 00:00:00	None	HTTP: Apache Struts 2 Remote Code Execution (CVE-2017-5638) - TT# 21C00085 (IP=141,US)
213.188.33.151	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	FR TO-S-2020-0331 Malicious Email Activity
213.190.166.70	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	GB Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
213.190.6.107	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	DE TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
213.190.6.111	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	US TO-S-2020-0535 Malicious Email Activity
213.190.7.204	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=204,US)
213.192.13.15	32	wmp	None	2021-02-12 00:00:00	2021-05-12 00:00:00	None	Palo Alto JSON Web Service Insecure Deserialization Vuln (IP=15,CZ)
213.192.24.130	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	CZ TO-S-2020-0298 Malicious Email Activity
213.193.0.0	19	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	RU Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
213.194.130.58	24	CR	None	2020-12-29 00:00:00	2021-03-29 00:00:00	None	Masscan TCP Port Scanner - IPS Events (IP=58,ES)
213.196.5.2	24	RR	None	2020-10-12 00:00:00	2021-01-12 00:00:00	None	PHISHING.URL - Hive Case 4084 (IP=2,NL)
213.198.148.50	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	IT TO-S-2020-0331 Malicious Web Application Activity
213.202.211.81	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	DE Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
213.202.212.220	32	dbc	None	2020-12-08 00:00:00	2021-12-08 00:00:00	None	DE TO-S-2021-0982 Malicious Email Activity
213.202.216.43	24	KH	None	2021-08-03 00:00:00	2021-11-01 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt (1:28556:3) - Sourcefire (IP=43,DE)
213.202.217.17	32	dbc	None	2020-09-17 00:00:00	2021-09-17 00:00:00	None	DE TO-S-2020-0805 Malware Activity
213.202.218.29	24	RT	None	2021-07-16 00:00:00	2021-10-14 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - 6HR WebAttack (IP=29,DE)
213.202.230.103	32	DT	None	2021-09-11 00:00:00	2021-12-10 00:00:00	None	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - TT# Paper TT 003
213.202.233.194	24	KD	None	2021-09-05 00:00:00	2021-12-04 00:00:00	None	Unauthorized Access-Probe- TT# 21C01755 (IP=194,DE)
213.202.233.194	32	wmp	None	2021-02-12 00:00:00	2021-05-12 00:00:00	None	ArcSight High Attacker (IP=194,DE)
213.202.241.219	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	DE TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
213.202.96.174	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	HR TO-S-2020-0303 Malicious Email Activity
213.215.82.33	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	SK TO-S-2020-0298 Malicious Email Activity
213.219.39.185	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	GB Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
213.221.32.18	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	RU TO-S-2020-0331 Malicious Web Application Activity
213.222.56.130	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	BG TO-S-2020-0298 Malicious Email Activity
213.226.140.23	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=23,LV)
213.227.140.20	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	NL TO-S-2021-1007 Malware Activity
213.227.149.92	32	dbc	None	2020-03-24 00:00:00	2021-03-24 00:00:00	None	NL TO-S-2020-0369 Malicious Email Activity
213.227.154.248	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	DE Hive Case 4187 TO-S-2021-0898 Malicious Web Application Activity
213.227.249.236	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	GB TO-S-2020-0303 Malicious Email Activity
213.228.158.14	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=14,PT)
213.230.112.35	24	BMP	None	2021-05-10 00:00:00	2021-08-08 00:00:00	None	FTP Login Failed - 6hr Failed Logons (IP=35,UZ)
213.236.59.66	32	wmp	None	2021-04-15 00:00:00	2021-07-15 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=66,SA)
213.236.59.67	32	wmp	None	2021-06-29 00:00:00	2021-09-29 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=67,SA)
213.237.86.85	24	ZH	None	2021-08-29 00:00:00	2021-11-27 00:00:00	None	Adobe ColdFusion Administrator Access Restriction 6hr Web Attack (IP=85,DK)
213.237.90.53	24	DT	None	2021-08-31 00:00:00	2021-11-29 00:00:00	None	SQL injection - Web Attacks (IP=53,DK)
213.239.204.60	32	NAB	None	2021-04-05 00:00:00	2021-07-04 00:00:00	None	HIVE Case #5201 TO-S-21-1209 (IP=60,DE)
213.239.210.106	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	DE TO-S-2020-0698 Malware Activity
213.241.25.53	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	PL TO-S-2020-0303 Malicious Email Activity
213.246.19.158	24	KH	None	2021-09-11 00:00:00	2021-12-10 00:00:00	None	SERVER-WEBAPP Fortinet FortiOS SSL VPN web portal directory traversal attempt (1:51370:1) - Sourcefire (IP=158,YE)
213.25.135.254	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	PL Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
213.251.182.103	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	FR TO-S-2020-0459 Malware Activity
213.251.58.122	24	WR	None	2021-05-25 00:00:00	2021-08-23 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote
213.252.247.18	32	NAB	None	2021-05-11 00:00:00	2021-11-11 00:00:00	None	HIVE Case #5422 DARKSIDE Ransomware (IP=18,LT)
213.32.10.111	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	PL TO-S-2020-0303 Malicious Email Activity
213.32.17.196	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	FR TO-S-2020-0331 Malicious Web Application Activity
213.32.20.107	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	FR TO-S-2020-0493 Malware Activity
213.32.252.204	24	FT	None	2021-03-30 00:00:00	2021-06-28 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=204,IQ)
213.32.37.233	32	dbc	None	2020-09-23 00:00:00	2021-09-23 00:00:00	None	FR TO-S-2020-0826 Hive Case 3950 Malicious Email Activity
213.32.47.9	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	FR TO-S-2020-0493 Malware Activity
213.32.63.123	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	PT TO-S-2020-0459 Malware Activity
213.34.163.254	32	wmp	None	2021-03-09 00:00:00	2021-06-09 00:00:00	None	ArcSight ESM High Attacker (IP=254,NL)
213.34.171.254	32	wmp	None	2021-03-09 00:00:00	2021-06-09 00:00:00	None	ArcSight ESM High Attacker (IP=254,NL)
213.48.251.171	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	GB TO-S-2020-0459 Malware Activity
213.49.196.15	24	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=15,BE)
213.55.100.0	22	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	ET Hive Case 4187 TO-S-2021-0898 Malware Activity
213.55.77.138	24	EE	None	2021-03-28 00:00:00	2021-06-26 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=138,ET)
213.55.77.143	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=143,ET)
213.55.90.51	24	EE	None	2021-02-11 00:00:00	2021-05-11 00:00:00	None	SERVER-WEBAPP LifeRay arbitrary Java object deserialization attempt - 6 HR Web Attacks (IP=51,ET)
213.55.96.151	32	dbc	None	2020-03-24 00:00:00	2021-03-24 00:00:00	None	US TO-S-2020-0369 Malicious Email Activity
213.55.96.4	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	ET TO-S-2020-0298 Malicious Email Activity
213.57.32.34	32	jkc	None	2020-06-26 00:00:00	2021-06-26 00:00:00	None	Case # 3146 - IOC_ CTO 20-172 malicious callback IP (ip=34,IL)
213.59.119.138	32	dbc	None	2020-09-01 00:00:00	2021-09-01 00:00:00	None	US HIVE Case #3744 TO-S-2020-0772 Malicious Email Activity
213.60.96.117	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	ES TO-S-2021-0876 Hive Case 4166 Malware Activity
213.73.132.77	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	NL TO-S-2020-0303 Malicious Email Activity
213.73.205.45	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	NL TO-S-2020-0459 Malware Activity
213.74.101.65	32	dbc	None	2020-09-17 00:00:00	2021-09-17 00:00:00	None	TR TO-S-2020-0805 Malicious Web Application Activity
213.74.139.196	32	dbc	None	2020-09-17 00:00:00	2021-09-17 00:00:00	None	TR TO-S-2020-0805 Malicious Web Application Activity
213.80.102.114	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	HIVE Case #Firepower Firepower (IP=114,SE)
213.81.189.125	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	SK TO-S-2020-0303 Malicious Email Activity
213.81.189.73	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	SK TO-S-2020-0298 Malicious Email Activity
213.87.87.173	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=173,RU)
213.91.165.130	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	BG TO-S-2020-0298 Malicious Email Activity
213.91.237.104	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	BG Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
213.92.147.49	24	DT	None	2021-02-04 00:00:00	2021-05-04 00:00:00	None	SQL injection - 6hr Web Attacks (IP=49,PL)
213.92.254.52	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=52,PL)
213.95.130.249	32	dbc	None	2020-03-24 00:00:00	2021-03-24 00:00:00	None	DE TO-S-2020-0369 Malicious Email Activity
213.95.167.143	24	RR	None	2021-06-20 00:00:00	2021-09-18 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=143,DE)
213.96.40.9	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	ES TO-S-2020-0303 Malicious Email Activity
214.24.26.226	32	UA	None	2021-06-22 00:00:00	2021-09-22 00:00:00	None	FILE-FLASH Action InitArray stack overflow attempt (IP=226,US)
214.48.244.143	32	dbc	None	2020-06-10 00:00:00	2021-06-10 00:00:00	None	Unaffiliated TO-S-2020-0601 Malicious Email Activity
216.10.217.81	24	ZH	None	2021-07-12 00:00:00	2021-10-10 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6hr Failed Logons (IP=81,JM)
216.104.188.251	32	wmp	None	2020-09-16 00:00:00	2021-10-29 00:00:00	None	HIVE Case #3909 COLS-NA-TIP-20-0296 (IP=251,US) | updated by wmp Block expiration extended with reason HIVE Case #3941 TO-S-2020-0821 COLS-NA-TIP-20-0298 (IP=251,US) | updated by dbc Block expiration extended with reason US Hive Case 4187 TO-S-2020-08
216.105.90.250	32	dbc	None	2020-03-24 00:00:00	2021-03-24 00:00:00	None	CA TO-S-2020-0369 Malicious Email Activity
216.108.231.21	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	US TO-S-2020-0493 Malware Activity
216.115.123.228	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=228,US)
216.120.236.127	32	JKC	None	2021-08-30 00:00:00	2021-11-28 00:00:00	None	HIVE Case #NA AC HUNTER Malicious websites (IP=127,US)
216.120.255.98	32	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	US TO-S-2020-0315 Malicious Email Activity
216.128.128.98	32	TLM	None	2021-06-17 00:00:00	2021-12-17 00:00:00	None	HIVE Case #5644 TO-S-2021-1352 (IP=98,US)
216.130.79.102	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	CA TO-S-2020-0303 Malicious Email Activity
216.131.88.147	24	ZH	None	2021-09-15 00:00:00	2021-12-14 00:00:00	None	Self-Report / ColdFusion Errors - TT# 21C01859 (IP=147,NL)
216.137.192.54	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=54,US)
216.138.234.150	32	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	CA TO-S-2020-0838 Malicious Email Activity
216.139.141.48	32	NAB	None	2021-04-05 00:00:00	2021-07-04 00:00:00	None	HIVE Case #5201 TO-S-21-1209 (IP=48,US)
216.147.228.138	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	MULTIPLE UNRECOGNIZED TECHNIQUES; FORWARD TO DEV TEAM (IP=138,US)
216.147.231.52	32	NAB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HIVE Case #5136 TO-S-21-1197 TO-S-21-1197.01 (IP=52,US)
216.154.219.189	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	US TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
216.157.88.27	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	CA TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
216.158.128.108	32	EE	None	2021-04-04 00:00:00	2021-07-03 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) Web Attack (IP=108,US)
216.158.227.226	32	wmp	None	2020-08-19 00:00:00	2021-10-08 00:00:00	None	HIVE Case #3602 COLS-NA-TIP-20-0261 (IP=226,US) | updated by wmp Block expiration extended with reason HIVE Case #3601 COLS-NA-TIP-20-0260 (IP=226,US) | updated by dbc Block expiration extended with reason HIVE Case #4064 TO-S-2020-0859 (IP=226,US)
216.169.120.94	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=94,US)
216.17.1.170	32	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5637 TO-S-2021-1321 (IP=170,US)
216.170.114.70	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	US TO-S-2021-1007 Malware Activity
216.172.171.146	32	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	US TO-S-2020-0838 Malicious Email Activity
216.172.172.179	32	srm	None	2020-12-16 00:00:00	2021-12-18 00:00:00	None	HIVE Case #4559 COLS-NA-TIP-20-0405 (IP=179,US) | updated by dbc Block expiration extended with reason US TO-S-2021-1007 Malicious Email Activity
216.172.172.184	32	jkc	None	2021-04-21 00:00:00	2021-10-21 00:00:00	None	Case # 5273 IOC_TO-S-2021-1233 Malicious callback IP
216.172.172.242	32	TLM	None	2021-06-10 00:00:00	2021-12-10 00:00:00	None	HIVE CASE #5606 TO-S-2021-1338
216.172.172.29	32	TLM	None	2021-06-17 00:00:00	2021-12-17 00:00:00	None	HIVE Case #5644 TO-S-2021-1352 (IP=29,US)
216.172.172.79	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=79,US)
216.172.184.42	32	TLM	None	2021-07-29 00:00:00	2021-10-27 00:00:00	None	HIVE Case #5884 TO-S-2021-1435 (IP=42,US)
216.172.184.59	32	TLM	None	2021-07-29 00:00:00	2021-10-27 00:00:00	None	HIVE Case #5884 TO-S-2021-1435 (IP=59,US)
216.172.184.97	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	US TO-S-2020-0535 Malicious Email Activity
216.172.185.10	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	US TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
216.172.56.35	32	RW	None	2020-02-05 00:00:00	2021-05-07 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C01615(IP=35,US) | updated by dbc Block was inactive. Reactivated on 20200507 with reason US TO-S-2020-0493 Malware Activity
216.173.134.39	32	BMP	None	2021-01-04 00:00:00	2021-04-04 00:00:00	None	SSH User Authentication Brute Force Attempt - 6hr Failed Logons (IP=39,US)
216.176.205.34	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=34,US)
216.194.164.128	32	TLM	None	2021-06-10 00:00:00	2021-12-10 00:00:00	None	HIVE CASE #5606 TO-S-2021-1338
216.194.164.209	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	US TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
216.194.165.88	32	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5629 TO-S-2021-1303 (IP=88,US)
216.194.165.88	32	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5629 TO-S-2021-1303 (IP=88,US)
216.194.167.35	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	US Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
216.194.169.110	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
216.195.64.46	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=46,US)
216.198.166.25	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=25,US)
216.198.86.249	32	BB	None	2021-09-27 00:00:00	2021-12-26 00:00:00	None	ColdFusion Error reporting - TT# 21C01965 (IP=249,US)
216.198.86.249	32	BB	None	2021-09-27 00:00:00	2021-12-26 00:00:00	None	ColdFusion Error reporting - TT# 21C01965 (IP=249,US)
216.218.252.151	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	US TO-S-2020-0493 Malicious Web Application Activity
216.218.252.164	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	US TO-S-2020-0493 Malicious Web Application Activity
216.218.252.166	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	US TO-S-2020-0493 Malicious Web Application Activity
216.218.252.169	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	US TO-S-2020-0493 Malicious Web Application Activity
216.218.252.173	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	US TO-S-2020-0493 Malicious Web Application Activity
216.218.252.174	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	US TO-S-2020-0493 Malicious Web Application Activity
216.218.252.177	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	US TO-S-2020-0493 Malicious Web Application Activity
216.218.252.179	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	US TO-S-2020-0493 Malicious Web Application Activity
216.218.252.205	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	US TO-S-2020-0493 Malicious Web Application Activity
216.221.206.12	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	US TO-S-2020-0493 Malware Activity
216.222.194.171	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=171,US)
216.224.126.49	32	RW	None	2020-11-04 00:00:00	2021-02-04 00:00:00	None	Hello Peppa Scan - Fireeye IPS (IP=49,US)
216.224.237.93	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=93,US)
216.226.146.111	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	US TO-S-2021-1007 Malware Activity
216.227.215.105	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
216.228.13.238	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=238,US)
216.229.186.178	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	US TO-S-2020-0698 Malicious Email Activity
216.230.97.49	32	dbc	None	2020-05-14 00:00:00	2021-05-14 00:00:00	None	US TO-S-2020-0514 Malware Activity
216.239.139.64	32	dbc	None	2020-06-08 00:00:00	2021-06-08 00:00:00	None	Unafiliated TO-S-2020-0592 Malicious Email Activity
216.239.32.10	32	DT	None	2021-03-25 00:00:00	2021-06-23 00:00:00	None	UDP: Port Scan (IP=10,US)
216.239.32.10	32	DT	None	2021-03-25 00:00:00	2021-06-23 00:00:00	None	UDP: Port Scan (IP=10,US)
216.24.248.224	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
216.24.249.109	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
216.244.171.170	32	dbc	None	2020-01-08 00:00:00	2021-01-08 00:00:00	None	PE TO-S-2020-0236 Malicious Email Activity
216.244.66.228	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	MULTIPLE UNRECOGNIZED TECHNIQUES; FORWARD TO DEV TEAM (IP=228,US)
216.246.112.40	32	dbc	None	2020-09-23 00:00:00	2021-09-23 00:00:00	None	US TO-S-2020-0826 Hive Case 3950 Malicious Email Activity
216.252.49.131	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=131,US)
216.27.63.21	32	dbc	None	2020-06-08 00:00:00	2021-06-08 00:00:00	None	Unafiliated TO-S-2020-0592 Malicious Email Activity
216.27.63.7	32	jkc	None	2021-04-21 00:00:00	2021-10-21 00:00:00	None	Case # 5273 IOC_TO-S-2021-1233 Malicious callback IP
216.4.95.61	32	GM	None	2020-09-17 00:00:00	2021-08-21 00:00:00	None	SERVER-WEBAPP Zeroshell Linux Router command injection attempt - Web Attacks (IP=61,US) | updated by wmp Block was inactive. Reactivated on 20210521 with reason Palo Alto Suspicious Scan Activity (IP=61,US) Palo Alto Suspicious Scan Activity (IP=61,US)
216.4.95.61	32	wmp	None	2021-05-21 00:00:00	2021-08-21 00:00:00	None	SERVER-WEBAPP Zeroshell Linux Router command injection attempt - Web Attacks (IP=61,US) | updated by wmp Block was inactive. Reactivated on 20210521 with reason Palo Alto Suspicious Scan Activity (IP=61,US) Palo Alto Suspicious Scan Activity (IP=61,US)
216.4.95.62	32	DT	None	2020-09-04 00:00:00	2021-08-21 00:00:00	None	SERVER-WEBAPP Zeroshell Linux Router command injection attempt - Sourcefire (IP=62,US) | updated by wmp Block was inactive. Reactivated on 20210521 with reason Palo Alto Suspicious Scan Activity (IP=62,US) Palo Alto Suspicious Scan Activity (IP=62,US)
216.4.95.62	32	wmp	None	2021-05-21 00:00:00	2021-08-21 00:00:00	None	SERVER-WEBAPP Zeroshell Linux Router command injection attempt - Sourcefire (IP=62,US) | updated by wmp Block was inactive. Reactivated on 20210521 with reason Palo Alto Suspicious Scan Activity (IP=62,US) Palo Alto Suspicious Scan Activity (IP=62,US)
216.47.147.243	32	NAB	None	2021-03-03 00:00:00	2021-06-01 00:00:00	None	HIVE Case #NA FP Security (IP=243,US)
216.49.176.69	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	US TO-S-2020-0698 Malicious Email Activity
216.55.169.107	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	US TO-S-2020-0493 Malware Activity
216.55.182.84	32	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	US TO-S-2020-0838 Malicious Email Activity
216.55.185.76	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	US TO-S-2020-0535 Malicious Email Activity
216.58.214.65	32	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	US TO-S-2020-0838 Malicious Email Activity
216.59.16.16	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
216.59.194.178	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=178,US)
216.59.56.202	32	wmp	None	2020-09-22 00:00:00	2021-11-19 00:00:00	None	HIVE Case #3941 TO-S-2020-0821 COLS-NA-TIP-20-0298 (IP=202,US) | updated by dbc Block expiration extended with reason US TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
216.65.201.140	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=140,US)
216.67.82.85	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=85,US)
216.67.89.122	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=122,US)
216.67.90.142	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=142,US)
216.70.123.12	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
216.70.123.24	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
216.75.37.196	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malware Activity
216.80.1.254	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	US TO-S-2020-0493 Malware Activity
216.81.83.92	32	dbc	None	2020-05-22 00:00:00	2021-05-27 00:00:00	None	Unafilliated TO-S-2020-0559 Malicious Email Activity | updated by dbc Block expiration extended with reason Unafilliated TO-S-2020-0559.01 Malicious Email Activity
216.83.138.2	32	TLM	None	2021-06-17 00:00:00	2021-12-17 00:00:00	None	HIVE Case #5644 TO-S-2021-1352 (IP=2,US)
216.87.41.18	32	NAB	None	2021-04-05 00:00:00	2021-07-04 00:00:00	None	HIVE Case #5201 TO-S-21-1209 (IP=18,US)
216.97.237.97	32	TLM	None	2021-07-29 00:00:00	2021-10-27 00:00:00	None	HIVE Case #5884 TO-S-2021-1435 (IP=97,CA)
216.98.212.9	32	TLM	None	2021-06-10 00:00:00	2021-12-10 00:00:00	None	HIVE CASE #5606 TO-S-2021-1338
217.100.121.210	24	RR	None	2021-06-06 00:00:00	2021-09-04 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - Web Attacks (IP=210,NL)
217.105.187.132	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	NL TO-S-2020-0298 Malicious Email Activity
217.11.187.0	24	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=0,TJ)
217.11.249.145	32	dbc	None	2020-09-17 00:00:00	2021-09-17 00:00:00	None	CZ TO-S-2020-0805 Malicious Email Activity
217.11.48.221	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	DE TO-S-2020-0698 Malicious Email Activity
217.112.164.220	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	CZ TO-S-2020-0331 Malicious Web Application Activity
217.112.83.246	24	SW	None	2021-09-07 00:00:00	2021-12-06 00:00:00	None	Apache Struts 2 ConversionErrorInterceptor OGNL Script Injection (IP=246, GB)
217.112.83.80	24	EE	None	2021-03-27 00:00:00	2021-06-25 00:00:00	None	SERVER WEBAPP JBoss admin-console access - Web Attacks (IP=80,GB)
217.112.91.184	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	GB TO-S-2020-0459 Malware Activity
217.115.209.94	24	EE	None	2021-04-08 00:00:00	2021-07-07 00:00:00	None	SERVER-WEBAPP Liferay arbitrary Java object deserialization attempt - Web Attack (IP=94,RO)
217.115.80.0	20	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	RU TO-S-2020-0331 Malicious Web Application Activity
217.116.197.156	24	RB	None	2021-04-01 00:00:00	2021-06-30 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=156,TR)
217.116.24.168	24	BMP	None	2021-01-14 00:00:00	2021-04-14 00:00:00	None	INDICATOR-COMPROMISE PHP backdoor communication attempt (1:50950:1) - FirePower (IP=168,ES)
217.117.113.219	24	SW	None	2021-06-01 00:00:00	2021-08-30 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - Web Attacks(IP=219,RU)
217.118.62.91	32	wmp	None	2021-03-02 00:00:00	2021-06-02 00:00:00	None	Firepower Suspicious Scan Activity (IP=91,NO)
217.119.126.201	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	SK TO-S-2020-0298 Malicious Email Activity
217.119.126.40	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	SK TO-S-2020-0303 Malicious Email Activity
217.120.241.221	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	NL TO-S-2020-0459 Malware Activity
217.138.206.85	32	DT	None	2021-09-20 00:00:00	2021-12-21 00:00:00	None	SQL injection - Web Attacks (IP=85,US)
217.144.104.0	24	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,IR)
217.145.192.138	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	SK TO-S-2020-0331 Malicious Web Application Activity
217.146.13.0	24	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	AT Hive Case 4187 TO-S-2021-0898 Malicious Web Application Activity
217.146.82.182	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	GB Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
217.146.91.100	32	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	GB TO-S-2020-0838 Malicious Email Activity
217.147.0.0	22	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	IL Hive Case 4237 TO-S-2021-0910 Malicious Reconnaissance Activity
217.149.2.219	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	ES Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
217.16.182.215	32	TLM	None	2021-06-17 00:00:00	2021-12-17 00:00:00	None	HIVE Case #5644 TO-S-2021-1352 (IP=215,CZ)
217.160.0.156	32	dbc	None	2020-03-24 00:00:00	2021-03-24 00:00:00	None	DE TO-S-2020-0369 Malicious Email Activity
217.160.0.197	32	dbc	None	2020-05-13 00:00:00	2021-05-13 00:00:00	None	Unaffiliated TO-S-2020-0503 Malicious Email Activity
217.160.0.200	32	dbc	None	2020-09-17 00:00:00	2021-09-17 00:00:00	None	DE TO-S-2020-0805 Malicious Email Activity
217.160.0.27	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	DE Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
217.160.0.27	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	DE Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
217.160.0.27	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	DE Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
217.160.0.37	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	US TO-S-2020-0698 Malicious Email Activity
217.160.0.41	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	DE TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
217.160.0.41	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	DE TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
217.160.0.43	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	DE TO-S-2020-0698 Malicious Email Activity
217.160.0.62	32	NAB	None	2021-04-05 00:00:00	2021-07-04 00:00:00	None	HIVE Case #5201 TO-S-21-1209 (IP=62,DE)
217.160.0.75	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	DE Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
217.160.0.75	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	DE Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
217.160.0.75	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	DE Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
217.160.177.89	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	DE TO-S-2020-0459 Malware Activity
217.160.191.241	24	BB	None	2021-07-24 00:00:00	2021-10-22 00:00:00	None	SQL injection - Web Attacks (IP=241,DE)
217.160.193.45	24	RT	None	2021-09-03 00:00:00	2021-12-02 00:00:00	None	SERVER-WEBAPP Atlassian OAuth plugin multiple versions server side request forgery attempt (1:46898:1) - SOURCEFIRE REPORT (IP=45,DE)
217.160.40.104	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	FR TO-S-2020-0298 Malware Activity
217.160.40.144	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	FR TO-S-2020-0298 Malware Activity
217.160.40.156	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	FR TO-S-2020-0298 Malware Activity
217.160.40.207	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	FR TO-S-2020-0298 Malware Activity
217.160.40.59	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	FR TO-S-2020-0298 Malware Activity
217.160.41.249	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	DE TO-S-2020-0298 Malware Activity
217.160.56.222	24	KD	None	2021-09-05 00:00:00	2021-12-04 00:00:00	None	SQL injection- Web Attacks (IP=222,DE)
217.160.65.177	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=177,DE)
217.162.110.79	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	CH TO-S-2020-0459 Malware Activity
217.163.11.59	24	DT	None	2021-03-14 00:00:00	2021-06-14 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=59,GB)
217.165.3.198	24	RR	None	2021-03-06 00:00:00	2021-06-04 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - SourceFire (IP=198,AE)
217.169.80.0	20	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	RU TO-S-2020-0331 Command and Control Exploit
217.17.242.196	24	BMP	None	2021-01-20 00:00:00	2021-04-20 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6hr Failed Logons (IP=196,BH)
217.170.197.89	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	NO TO-S-2020-0298 Malicious Email Activity
217.171.147.164	24	GM	None	2021-04-14 00:00:00	2021-08-15 00:00:00	None	SQL injection - Web Attacks (IP=164,RU) | updated by RB Block expiration extended with reason SQL injection - 6hr web attacks (IP=164,RU)
217.171.25.177	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	FR TO-S-2020-0459 Malware Activity
217.171.93.0	24	dbc	None	2020-08-26 00:00:00	2021-08-26 00:00:00	None	CD TO-S-2020-0758 Malware Activity
217.174.160.0	20	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	RU TO-S-2020-0331 Malicious Web Application Activity
217.174.230.198	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	TM TO-S-2021-0941 Hive Case 4361 Malware Activity
217.18.128.0	19	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	RU Hive Case 4187 TO-S-2021-0898 Malware Activity
217.18.65.44	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	NL TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
217.182.147.107	24	EE	None	2021-04-06 00:00:00	2021-07-05 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - Sourcefire (IP=107,NL)
217.182.156.218	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	FR TO-S-2020-0535 Malware Activity
217.182.171.4	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	FR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
217.182.219.181	32	BB	None	2021-09-07 00:00:00	2021-12-06 00:00:00	None	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script - TT# 21C01773 (IP=181,US)
217.182.230.15	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	FR TO-S-2020-0750 Malicious Service Distruption Activity
217.182.235.1	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	FR TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
217.182.250.173	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	FR TO-S-2020-0459 Malware Activity
217.182.252.150	24	KH	None	2021-07-21 00:00:00	2021-10-19 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - 6 hr Web Attacks (IP=150,FR)
217.182.7.128	28	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	LT TO-S-2020-0459 Malware Activity
217.182.78.253	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	FR Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
217.182.81.140	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	FR TO-S-2020-0459 Malware Activity
217.182.87.247	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	FR TO-S-2020-0459 Malware Activity
217.198.115.56	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=56,CZ)
217.199.160.224	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	GB TO-S-2021-0876 Hive Case 4166 Malware Activity
217.199.187.58	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	GB Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
217.20.119.40	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	DE TO-S-2020-0303 Malicious Web Application Activity
217.20.144.0	20	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	RU TO-S-2020-0322 Malware Activity
217.20.176.0	20	kmw	None	2020-01-02 00:00:00	2021-01-02 00:00:00	None	UA TO-S-2020-0228 Malicious Web Application Activity
217.23.3.92	32	wmp	None	2021-05-10 00:00:00	2021-08-10 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=92,NL)
217.24.144.0	20	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	IR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
217.24.16.0	20	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	RS TO-S-2020-0838 Malicious Email Activity
217.24.160.0	20	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	UA TO-S-2020-0331 Malicious Web Application Activity
217.247.37.16	24	RR	None	2021-05-01 00:00:00	2021-07-30 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - SourceFire (IP=16,DE)
217.26.32.0	21	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5629 TO-S-2021-1303 (IP=0,CH)
217.26.48.0	20	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	CH TO-S-2020-0838 Malicious Email Activity
217.26.52.28	32	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	CH TO-S-2020-0315 Malicious Email Activity
217.27.144.0	20	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	GB TO-S-2020-0303 Malicious Email Activity
217.27.77.100	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	IT TO-S-2020-0459 Malware Activity
217.29.208.0	20	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	ZA Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
217.30.171.59	24	RR	None	2021-05-19 00:00:00	2021-08-17 00:00:00	None	FTP Login Failed - Web Attacks (IP=59,UZ)
217.43.32.36	24	BMP	None	2021-02-11 00:00:00	2021-05-11 00:00:00	None	SQL injection - 6 HR Web Attacks (IP=36,GB)
217.5.157.27	24	RR	None	2021-02-08 00:00:00	2021-05-09 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt (1:37078:4) - SourceFire (IP=27,DE)
217.56.64.9	24	BMP	None	2021-04-01 00:00:00	2021-06-30 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=9,IT)
217.58.235.75	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	IT Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
217.58.35.193	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	IT TO-S-2020-0493 Malware Activity
217.58.61.47	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	IT Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
217.58.61.49	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	IT TO-S-2020-0493 Malware Activity
217.61.3.117	32	dbc	None	2020-06-10 00:00:00	2021-06-10 00:00:00	None	Unaffiliated TO-S-2020-0601 Malicious Email Activity
217.61.98.69	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	FR TO-S-2020-0298 Malicious Email Activity
217.64.128.0	20	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	RU TO-S-2020-0298 Malicious Email Activity
217.64.195.215	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	IT TO-S-2020-0750 Malicious Email Activity
217.64.195.242	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	IT TO-S-2020-0535 Malicious Email Activity
217.66.226.0	24	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	PS TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
217.69.0.81	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=81,FR)
217.70.176.0	20	TLM	None	2021-07-29 00:00:00	2021-10-27 00:00:00	None	HIVE Case #5884 TO-S-2021-1435 (IP=0,FR)
217.70.186.114	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	FR TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
217.72.11.141	24	GM	None	2020-11-04 00:00:00	2021-02-04 00:00:00	None	FTP Login Failed - Failed Logons (IP=141,RU)
217.73.181.180	24	EE	None	2021-03-27 00:00:00	2021-06-25 00:00:00	None	SERVER-WEBAPP JBoss JMXInvokerServlet access attempt (1:24343:4) - SourceFire (IP=180,PO)
217.76.130.116	32	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	ES TO-S-2020-0838 Malicious Email Activity
217.76.130.122	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	ES Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
217.76.130.122	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	ES Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
217.76.130.122	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	ES Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
217.76.130.140	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	ES Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
217.76.130.164	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	ES Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
217.76.132.239	32	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	ES TO-S-2020-0838 Malicious Email Activity
217.76.142.209	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	ES Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
217.76.142.209	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	ES Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
217.76.142.209	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	ES Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
217.76.150.113	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	ES TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
217.76.150.19	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	ES TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
217.78.142.42	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	DE TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
217.78.245.4	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	NL TO-S-2020-0750 Malicious Email Activity
217.78.248.149	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	NL TO-S-2020-0750 Malicious Email Activity
217.79.155.34	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	PL TO-S-2020-0698 unknown activity
217.79.16.0	20	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	RU TO-S-2020-0298 Malicious Email Activity
217.79.178.147	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	DE TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
217.79.178.147	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	DE TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
217.79.178.53	32	RR	None	2021-03-09 00:00:00	2021-06-07 00:00:00	None	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00604 (IP=53,DE)
217.79.178.55	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	DE TO-S-2021-1007 Malicious Email Activity
217.91.93.61	32	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5629 TO-S-2021-1303 (IP=61,DE)
218.101.202.186	32	srm	None	2021-01-29 00:00:00	2021-04-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=186,KR)
218.102.100.128	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	HK TO-S-2020-0331 Malicious Web Application Activity
218.104.225.147	24	RW	None	2021-03-08 00:00:00	2021-06-08 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=147,CN)
218.104.69.115	24	FT	None	2021-02-25 00:00:00	2021-05-25 00:00:00	None	HTTP: SQL Injection Attempt Detected - Web Attacks (IP=115,CN)
218.144.113.26	32	srm	None	2021-01-29 00:00:00	2021-04-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=26,KR)
218.144.210.230	24	CR	None	2021-05-31 00:00:00	2021-08-29 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=230,KR)
218.144.62.85	32	srm	None	2021-01-29 00:00:00	2021-04-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=85,KR)
218.149.202.187	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	KR TO-S-2020-0331 Malicious Web Application Activity
218.15.121.202	24	BMP	None	2021-02-17 00:00:00	2021-05-16 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr Web Attacks (IP=202,CN)
218.150.17.115	32	srm	None	2021-01-29 00:00:00	2021-04-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=115,KR)
218.152.233.53	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	KR TO-S-2020-0331 Malicious Web Application Activity
218.155.249.137	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	KR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
218.158.186.8	32	srm	None	2021-01-29 00:00:00	2021-04-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=8,KR)
218.159.16.164	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	KR TO-S-2020-0303 Malicious Email Activity
218.173.161.204	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	TW TO-S-2021-0876 Hive Case 4166 Malware Activity
218.18.90.91	24	BMP	None	2021-03-08 00:00:00	2021-06-08 00:00:00	None	INDICATOR-COMPROMISE PHP backdoor communication attempt - SourceFire (IP=91,CN)
218.187.85.14	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	TW TO-S-2020-0303 Malicious Email Activity
218.188.144.0	20	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	HK TO-S-2021-0876 Hive Case 4166 Malware Activity
218.188.16.72	32	FT	None	2020-10-04 00:00:00	2021-01-04 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 21C00027 (IP=72,HK)
218.190.224.147	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	HK TO-S-2020-0331 Malicious Web Application Activity
218.2.106.125	24	DT	None	2020-09-11 00:00:00	2021-08-12 00:00:00	None	SERVER-WEBAPP Zeroshell Linux Router command injection attempt - Web Attacks (IP=125,CN) | updated by RR Block was inactive. Reactivated on 20210511 with reason SERVER-WEBAPP Zeroshell Linux Router command injection attempt - Web Attacks (IP=125,CN) |
218.2.40.34	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=34,CN)
218.211.168.178	24	BMP	None	2021-02-20 00:00:00	2021-05-20 00:00:00	None	FTP Login Failed - 6hr Failed Logons (IP=178,TW)
218.212.33.13	32	jkc	None	2020-06-26 00:00:00	2021-06-26 00:00:00	None	Case # 3146 - IOC_ CTO 20-172 malicious callback IP (ip=13,SG)
218.224.35.245	24	ZH	None	2021-08-27 00:00:00	2021-11-25 00:00:00	None	TO-S-2021-1497 / Pulse Rpt 175393-21 - TT# 21C01622 (IP=245,JP)
218.23.236.23	32	wmp	None	2021-01-27 00:00:00	2021-04-27 00:00:00	None	Firepower Suspicious Scan Activity (IP=23,CN)
218.236.49.9	32	dbc	None	2020-03-24 00:00:00	2021-03-24 00:00:00	None	KR TO-S-2020-0369 Malicious Web Application Activity
218.237.204.87	24	CR	None	2021-06-29 00:00:00	2021-09-27 00:00:00	None	ESM High Attacker Suspicious Scan Activity (IP=87,KR)
218.238.246.3	32	srm	None	2021-01-29 00:00:00	2021-04-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=3,KR)
218.244.148.170	32	srm	None	2021-03-30 00:00:00	2021-06-30 00:00:00	None	Firepower Suspicious Scan Activity (IP=170,CN)
218.244.158.17	24	RW	None	2021-03-07 00:00:00	2021-06-07 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6 hr failed logons (IP=17,CN)
218.253.251.90	24	CR	None	2021-05-18 00:00:00	2021-08-16 00:00:00	None	Masscan TCP Port Scanner - IPS Events (IP=90,HK)
218.27.73.227	24	GM	None	2021-03-09 00:00:00	2021-06-07 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=277,CN)
218.28.160.174	24	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepwer Suspicious Scan Activity (IP=174,CN)
218.28.225.147	24	RW	None	2021-03-25 00:00:00	2021-06-25 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=147,CN)
218.29.195.156	24	GM	None	2020-10-31 00:00:00	2021-01-31 00:00:00	None	Generic URI Injection wget Attempt - FireEye CMS (IP=156,CN)
218.3.47.219	24	GM	None	2021-01-03 00:00:00	2021-04-03 00:00:00	None	HTTP: SQL Injection Attempt Detected - Web Attacks (IP=219,CN)
218.3.96.227	24	GM	None	2021-03-11 00:00:00	2021-06-11 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=227,CN)
218.35.204.131	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	TW Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
218.5.70.52	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=52,CN)
218.57.55.87	32	wmp	None	2021-01-27 00:00:00	2021-04-27 00:00:00	None	Firepower Suspicious Scan Activity (IP=87,CN)
218.59.116.203	32	wmp	None	2021-01-27 00:00:00	2021-04-27 00:00:00	None	Firepower Suspicious Scan Activity (IP=203,CN)
218.65.30.61	32	FT	None	2021-04-13 00:00:00	2021-07-12 00:00:00	None	Attempted Access - Inbound Brute Force - TT# 21C01003 (IP=61,CN)
218.65.83.118	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=118,CN)
218.68.17.162	24	EE	None	2020-12-31 00:00:00	2021-03-31 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr Web attacks (IP=162,CN)
218.69.96.188	24	GM	None	2020-11-05 00:00:00	2021-02-05 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Sourcefire (IP=188,CN)
218.72.248.42	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=42,CN)
218.75.149.221	24	GM	None	2021-01-02 00:00:00	2021-04-02 00:00:00	None	SERVER-WEBAPP LifeRay arbitrary Java object deserialization attempt - Sourcefire (IP=221,CN)
218.75.16.202	24	RW	None	2020-10-18 00:00:00	2021-01-18 00:00:00	None	Authentication Failed - 6hr Failed Logon (IP=202,CN)
218.76.223.50	24	RR	None	2020-03-06 00:00:00	2021-09-02 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=50,CN) | updated by BMP Block was inactive. Reactivated on 20210604 with reason HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr Web Attacks (IP=50,CN)
218.78.106.179	24	FT	None	2021-03-05 00:00:00	2021-06-03 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6 HR Web Attacks (IP=179,CN)
218.78.3.239	24	EE	None	2021-03-12 00:00:00	2021-06-10 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=239,CN)
218.79.103.159	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=159,CN)
218.92.173.58	24	DT	None	2021-01-28 00:00:00	2021-04-28 00:00:00	None	HTTP: SQL Injection Attempt Detected - 6hr Web Attacks (IP=58,CN)
218.92.173.58	32	wmp	None	2021-01-27 00:00:00	2021-04-27 00:00:00	None	Suspicious Scan Activity (IP=58,CN)
218.93.207.84	24	RR	None	2020-12-06 00:00:00	2021-03-06 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - SourceFire (IP=84,CN)
218.94.27.101	24	RR	None	2021-05-31 00:00:00	2021-08-29 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=101,CN)
218.95.176.205	24	EE	None	2021-03-15 00:00:00	2021-06-13 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt - Web Attack (IP=205,CN)
219.100.37.242	24	KH	None	2021-07-27 00:00:00	2021-10-25 00:00:00	None	Nmap Scanner Traffic Detected - FE IPS (IP=242,JP)
219.137.229.181	24	AR	None	2021-07-10 00:00:00	2021-10-08 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=181,CN)
219.138.184.228	24	RR	None	2020-12-06 00:00:00	2021-03-06 00:00:00	None	HTTP: SQL Injection Attempt Detected - Web Attacks (IP=228,CN)
219.140.198.51	24	RR	None	2021-07-02 00:00:00	2021-09-30 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - SourceFire (IP=51,CN)
219.146.68.13	32	JKC	None	2020-06-11 00:00:00	2021-06-11 00:00:00	None	Malicious IP Hive Case 2987 COLS-NA TIP 20-0165 CTO 20-156 (ip=13, US)
219.149.212.74	24	RR	None	2020-11-08 00:00:00	2021-02-06 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=74,CN)
219.152.170.95	24	RR	None	2021-03-23 00:00:00	2021-06-21 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) -SourceFire (IP=95,CN)
219.154.138.203	24	GM	None	2020-10-25 00:00:00	2021-01-25 00:00:00	None	Generic URI Injection wget Attempt - FireEye CMS (IP=203,CN)
219.154.204.156	24	RR	None	2020-11-08 00:00:00	2021-02-06 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - SourceFire (IP=156,CN)
219.155.101.207	32	wmp	None	2021-01-27 00:00:00	2021-04-27 00:00:00	None	Firepower Suspicious Scan Activity (IP=207,CN)
219.155.23.87	32	wmp	None	2021-01-27 00:00:00	2021-04-27 00:00:00	None	Firepower Suspicious Scan Activity (IP=87,CN)
219.155.239.201	32	srm	None	2021-04-26 00:00:00	2021-07-25 00:00:00	None	Firepower Suspicious Scan Activity (IP=201,CN)
219.155.26.37	32	srm	None	2021-03-30 00:00:00	2021-06-30 00:00:00	None	Firepower Suspicious Scan Activity (IP=37,CN)
219.155.30.209	24	GM	None	2020-12-08 00:00:00	2021-03-08 00:00:00	None	Generic URI Injection wget Attempt - FireEye CMS (IP=209,CN)
219.155.31.67	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=67,CN)
219.155.97.20	32	srm	None	2021-05-19 00:00:00	2021-08-17 00:00:00	None	Firepower Suspicious Scan Activity (IP=20,CN)
219.156.67.189	32	srm	None	2021-03-30 00:00:00	2021-06-30 00:00:00	None	Firepower Suspicious Scan Activity (IP=189,CN)
219.157.132.67	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=67,CN)
219.157.139.165	24	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepwer Suspicious Scan Activity (IP=165,CN)
219.157.150.91	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=91,CN)
219.157.170.222	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	HIVE Case #Firepower Firepower (IP=222,CN)
219.157.178.235	32	srm	None	2021-05-05 00:00:00	2021-08-03 00:00:00	None	Firepower Suspicious Scan Activity (IP=235,CN)
219.157.215.139	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=139,CN)
219.157.243.106	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=106,CN)
219.157.248.18	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=18,CN)
219.157.26.39	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=39,CN)
219.157.64.9	32	srm	None	2021-05-19 00:00:00	2021-08-17 00:00:00	None	Firepower Suspicious Scan Activity (IP=9,CN)
219.232.114.126	24	RB	None	2021-04-06 00:00:00	2021-07-06 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr web attacks (IP=126,CN) | updated by RR Block expiration extended with reason SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=126,CN)
219.232.6.170	24	EE	None	2021-03-28 00:00:00	2021-06-26 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=170,CN)
219.237.82.193	24	DT	None	2021-08-26 00:00:00	2021-11-24 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - Failed Logons (IP=193,CN)
219.238.244.203	24	RW	None	2020-12-27 00:00:00	2021-03-27 00:00:00	None	Hello Peppa Scan - Fireeye IPS (IP=203,CN)
219.239.21.79	24	RB	None	2020-10-19 00:00:00	2021-01-17 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr web attacks (IP=79,CN)
219.241.6.180	32	srm	None	2021-01-29 00:00:00	2021-04-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=180,KR)
219.65.48.0	21	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	IN TO-S-2021-0876 Hive Case 4166 Malware Activity
219.80.160.0	19	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	TW Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
219.84.106.91	32	srm	None	2021-01-29 00:00:00	2021-04-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=91,TW)
219.85.145.194	32	srm	None	2021-01-29 00:00:00	2021-04-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=194,TW)
219.85.32.0	19	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	TW TO-S-2020-0750 Malicious Email Activity
219.85.63.139	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	TW TO-S-2020-0298 Malicious Email Activity
219.91.158.218	32	dbc	None	2020-01-08 00:00:00	2021-01-08 00:00:00	None	IN TO-S-2020-0236 Malicious Reconnaissance Activity
219.91.207.0	24	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	IN Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
219.91.213.105	32	BMP	None	2021-03-07 00:00:00	2021-06-07 00:00:00	None	HTTP: Apache Struts2 Remote Command Execution Vulnerability - TT# 21C00560 (IP=105,IN)
219.91.232.58	24	RR	None	2021-02-03 00:00:00	2021-05-04 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - Failed Logon (IP=58,IN)
219.91.237.0	24	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	IN TO-S-2020-0298 Malicious Email Activity
219.92.13.25	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	MY TO-S-2021-0876 Hive Case 4166 Malware Activity
219.92.59.49	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	MY TO-S-2020-0298 Malicious Email Activity
219.92.8.17	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	MY TO-S-2021-0876 Hive Case 4166 Malware Activity
219.92.8.20	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	MY TO-S-2020-0303 Malicious Email Activity
219.93.108.197	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	MY TO-S-2020-0303 Malicious Email Activity
219.93.121.22	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=22,MY)
219.99.169.49	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	JP TO-S-2020-0459 Malware Activity
22.133.244.245	32	TLM	None	2021-09-24 00:00:00	2021-09-24 00:00:00	None	HIVE Case #6237 CTO 21-266 (IP=245,US) | IP did not get blocked - wpcigrtr2#sh ip access-list EXTERNAL-IN-0622
220.100.64.106	24	BMP	None	2021-03-25 00:00:00	2021-06-23 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - SourceFire (IP=106,JP)
220.110.176.139	24	BMP	None	2021-07-04 00:00:00	2021-10-02 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=139,JP)
220.118.168.155	32	srm	None	2021-01-29 00:00:00	2021-04-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=155,KR)
220.120.15.27	32	srm	None	2021-01-29 00:00:00	2021-04-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=27,KR)
220.122.253.188	32	srm	None	2021-01-29 00:00:00	2021-04-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=188,KR)
220.123.177.160	32	srm	None	2021-01-29 00:00:00	2021-04-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=160,KR)
220.123.207.185	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	KR TO-S-2020-0331 Malware Activity
220.124.239.208	32	srm	None	2021-01-29 00:00:00	2021-04-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=208,KR)
220.125.119.207	32	srm	None	2021-01-29 00:00:00	2021-04-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=207,KR)
220.125.223.105	32	srm	None	2021-05-04 00:00:00	2021-08-02 00:00:00	None	Firepower Suspicious Scan Activity (IP=105,KR)
220.126.0.111	32	dbc	None	2020-06-08 00:00:00	2021-06-08 00:00:00	None	KR TO-S-2020-0592 Malware Activity
220.126.112.229	32	srm	None	2021-01-29 00:00:00	2021-04-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=229,KR)
220.132.247.7	32	srm	None	2021-01-29 00:00:00	2021-04-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=7,TW)
220.133.204.94	24	BMP	None	2020-11-06 00:00:00	2021-02-05 00:00:00	None	OS-OTHER Bash CGI environment variable injection attempt - 6hr Web Attacks (IP=94,TW)
220.133.205.133	32	TLM	None	2021-06-17 00:00:00	2021-12-17 00:00:00	None	HIVE Case #5644 TO-S-2021-1352 (IP=133,TW)
220.133.53.34	24	FT	None	2020-11-04 00:00:00	2021-02-04 00:00:00	None	OS-OTHER Bash CGI environment variable injection attempt - 6hr Web Attacks (IP=34,TW)
220.134.146.95	24	KH	None	2021-08-27 00:00:00	2021-11-25 00:00:00	None	Repeated command execution attempts - multiple reports (IP=95,TW)
220.135.21.33	24	GM	None	2020-12-27 00:00:00	2021-03-27 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - Web Attacks (IP=33,TW)
220.135.237.252	24	RR	None	2020-11-25 00:00:00	2021-02-23 00:00:00	None	OS-OTHER Bash CGI environment variable injection attempt - Web Attacks (IP=252,TW)
220.135.61.168	24	RW	None	2020-10-30 00:00:00	2021-01-30 00:00:00	None	OS-OTHER Bash CGI environment variable injection attempt - Sourcefire (IP=168,TW)
220.141.103.100	32	TLM	None	2021-06-10 00:00:00	2021-12-10 00:00:00	None	HIVE CASE #5606 TO-S-2021-1338
220.144.138.107	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	JP Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
220.148.158.132	24	RB	None	2021-02-07 00:00:00	2021-05-08 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr web Attacks (IP=132,JP)
220.158.200.0	24	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=0,MY)
220.173.160.185	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=185,CN)
220.174.25.172	32	BMP	None	2021-07-15 00:00:00	2021-10-13 00:00:00	None	Attempted Access - Inbound Brute Force - TT# Paper ticket (1) (IP=172,CN)
220.178.115.202	32	BMP	None	2020-10-11 00:00:00	2021-01-11 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 21C00102 (IP=202,CN)
220.202.12.149	24	RR	None	2021-05-23 00:00:00	2021-08-21 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - SourceFire (IP=149,CN)
220.231.112.0	22	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	VN TO-S-2021-0989 Hive Case # 4493 Malware Activity
220.233.114.66	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=66,AU)
220.233.56.131	24	RW	None	2021-04-02 00:00:00	2021-07-02 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr web attacks (IP=131,BR)
220.238.220.85	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	AU Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
220.241.46.225	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=225,HK)
220.244.75.3	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	AU TO-S-2020-0331 Malicious Web Application Activity
220.247.174.162	24	RR	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=162,ID)
220.249.112.170	24	RB	None	2020-11-26 00:00:00	2021-02-24 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - 6hr web attacks (IP=170,CN)
220.254.198.228	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	JP TO-S-2021-0876 Hive Case 4166 Malware Activity
220.71.140.168	32	srm	None	2021-01-29 00:00:00	2021-04-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=168,KR)
220.71.239.115	32	srm	None	2021-01-29 00:00:00	2021-04-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=115,KR)
220.72.87.151	32	srm	None	2021-01-29 00:00:00	2021-04-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=151,KR)
220.81.118.211	32	srm	None	2021-01-29 00:00:00	2021-04-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=211,KR)
220.85.155.210	32	srm	None	2021-01-29 00:00:00	2021-04-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=210,KR)
220.87.77.126	24	DT	None	2021-03-30 00:00:00	2021-06-28 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=126,KR)
220.90.159.35	32	srm	None	2021-01-29 00:00:00	2021-04-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=35,KR)
220.94.230.72	24	RW	None	2020-12-09 00:00:00	2021-03-09 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 12 hour ET Scans (IP=72,KR)
220.95.42.60	24	RT	None	2021-09-03 00:00:00	2021-12-02 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - 6HR Web Attack (IP=60,KR)
221.10.118.134	24	DT	None	2020-12-29 00:00:00	2021-03-29 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=134,CN)
221.10.66.195	32	srm	None	2021-04-07 00:00:00	2021-07-07 00:00:00	None	Firepower Suspicious Scan Activity (IP=195,CN)
221.122.93.139	24	BB	None	2021-08-17 00:00:00	2021-11-15 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=139,CN)
221.122.93.227	32	wmp	None	2021-01-27 00:00:00	2021-04-27 00:00:00	None	Firepower Suspicious Scan Activity (IP=227,CN)
221.13.250.64	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	HIVE Case #Firepower Firepower (IP=64,CN)
221.131.165.87	32	wmp	None	2021-03-09 00:00:00	2021-06-09 00:00:00	None	ArcSight ESM High Attacker (IP=87,CN)
221.135.97.211	32	srm	None	2021-01-29 00:00:00	2021-04-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=211,IN)
221.15.170.90	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=90,CN)
221.15.226.92	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=92,CN)
221.15.252.166	32	wmp	None	2021-01-27 00:00:00	2021-04-27 00:00:00	None	Firepower Suspicious Scan Activity (IP=166,CN)
221.15.7.240	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=240,CN)
221.150.116.43	32	srm	None	2021-01-29 00:00:00	2021-04-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=43,KR)
221.150.127.106	32	NAB	None	2021-05-04 00:00:00	2021-11-04 00:00:00	None	HIVE Case #5344 TO-S-21-1245 (IP=106,KR)
221.153.164.8	32	KH	None	2021-09-12 00:00:00	2021-12-11 00:00:00	None	Attempted Access - Inbound Brute Force - TT# 21C01829 (IP=8,KR)
221.157.35.51	32	srm	None	2021-01-29 00:00:00	2021-04-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=51,KR)
221.160.115.22	32	srm	None	2021-01-29 00:00:00	2021-04-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=22,KR)
221.166.237.100	24	GM	None	2020-12-08 00:00:00	2021-03-08 00:00:00	None	Generic URI Injection wget Attempt - FireEye CMS (IP=100,KR)
221.192.230.70	24	BMP	None	2021-05-25 00:00:00	2021-08-23 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=70,CN)
221.195.31.210	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=210,CN)
221.202.122.253	24	KH	None	2021-09-04 00:00:00	2021-12-03 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=253,CN)
221.203.145.45	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=45,CN)
221.203.84.68	24	GM	None	2021-01-30 00:00:00	2021-04-30 00:00:00	None	Generic URI Injection wget Attempt - FireEye CMS (IP=68,CN)
221.208.254.9	24	WR	None	2021-06-27 00:00:00	2021-09-25 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (1:42857:3) - SourceFire (IP=9,CN)
221.214.133.93	24	RR	None	2021-03-23 00:00:00	2021-06-21 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) -SourceFire (IP=93,CN)
221.214.211.79	24	RR	None	2021-06-19 00:00:00	2021-09-17 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=79,CN)
221.214.254.224	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=224,CN)
221.215.116.167	32	srm	None	2021-03-30 00:00:00	2021-06-30 00:00:00	None	Firepower Suspicious Scan Activity (IP=167,CN)
221.215.184.31	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=31,CN)
221.215.207.161	32	wmp	None	2021-01-27 00:00:00	2021-04-27 00:00:00	None	Firepower Suspicious Scan Activity (IP=161,CN)
221.215.231.148	32	wmp	None	2021-01-27 00:00:00	2021-04-27 00:00:00	None	Firepower Suspicious Scan Activity (IP=148,CN)
221.215.8.64	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=64,CN)
221.220.129.228	24	BMP	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=228,CN)
221.224.28.51	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=51,CN)
221.226.21.180	24	RW	None	2021-03-25 00:00:00	2021-06-25 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr web attacks (IP=180,CN)
221.226.21.182	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=182,CN)
221.226.25.90	24	RR	None	2021-04-01 00:00:00	2021-06-30 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt -SourceFire (IP=90,CN)
221.232.1.82	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=82,CN)
221.235.74.235	32	srm	None	2021-04-30 00:00:00	2021-07-30 00:00:00	None	Firepower Suspicious Scan Activity (IP=235,CN)
221.235.75.186	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=186,CN)
221.237.143.142	24	RB	None	2021-03-24 00:00:00	2021-06-22 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr web attack (IP=142,CN)
221.237.30.194	24	GM	None	2020-12-19 00:00:00	2021-03-19 00:00:00	None	Generic URI Injection wget Attempt - FireEye CMS (IP=194,CN)
221.3.21.3	32	wmp	None	2021-01-27 00:00:00	2021-04-27 00:00:00	None	Firepower Suspicious Scan Activity (IP=3,CN)
221.3.32.88	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=88,CN)
221.3.68.16	32	wmp	None	2021-01-27 00:00:00	2021-04-27 00:00:00	None	Firepower Suspicious Scan Activity (IP=16,CN)
221.3.77.21	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=21,CN)
221.4.133.52	32	RW	None	2020-10-17 00:00:00	2021-01-17 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 21C00137 (IP=52,CN)
221.4.211.230	24	RR	None	2021-03-02 00:00:00	2021-05-31 00:00:00	None	SSH2 Failed Login Attempt - Failed Logons (IP=230,CN)
221.5.62.137	24	KH	None	2021-08-17 00:00:00	2021-11-15 00:00:00	None	Generic URI Injection wget Attempt -
221.6.109.74	24	RB	None	2020-11-02 00:00:00	2021-01-31 00:00:00	None	SERVER-WEBAPP vBulletin pre-authenticated command injection attempt - 6hr web attacks (IP=74,CN)
221.6.27.46	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=46,CN)
222.101.161.15	32	srm	None	2021-01-29 00:00:00	2021-04-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=15,KR)
222.102.125.183	32	srm	None	2021-01-29 00:00:00	2021-04-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=183,KR)
222.102.4.25	24	RW	None	2021-03-25 00:00:00	2021-06-25 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr web attacks (IP=25,KR)
222.104.247.109	32	srm	None	2021-01-29 00:00:00	2021-04-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=109,KR)
222.108.213.43	32	srm	None	2021-01-29 00:00:00	2021-04-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=43,KR)
222.110.59.204	24	AR	None	2021-08-21 00:00:00	2021-11-19 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - 6Hr Web Attack (IP=204,KR)
222.112.116.171	24	RW	None	2021-06-29 00:00:00	2021-09-27 00:00:00	None	SSH User Authentication Brute Force Attempt - 6hr failed logons (IP=171,KR)
222.112.167.189	24	WR	None	2021-07-26 00:00:00	2021-10-24 00:00:00	None	Self-report - URL variable string manipulation including SQL - TT# 21C01480 (IP=189,KR)
222.113.252.68	32	srm	None	2021-01-29 00:00:00	2021-04-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=68,KR)
222.114.128.213	32	srm	None	2021-01-29 00:00:00	2021-04-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=213,KR)
222.120.62.20	32	srm	None	2021-01-29 00:00:00	2021-04-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=20,KR)
222.124.122.216	24	DT	None	2021-03-14 00:00:00	2021-06-14 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=216,ID)
222.124.124.0	22	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	ID Hive Case 4237 TO-S-2021-0910 Malware Activity
222.124.129.170	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	ID TO-S-2020-0298 Malicious Email Activity
222.124.176.0	22	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	ID TO-S-2020-0331 Malicious Web Application Activity
222.127.137.130	24	RR	None	2021-04-01 00:00:00	2021-07-01 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt -SourceFire (IP=130,PH) | updated by BMP Block expiration extended with reason SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=130,PH)
222.128.14.120	24	RW	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Sourcefire (IP=26,CN)
222.133.105.87	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=87,CN)
222.133.27.94	24	FT	None	2021-03-03 00:00:00	2021-06-02 00:00:00	None	FTP Login Failed - 6hr Failed Logons (IP=94,CN)
222.133.66.210	32	wmp	None	2021-01-27 00:00:00	2021-04-27 00:00:00	None	Firepower Suspicious Scan Activity (IP=210,CN)
222.133.69.109	32	srm	None	2021-04-07 00:00:00	2021-07-07 00:00:00	None	Firepower Suspicious Scan Activity (IP=109,CN)
222.134.31.199	32	wmp	None	2021-01-27 00:00:00	2021-04-27 00:00:00	None	Firepower Suspicious Scan Activity (IP=199,CN)
222.135.135.94	24	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepwer Suspicious Scan Activity (IP=94,CN)
222.136.167.201	32	wmp	None	2021-01-27 00:00:00	2021-04-27 00:00:00	None	Firepower Suspicious Scan Activity (IP=201,CN)
222.136.53.227	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=227,CN)
222.137.1.252	32	wmp	None	2021-01-27 00:00:00	2021-04-27 00:00:00	None	Firepower Suspicious Scan Activity (IP=252,CN)
222.137.122.105	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=105,CN)
222.137.123.82	24	SW	None	2021-06-01 00:00:00	2021-08-30 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Web Attacks(IP=82,CN)
222.137.156.205	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=205,CN)
222.137.162.235	24	GM	None	2020-11-28 00:00:00	2021-02-28 00:00:00	None	Generic URI Injection wget Attempt - FireEye CMS (IP=235,CN)
222.137.163.49	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=49,CN)
222.137.172.180	32	NAB	None	2021-04-05 00:00:00	2021-07-04 00:00:00	None	HIVE Case #5201 TO-S-21-1209 (IP=180,CN)
222.137.23.51	24	BB	None	2021-07-13 00:00:00	2021-10-11 00:00:00	None	SERVER-WEBAPP GPON Routerauthentication bypass and command injection attempt - Web Attacks (IP=51,CN)
222.137.235.113	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=113,CN)
222.137.52.94	32	srm	None	2021-04-23 00:00:00	2021-07-22 00:00:00	None	Firepower Suspicious Scan Activity (IP=94,CN)
222.138.137.195	32	srm	None	2021-03-30 00:00:00	2021-06-30 00:00:00	None	Firepower Suspicious Scan Activity (IP=195,CN)
222.138.150.111	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=111,CN)
222.138.98.136	24	GM	None	2020-12-03 00:00:00	2021-03-03 00:00:00	None	Generic URI Injection wget Attempt - FireEye CMS (IP=136,CN)
222.139.120.175	24	GM	None	2021-03-03 00:00:00	2021-06-03 00:00:00	None	Generic URI Injection wget Attempt - FireEye CMS (IP=175,CN)
222.139.126.95	24	KH	None	2021-08-17 00:00:00	2021-11-15 00:00:00	None	Generic URI Injection wget Attempt
222.139.155.70	24	EE	None	2021-02-07 00:00:00	2021-05-08 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6 HR Web Attacks (IP=70,CN)
222.139.192.165	32	srm	None	2021-03-30 00:00:00	2021-06-30 00:00:00	None	Firepower Suspicious Scan Activity (IP=165,CN)
222.139.229.106	24	BB	None	2021-09-10 00:00:00	2021-12-09 00:00:00	None	Malicious.LIVE.DTI.URL - CMS (IP=106,CN)
222.141.13.170	24	SW	None	2021-06-09 00:00:00	2021-09-07 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Web Attacks(IP=170, CN)
222.141.164.51	32	wmp	None	2021-04-20 00:00:00	2021-07-20 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=51,CN)
222.141.47.193	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=193,CN)
222.141.60.208	24	GM	None	2020-12-25 00:00:00	2021-03-25 00:00:00	None	Generic URI Injection wget Attempt - FireEye CMS (IP=208,CN)
222.142.211.200	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=200,CN)
222.153.157.5	24	RW	None	2021-05-02 00:00:00	2021-08-02 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - Sourcefire (IP=5,NZ)
222.161.199.180	24	GM	None	2020-10-24 00:00:00	2021-01-24 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Web Attacks (IP=180,CN)
222.165.199.18	24	GM	None	2021-03-09 00:00:00	2021-06-07 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=18,ID)
222.165.212.0	24	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5637 TO-S-2021-1321 (IP=0,ID)
222.165.247.149	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	ID TO-S-2020-0303 Malicious Email Activity
222.168.30.19	24	DT	None	2021-07-12 00:00:00	2021-10-10 00:00:00	None	SSH2 Failed Login Attempt - 6 hr Failed Logons (IP=19,CN)
222.173.140.158	32	srm	None	2021-05-17 00:00:00	2021-08-15 00:00:00	None	Firepower Suspicious Scan Activity (IP=158,CN)
222.173.244.202	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=202,CN)
222.173.81.62	24	BMP	None	2021-03-08 00:00:00	2021-06-08 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=62,CN)
222.174.167.82	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=82,CN)
222.175.164.66	32	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5629 TO-S-2021-1303 (IP=66,CN)
222.179.215.189	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=189,CN)
222.179.236.254	24	EE	None	2021-03-19 00:00:00	2021-06-17 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attack (IP=254,CN)
222.186.136.150	24	RB	None	2021-02-17 00:00:00	2021-05-16 00:00:00	None	FOX-SRT - IOC - XServer/Agent - Possible XServer Start SOCKS5 Proxy mode - Sourcefire (IP=150,CN)
222.186.19.235	24	RW	None	2021-07-05 00:00:00	2021-10-03 00:00:00	None	FOX-SRT - IOC - XServer/Agent - Possible XServer Start SOCKS5 Proxy mode (ProxyTransmit) (1:21002457:1) - Sourcefire (IP=235,CN)
222.186.19.235	32	BB	None	2021-07-05 00:00:00	2021-10-03 00:00:00	None	SERVER-WEBAPP JBoss JMXInvokerServlet access attempt - SourceFire (IP=235,US)
222.187.238.57	24	RB	None	2020-12-07 00:00:00	2021-03-07 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - Sourcefire (IP=57,CN)
222.187.33.218	24	EE	None	2021-03-19 00:00:00	2021-06-17 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attack (IP=218,CN)
222.187.33.218	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=218,CN)
222.187.9.178	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=178,CN)
222.209.208.234	24	GM	None	2020-10-29 00:00:00	2021-01-29 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=234,CN)
222.210.93.208	24	RB	None	2021-03-24 00:00:00	2021-06-25 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - 6hr web attack (IP=208,KR) | updated by RW Block expiration extended with reason SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Sourcefire (IP=208,CN) SERVER-WEBAPP PHPUnit PHP remote
222.210.93.208	24	RW	None	2021-03-25 00:00:00	2021-06-25 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - 6hr web attack (IP=208,KR) | updated by RW Block expiration extended with reason SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Sourcefire (IP=208,CN) SERVER-WEBAPP PHPUnit PHP remote
222.214.204.210	24	DT	None	2020-12-29 00:00:00	2021-03-29 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=2,CN)
222.217.61.102	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=102,CN)
222.219.140.63	24	GM	None	2021-03-11 00:00:00	2021-06-11 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=63,CN)
222.219.73.41	24	SW	None	2021-06-17 00:00:00	2021-09-15 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt (1:19559:13) - Source Fire (IP=41,CN)
222.223.158.102	24	KD	None	2021-06-03 00:00:00	2021-09-04 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=102,CN)
222.223.231.140	24	AR	None	2021-07-18 00:00:00	2021-10-16 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=140,CN)
222.228.142.20	24	ZH	None	2021-08-27 00:00:00	2021-11-25 00:00:00	None	TO-S-2021-1497 / Pulse Rpt 175393-21 - TT# 21C01623 (IP=20,JP)
222.234.38.111	24	RB	None	2021-03-29 00:00:00	2021-06-27 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr web attacks (IP=111,KR)
222.24.63.58	24	RB	None	2021-04-27 00:00:00	2021-07-26 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr web attacks (IP=58,CN)
222.240.123.241	32	srm	None	2021-03-30 00:00:00	2021-06-30 00:00:00	None	Firepower Suspicious Scan Activity (IP=241,CN)
222.243.14.67	32	wmp	None	2021-01-27 00:00:00	2021-04-27 00:00:00	None	Firepower Suspicious Scan Activity (IP=67,CN)
222.244.165.175	32	srm	None	2021-04-20 00:00:00	2021-07-19 00:00:00	None	Firepower Suspicious Scan Activity (IP=175,CN)
222.244.166.14	24	GM	None	2020-10-08 00:00:00	2021-01-08 00:00:00	None	Generic URI Injection wget Attempt - FE CMS/IPS alerts (IP=14,CN)
222.244.233.143	24	GM	None	2021-01-28 00:00:00	2021-04-28 00:00:00	None	Generic URI Injection wget Attempt - FireEye CMS (IP=143,CN)
222.247.106.215	24	GM	None	2020-11-20 00:00:00	2021-02-20 00:00:00	None	Generic URI Injection wget Attempt - FireEye CMS (IP=215,CN)
222.247.123.57	24	GM	None	2020-12-19 00:00:00	2021-03-19 00:00:00	None	Generic URI Injection wget Attempt - FireEye CMS (IP=57,CN)
222.247.156.254	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=254,CN)
222.247.172.134	24	GM	None	2021-01-12 00:00:00	2021-04-12 00:00:00	None	Generic URI Injection wget Attempt - FireEye CMS (IP=134,CN)
222.247.173.244	32	srm	None	2021-04-26 00:00:00	2021-07-25 00:00:00	None	Firepower Suspicious Scan Activity (IP=244,CN)
222.247.7.86	32	srm	None	2021-04-30 00:00:00	2021-07-30 00:00:00	None	Firepower Suspicious Scan Activity (IP=86,CN)
222.249.171.73	24	BMP	None	2021-03-16 00:00:00	2021-06-30 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt - 6hr Web Attacks (IP=73,CN) | updated by RB Block expiration extended with reason SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Sourcefire (IP=73,CN) | updated by
222.252.23.173	32	jkc	None	2021-04-21 00:00:00	2021-10-21 00:00:00	None	Case # 5273 IOC_TO-S-2021-1233 Malicious callback IP
222.252.31.73	24	RR	None	2021-05-28 00:00:00	2021-08-26 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - SourceFire (IP=73,VN)
222.252.6.226	24	DT	None	2021-02-02 00:00:00	2021-05-02 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6hr Failed Logons (IP=226,VN)
222.254.53.36	24	DT	None	2021-09-06 00:00:00	2021-12-05 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - Failed Logons (IP=36,VN)
222.254.64.0	20	TLM	None	2021-07-29 00:00:00	2021-10-27 00:00:00	None	HIVE Case #5884 TO-S-2021-1435 (IP=0,VN)
222.255.236.87	24	RB	None	2021-03-05 00:00:00	2021-06-03 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Sourcefire (IP=87,VN)
222.255.236.87	24	GM	None	2021-03-04 00:00:00	2021-06-05 00:00:00	None	SERVER-WEBAPP vBulletin pre-authenticated command injection attempt - Web Attacks (IP=87,VN)
222.255.237.222	24	EE	None	2021-03-28 00:00:00	2021-06-26 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=222,VN)
222.255.237.222	24	EE	None	2021-03-28 00:00:00	2021-06-26 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks(IP=222,VN)
222.255.88.217	24	ZH	None	2021-08-26 00:00:00	2021-11-24 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt (1:19559:13) - Sourcefire (IP=217,VN)
222.75.160.222	24	RW	None	2021-03-10 00:00:00	2021-06-10 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=222,CN)
222.78.57.63	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=63,CN)
222.92.130.206	24	RB	None	2021-04-01 00:00:00	2021-06-30 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr web attacks (IP=206,CN)
222.92.153.21	24	DT	None	2021-09-12 00:00:00	2021-12-11 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt (1:46316:5) - Source Fire (IP=21,CN)
222.92.9.126	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=126,CN)
222.93.126.63	24	FT	None	2021-03-09 00:00:00	2021-06-07 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=63,CN)
222.93.33.104	24	KH	None	2021-08-17 00:00:00	2021-11-15 00:00:00	None	Generic URI Injection wget Attempt -
222.93.33.104	24	KH	None	2021-08-17 00:00:00	2021-11-15 00:00:00	None	Generic URI Injection wget Attempt - FE IPS (IP=104,CN)
222.96.116.190	32	srm	None	2021-01-29 00:00:00	2021-04-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=190,KR)
222.96.171.62	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	KR TO-S-2020-0331 Malicious Web Application Activity
222.97.15.209	32	srm	None	2021-01-29 00:00:00	2021-04-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=209,KR)
222.98.171.132	24	CR	None	2021-05-31 00:00:00	2021-08-29 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=132,KR)
222.99.189.240	24	AR	None	2021-07-11 00:00:00	2021-10-09 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - 6 Hr Web Attack (IP=240,KR)
223.100.12.52	24	DT	None	2021-01-02 00:00:00	2021-04-02 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - 6hr Web attacks (IP=52,CN)
223.100.12.52	24	DT	None	2021-01-02 00:00:00	2021-04-02 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - 6hr Web attacks (IP=52,CN)
223.112.141.154	24	GM	None	2021-03-11 00:00:00	2021-06-11 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=154,CN)
223.112.190.70	24	CR	None	2020-12-29 00:00:00	2021-03-29 00:00:00	None	ZmEu phpMyAdmin Vulnerability Scanner - IPS Events (IP=70,CN)
223.113.206.12	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	HIVE Case #Firepower Firepower (IP=12,CN)
223.13.87.209	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=209,CN)
223.130.30.34	24	BMP	None	2021-06-26 00:00:00	2021-09-24 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6hr Failed Logons (IP=34,IN)
223.149.206.127	24	GM	None	2020-11-12 00:00:00	2021-02-12 00:00:00	None	Generic URI Injection wget Attempt - FireEye CMS (IP=127,CN)
223.149.233.27	32	srm	None	2021-05-19 00:00:00	2021-08-17 00:00:00	None	Firepower Suspicious Scan Activity (IP=27,CN)
223.152.17.60	24	GM	None	2020-12-25 00:00:00	2021-03-25 00:00:00	None	Generic URI Injection wget Attempt - FireEye CMS (IP=60,CN)
223.152.203.237	24	GM	None	2020-11-29 00:00:00	2021-03-01 00:00:00	None	Generic URI Injection wget Attempt - FireEye CMS (IP=237,CN)
223.155.155.125	24	GM	None	2021-01-30 00:00:00	2021-04-30 00:00:00	None	Generic URI Injection wget Attempt - FireEye CMS (IP=125,CN)
223.155.37.40	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=40,CN)
223.155.98.206	24	GM	None	2020-12-25 00:00:00	2021-03-25 00:00:00	None	Generic URI Injection wget Attempt - Web Attacks (IP=206,CN)
223.166.117.210	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=210,CN)
223.167.118.17	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=17,CN)
223.17.160.142	24	KH	None	2021-07-27 00:00:00	2021-10-25 00:00:00	None	Nmap Scanner Traffic Detected - FE IPS (IP=142,HK)
223.181.98.220	32	dbc	None	2020-01-08 00:00:00	2021-01-08 00:00:00	None	IN TO-S-2020-0236 Malicious Email Activity
223.182.254.99	24	WR	None	2021-06-09 00:00:00	2021-09-07 00:00:00	None	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script - TT# 21C01233 (IP=99, IN)
223.182.35.121	24	JKC	None	2020-04-13 00:00:00	2021-04-13 00:00:00	None	CTR-20-0629 MALWARE CAMPAIGN HIVE CASE #2512 (IP=121, IN)
223.182.35.121	32	dbc	None	2020-06-10 00:00:00	2021-06-10 00:00:00	None	IN TO-S-2020-0601 Malware Activity
223.186.183.101	32	dbc	None	2020-01-08 00:00:00	2021-01-08 00:00:00	None	IN TO-S-2020-0236 Malicious Email Activity
223.187.187.124	32	dbc	None	2020-01-08 00:00:00	2021-01-08 00:00:00	None	IN TO-S-2020-0236 Malicious Reconnaissance Activity
223.189.89.140	32	dbc	None	2020-01-08 00:00:00	2021-01-08 00:00:00	None	IN TO-S-2020-0236 Malicious Reconnaissance Activity
223.191.1.61	32	dbc	None	2020-01-08 00:00:00	2021-01-08 00:00:00	None	IN TO-S-2020-0236 Malicious Reconnaissance Activity
223.196.85.235	32	dbc	None	2020-01-08 00:00:00	2021-01-08 00:00:00	None	IN TO-S-2020-0236 Malicious Reconnaissance Activity
223.204.227.248	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	TH Hive Case 4237 TO-S-2021-0910 Malware Activity
223.204.248.213	24	RR	None	2021-07-27 00:00:00	2021-10-25 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - SourceFire (IP=213,TH)
223.205.222.192	24	RW	None	2021-01-04 00:00:00	2021-04-04 00:00:00	None	Authentication Failure - 6 hr failed logons (IP=192,TH)
223.205.247.132	24	BMP	None	2021-03-18 00:00:00	2021-06-16 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6hr Failed Logons (IP=132,TH)
223.206.232.6	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=6,TH)
223.206.233.68	24	ZH	None	2021-07-04 00:00:00	2021-10-02 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt (1:19559:13) - Sourcefire Rpt (IP=68,TH)
223.206.245.62	24	EE	None	2021-02-07 00:00:00	2021-05-08 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - SourceFire (IP=62,TH)
223.206.247.122	24	EE	None	2021-01-26 00:00:00	2021-04-26 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6 HR Failed Logons (IP=122,TH)
223.207.234.146	24	RB	None	2020-10-30 00:00:00	2021-01-28 00:00:00	None	FTP Login Failed 6hr failed logon (IP=146,TH)
223.207.242.175	24	BB	None	2021-08-10 00:00:00	2021-11-08 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - SourceFire (IP=175,TH)
223.207.248.13	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	TH TO-S-2020-0750 Malicious Email Activity
223.212.211.103	32	wmp	None	2021-01-27 00:00:00	2021-04-27 00:00:00	None	Firepower Suspicious Scan Activity (IP=103,CN)
223.212.222.75	32	wmp	None	2021-01-27 00:00:00	2021-04-27 00:00:00	None	Firepower Suspicious Scan Activity (IP=75,CN)
223.212.225.68	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=68,CN)
223.212.234.84	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=84,CN
223.212.5.29	32	wmp	None	2021-01-27 00:00:00	2021-04-27 00:00:00	None	Firepower Suspicious Scan Activity (IP=29,CN)
223.212.73.175	32	wmp	None	2021-01-27 00:00:00	2021-04-27 00:00:00	None	Firepower Suspicious Scan Activity (IP=175,CN)
223.214.194.141	32	srm	None	2021-03-30 00:00:00	2021-06-30 00:00:00	None	Firepower Suspicious Scan Activity (IP=141,CN)
223.215.160.131	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=131,CN)
223.221.37.186	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=186,CN)
223.223.191.13	24	AR	None	2021-08-22 00:00:00	2021-11-20 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - ABC Report (IP=13,CN)
223.225.12.0	22	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=0,IN)
223.236.125.103	24	DT	None	2021-09-06 00:00:00	2021-12-05 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt (1:19559:13) - Source Fire (IP=103,IN)
223.236.62.136	24	CR	None	2021-05-13 00:00:00	2021-08-11 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - Sourcefire (IP=136,ID)
223.238.198.68	24	UA	None	2021-05-18 00:00:00	2021-08-16 00:00:00	None	FTP Login Failed - 6 hr failed logon (IP=68,IN)
223.240.83.151	24	EE	None	2021-04-02 00:00:00	2021-07-01 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attack (IP=151,CN)
223.247.149.130	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	HIVE Case #Firepower Firepower (IP=130,CN)
223.247.193.149	24	CR	None	2021-05-31 00:00:00	2021-08-29 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Web Attacks (IP=149,CN)
223.247.204.205	24	BMP	None	2021-04-02 00:00:00	2021-07-01 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=205,CN)
223.255.185.90	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	HK TO-S-2020-0331 Malicious Web Application Activity
223.29.198.0	24	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=0,IN)
223.31.219.46	24	EE HTTP:	None	2021-03-19 00:00:00	2021-06-17 00:00:00	None	ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=46,IN)
223.38.87.254	32	CR	None	2021-07-09 00:00:00	2021-10-07 00:00:00	None	High Attacker Suspicious Scan Activity - ArcSight ESM (IP=254,KR)
223.68.172.59	24	BMP	None	2021-01-19 00:00:00	2021-04-19 00:00:00	None	FTP Login Failed - 6hr Failed Logons (IP=59,CN)
223.70.120.83	24	EE	None	2021-03-03 00:00:00	2021-06-20 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=83,CN) | updated by RR Block expiration extended with reason HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=83,CN)
223.71.167.165	24	RR	None	2021-07-02 00:00:00	2021-09-30 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - SourceFire (IP=165,CN)
223.71.43.214	24	EE	None	2021-03-28 00:00:00	2021-06-26 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=214,CN)
23.100.123.225	32	BB	None	2021-08-19 00:00:00	2021-11-17 00:00:00	None	Command Injection - ABC (IP=225,US)
23.102.153.203	32	BMP	None	2021-06-02 00:00:00	2021-08-31 00:00:00	None	SQL injection - 6hr Web Attacks (IP=203,US)
23.102.174.175	32	DT	None	2021-08-26 00:00:00	2021-11-24 00:00:00	None	SERVER-WEBAPP Citrix ADC and Gateway information disclosure attempt (1:56138:3) - Source Fire (IP=94,US)
23.102.178.43	32	ZH	None	2021-07-04 00:00:00	2021-10-02 00:00:00	None	SQL injection - 6hr Web Attacks (IP=43,US)
23.105.110.211	32	RW	None	2021-07-05 00:00:00	2021-10-03 00:00:00	None	SQL injection - Web Attacks (IP=211,US)
23.105.244.4	32	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	US TO-S-2020-0322 Malware Activity
23.105.245.5	32	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	US TO-S-2020-0322 Malware Activity
23.106.122.146	32	dbc	None	2020-06-10 00:00:00	2021-06-10 00:00:00	None	Unaffiliated TO-S-2020-0601 Malicious Email Activity
23.106.123.27	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	SG TO-S-2020-0298 Malicious Email Activity
23.106.123.57	24	EE	None	2021-08-18 00:00:00	2021-11-15 00:00:00	None	HIVE Case #5918 IOC_LOKIBOT (IP=57,SG)
23.106.160.32	32	wmp	None	2020-08-20 00:00:00	2021-11-23 00:00:00	None	HIVE Case #3630 CTO-20-231 (IP=32,US) | updated by dbc Block expiration extended with reason HIVE Case #4064 TO-S-2020-0859 (IP=32,US) | updated by AR Block expiration extended with reason TO-S-2021-1286 - TO-S-2021-1286 (IP=32,US)
23.111.134.163	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	US TO-S-2020-0535 Malicious Email Activity
23.111.136.190	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malware Activity
23.111.137.154	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=154,US)
23.111.143.138	32	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	US TO-S-2020-0315 Malicious Email Activity
23.111.153.14	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
23.111.165.154	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	US TO-S-2020-0331 Malicious Email Activity
23.111.169.242	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
23.111.188.5	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=5,US)
23.129.64.153	32	RW	None	2019-08-17 00:00:00	2021-02-14 00:00:00	None	Authentication Failed - 6hr failed logon (IP=153,US) | updated by dbc Block was inactive. Reactivated on 20200214 with reason US TO-S-2020-0298 Malware Activity
23.129.64.165	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
23.129.64.165	32	RB	None	2019-08-17 00:00:00	2021-04-23 00:00:00	None	Authentication Failed_6 hr Failed Logons (IP=165,US) | updated by dbc Block was inactive. Reactivated on 20200423 with reason US TO-S-2020-0459 Malware Activity
23.129.64.187	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	US TO-S-2020-0331 Malware Activity
23.129.64.201	32	EE	None	2021-03-10 00:00:00	2021-06-08 00:00:00	None	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00666 (IP=201,US)
23.129.64.202	32	GM	None	2021-03-09 00:00:00	2021-06-07 00:00:00	None	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00631 (IP=202,US)
23.129.64.203	32	RR	None	2019-10-12 00:00:00	2021-04-23 00:00:00	None	Possible SQLi attempt - TT# 20C00390 (IP=203,US) | updated by dbc Block was inactive. Reactivated on 20200423 with reason US TO-S-2020-0459 Malware Activity
23.129.64.204	32	RR	None	2021-03-09 00:00:00	2021-06-07 00:00:00	None	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00596 (IP=204,US)
23.129.64.205	32	DT	None	2021-03-14 00:00:00	2021-06-14 00:00:00	None	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00685 (IP=205,US)
23.129.64.208	32	RR	None	2021-03-09 00:00:00	2021-06-07 00:00:00	None	Authentication Failed - 6 hr failed logons (IP=208,US) | updated by RR Block was inactive. Reactivated on 20210309 with reason HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00590 (IP=208,US) HTTP: Microsoft SharePoint XSS in Sc
23.129.64.208	32	RW	None	2019-08-25 00:00:00	2021-06-07 00:00:00	None	Authentication Failed - 6 hr failed logons (IP=208,US) | updated by RR Block was inactive. Reactivated on 20210309 with reason HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00590 (IP=208,US) HTTP: Microsoft SharePoint XSS in Sc
23.129.64.220	32	RR	None	2021-03-09 00:00:00	2021-06-07 00:00:00	None	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00591 (IP=220,US)
23.129.64.221	32	EE	None	2021-03-10 00:00:00	2021-06-08 00:00:00	None	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00666 (IP=221,US)
23.129.64.222	32	GM	None	2021-03-09 00:00:00	2021-06-07 00:00:00	None	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00629 (IP=222,US)
23.129.64.224	32	RR	None	2021-03-09 00:00:00	2021-06-07 00:00:00	None	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00573 (IP=224,US)
23.129.64.225	32	RW	None	2021-03-10 00:00:00	2021-06-10 00:00:00	None	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00663 (IP=225,US)
23.129.64.226	32	DT	None	2021-03-14 00:00:00	2021-06-14 00:00:00	None	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00678 (IP=226,US)
23.129.64.229	32	EE	None	2021-03-10 00:00:00	2021-06-08 00:00:00	None	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00666 (IP=229,US)
23.129.64.232	32	DT	None	2021-03-14 00:00:00	2021-06-14 00:00:00	None	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00678 (IP=232,US)
23.129.64.233	32	DT	None	2021-03-14 00:00:00	2021-06-14 00:00:00	None	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00694 (IP=233,US)
23.129.64.235	32	DT	None	2021-03-14 00:00:00	2021-06-14 00:00:00	None	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00690 (IP=235,US)
23.129.64.241	32	NAB	None	2021-05-04 00:00:00	2021-11-04 00:00:00	None	HIVE Case #5344 TO-S-21-1245 (IP=241,US)
23.129.64.253	32	EE	None	2021-03-10 00:00:00	2021-06-10 00:00:00	None	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00662 (IP=253,US)
23.132.16.1	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=1,US)
23.139.192.160	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=160,US)
23.148.145.22	32	wmp	None	2021-06-29 00:00:00	2021-09-29 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=22,US)
23.148.145.4	24	RR	None	2020-12-30 00:00:00	2021-03-31 00:00:00	None	SERVER-OTHER OpenSSL TLSv1.1 heartbeat read overrun attempt - SourceFire (IP=4,EU) | updated by BMP Block expiration extended with reason Attempted Information Leak - SourceFire (IP=4,EU)
23.152.0.232	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	US TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
23.160.192.57	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	US TO-S-2021-1007 Malware Activity
23.19.227.117	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	US TO-S-2020-0698 Malicious Web Application Activity
23.198.110.139	32	RT	None	2021-09-03 00:00:00	2021-12-02 00:00:00	None	INDICATOR-COMPROMISE Content-Type text/plain containing Portable Executable data (1:38619:5) - SOURCEFIRE REPORT (IP=139,US)
23.199.4.46	32	RT	None	2021-09-14 00:00:00	2021-12-13 00:00:00	None	INDICATOR-COMPROMISE Content-Type text/plain containing Portable Executable data - Sourcefire Report (IP=46,US)
23.20.115.169	32	RT	None	2021-09-19 00:00:00	2021-12-18 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire Report (IP=169,US)
23.20.71.24	32	ZH	None	2021-08-26 00:00:00	2021-11-24 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire (IP=24,US)
23.21.201.153	32	GM	None	2020-10-02 00:00:00	2021-01-02 00:00:00	None	HTTP: Oracle GlassFish Server ThemeServlet Directory Traversal - TT # 21C00010 (IP=153,US)
23.215.180.26	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	US Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
23.22.236.249	32	CR	None	2021-05-11 00:00:00	2021-08-11 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=249,US)
23.22.35.162	32	JKC	None	2021-08-24 00:00:00	2021-11-22 00:00:00	None	HIVE Case #NA imperva (IP=162,US)
23.224.135.235	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
23.224.151.242	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
23.225.121.193	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	US TO-S-2020-0298 Malicious Email Activity
23.225.177.246	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	US TO-S-2020-0298 Malicious Email Activity
23.225.177.3	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	US TO-S-2020-0298 Malicious Email Activity
23.225.205.33	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	US TO-S-2020-0298 Malicious Email Activity
23.225.205.58	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	US TO-S-2020-0298 Malicious Email Activity
23.225.205.88	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	US TO-S-2020-0298 Malicious Email Activity
23.226.128.146	32	BMP	None	2021-02-16 00:00:00	2021-05-15 00:00:00	None	SERVER-WEBAPP Oracle Glassfish unauthenticated directory traversal attempt - 6hr Web Attacks (IP=146,US)
23.227.133.50	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	US TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
23.227.196.116	32	dbc	None	2020-01-08 00:00:00	2021-01-08 00:00:00	None	US TO-S-2020-0236 Malware Activity
23.227.206.136	32	EE	None	2021-08-18 00:00:00	2021-11-15 00:00:00	None	HIVE Case #5918 IOC_LOKIBOT (IP=136,US)
23.227.38.64	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	CA TO-S-2020-0698 Malware Activity
23.229.135.199	32	dbc	None	2020-09-01 00:00:00	2021-09-01 00:00:00	None	US HIVE Case #3744 TO-S-2020-0772 Malicious Email Activity
23.229.175.71	32	dbc	None	2020-06-10 00:00:00	2021-06-10 00:00:00	None	Unaffiliated TO-S-2020-0601 Malicious Email Activity
23.229.209.4	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	US TO-S-2020-0698 Malicious Email Activity
23.229.214.33	32	dbc	None	2020-09-01 00:00:00	2021-09-01 00:00:00	None	US HIVE Case #3744 TO-S-2020-0772 Malicious Email Activity
23.229.216.1	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
23.229.220.72	32	dbc	None	2020-05-13 00:00:00	2021-05-13 00:00:00	None	Unaffiliated TO-S-2020-0503 Malicious Email Activity
23.229.231.102	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
23.229.235.199	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	US TO-S-2021-1007 Malicious Email Activity
23.229.238.73	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	US TO-S-2020-0331 Malicious Email Activity
23.229.242.195	32	dbc	None	2020-06-08 00:00:00	2021-06-08 00:00:00	None	US TO-S-2020-0592 Malware Activity
23.229.249.132	32	dbc	None	2020-06-10 00:00:00	2021-06-10 00:00:00	None	Unaffiliated TO-S-2020-0601 Malicious Email Activity
23.234.202.120	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
23.234.205.60	32	wmp	None	2020-09-22 00:00:00	2021-10-21 00:00:00	None	HIVE Case #3941 TO-S-2020-0821 COLS-NA-TIP-20-0298 (IP=60,US) | updated by dbc Block expiration extended with reason US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
23.234.234.50	32	EE	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire (IP=50,US)
23.235.192.117	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=117,US)
23.235.192.168	32	TLM	None	2021-07-29 00:00:00	2021-10-27 00:00:00	None	HIVE Case #5884 TO-S-2021-1435 (IP=168,US)
23.235.200.201	32	dbc	None	2020-09-17 00:00:00	2021-09-17 00:00:00	None	US TO-S-2020-0805 Malicious Email Activity
23.235.204.82	32	NAB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HIVE Case #5136 TO-S-21-1197 TO-S-21-1197.01 (IP=82,US)
23.235.205.124	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
23.235.206.249	32	wmp	None	2020-08-20 00:00:00	2021-10-08 00:00:00	None	HIVE Case #3601 COLS-NA-TIP-20-0260 (IP=249,US) | updated by dbc Block expiration extended with reason HIVE Case #4064 TO-S-2020-0859 (IP=249,US)
23.235.206.252	32	dbc	None	2020-09-17 00:00:00	2021-09-17 00:00:00	None	US TO-S-2020-0805 Malicious Email Activity
23.235.207.117	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
23.235.207.243	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
23.235.207.6	32	wmp	None	2020-09-03 00:00:00	2021-10-21 00:00:00	None	HIVE Case #3770 TO-S-2020-0779 COLS-NA-TIP-20-0280 (IP=6,US) | updated by dbc Block expiration extended with reason US TO-S-2021-0876 Hive Case 4166 Malicious Web Application Activity
23.235.209.95	32	TLM	None	2021-07-29 00:00:00	2021-10-27 00:00:00	None	HIVE Case #5884 TO-S-2021-1435 (IP=95,US)
23.235.214.102	32	dbc	None	2020-09-17 00:00:00	2021-09-17 00:00:00	None	US TO-S-2020-0805 Malicious Email Activity
23.235.215.147	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	US TO-S-2021-1007 Malicious Email Activity
23.235.218.3	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
23.235.219.107	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
23.235.220.179	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	US TO-S-2020-0698 Malicious Email Activity
23.235.220.70	32	NAB	None	2021-04-05 00:00:00	2021-07-04 00:00:00	None	HIVE Case #5201 TO-S-21-1209 (IP=70,US)
23.235.220.81	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	US TO-S-2020-0698 Malicious Email Activity
23.236.0.0	20	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	BB TO-S-2020-0298 Malicious Email Activity
23.239.11.113	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	US TO-S-2020-0493 Malware Activity
23.239.13.174	32	RR	None	2021-03-23 00:00:00	2021-06-21 00:00:00	None	SQL union select - possible sql injection attempt - GET parameter - Web Attacks (IP=174,US)
23.239.17.72	32	DT	None	2021-01-07 00:00:00	2021-04-07 00:00:00	None	File /etc/passwd Access Attempt Detect - IPS Events (IP=72,US)
23.239.20.0	24	kmw	None	2020-01-02 00:00:00	2021-01-02 00:00:00	None	HK TO-S-2020-0228 Malicious Email Activity
23.239.25.190	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	US TO-S-2020-0298 Malware Activity
23.239.31.173	32	NAB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HIVE Case #5136 TO-S-21-1197 TO-S-21-1197.01 (IP=173,US)
23.239.4.169	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	US TO-S-2020-0750 Malware Activity
23.246.195.194	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=194,US)
23.247.102.108	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	US Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
23.247.102.33	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
23.247.33.39	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	US TO-S-2020-0698 Malicious Email Activity
23.248.141.187	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	CA TO-S-2020-0331 Malicious Web Application Activity
23.248.167.10	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	US TO-S-2020-0493 Malware Activity
23.248.234.35	32	GM	None	2021-01-03 00:00:00	2021-04-03 00:00:00	None	HTTP: SQL Injection Attempt Detected - Web Attacks (IP=35,US)
23.249.16.10	24	RB	None	2021-01-10 00:00:00	2021-04-10 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - Sourcefire (IP=10,HK)
23.249.22.29	24	KH	None	2021-09-11 00:00:00	2021-12-10 00:00:00	None	POLICY-OTHER PHP uri tag injection attempt (1:23111:14) - Sourcefire (IP=29,JP)
23.250.72.136	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	US TO-S-2020-0493 Malware Activity
23.250.99.150	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	US TO-S-2020-0493 Malware Activity
23.251.102.74	32	CR	None	2021-05-30 00:00:00	2021-11-08 00:00:00	None	HTTP: Microsoft Windows HTTP.sys Remote Code Execution (CVE-2015-1635) - 21C01238 (IP=74,US) | updated by RW Block expiration extended with reason Suspicious Telerik UI Request - FE IPS (IP=74,US)
23.251.45.232	32	NAB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HIVE Case #5136 TO-S-21-1197 TO-S-21-1197.01 (IP=232,US)
23.252.115.20	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
23.254.118.30	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	CA Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
23.254.161.103	32	TLM	None	2021-06-17 00:00:00	2021-12-17 00:00:00	None	HIVE Case #5644 TO-S-2021-1352 (IP=103,US)
23.254.201.118	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malware Activity
23.254.202.154	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	US TO-S-2021-1007 Malware Activity
23.254.202.86	32	dbc	None	2020-03-24 00:00:00	2021-03-24 00:00:00	None	US TO-S-2020-0369 Malicious Email Activity
23.254.239.142	32	TLM	None	2021-07-29 00:00:00	2021-10-27 00:00:00	None	HIVE Case #5884 TO-S-2021-1435 (IP=142,US)
23.254.243.254	32	TLM	None	2021-07-29 00:00:00	2021-10-27 00:00:00	None	HIVE Case #5884 TO-S-2021-1435 (IP=254,US)
23.254.253.87	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=87,US)
23.27.117.106	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	US TO-S-2020-0303 Malicious Web Application Activity
23.27.44.40	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
23.29.122.171	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
23.29.122.187	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	US TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
23.29.122.203	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
23.63.253.11	32	NAB	None	2021-01-22 00:00:00	2021-04-22 00:00:00	None	HIVE Case #NA FP CIO Policy (IP=11,US)
23.81.246.179	32	dbc	None	2020-01-08 00:00:00	2021-01-08 00:00:00	None	US TO-S-2020-0236 Malware Activity
23.82.12.30	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
23.82.12.31	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	US TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
23.83.130.19	32	KH	None	2021-06-29 00:00:00	2021-09-27 00:00:00	None	SQL injection - 6hr web attacks (IP=19,US)
23.83.132.144	32	AR	None	2021-07-02 00:00:00	2021-09-30 00:00:00	None	SQL injection - 6 Hr Web Attack (IP=144,US)
23.84.69.39	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=39,US)
23.90.145.38	24	EE	None	2021-01-20 00:00:00	2021-04-20 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire (IP=38,DE)
23.90.160.146	24	KH	None	2021-07-22 00:00:00	2021-10-20 00:00:00	None	SSLv2 Client Hello Request Detected - FE IPS (IP=146,NL)
23.91.70.59	32	RR	None	2017-04-10 05:00:00	2021-04-23 00:00:00	None	SERVER-WEBAPP RevSlider information disclosure attempt (IP=59,US) | updated by dbc Block was inactive. Reactivated on 20200423 with reason US TO-S-2020-0459 Malware Activity
23.91.70.78	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
23.91.70.96	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
23.91.71.214	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
23.91.71.247	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
23.92.118.125	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
23.92.19.89	32	BMP	None	2021-02-02 00:00:00	2021-05-02 00:00:00	None	SQL injection - 6hr Web Attacks (IP=89,US)
23.92.20.10	32	AR	None	2021-08-28 00:00:00	2021-11-26 00:00:00	None	UDS-ColdFusion_logintowizard_RC7261 TT# 21C01634 (IP=10,US)
23.92.20.131	32	AR	None	2021-08-28 00:00:00	2021-11-26 00:00:00	None	UDS-ColdFusion_logintowizard_RC7261 TT# 21C01633 (IP=131,US)
23.92.25.117	32	UA	None	2021-09-27 00:00:00	2021-12-26 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - TT# 21C01973 (IP=117,US)
23.92.25.52	32	DT	None	2021-09-27 00:00:00	2021-12-26 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - TT# 21C01971 (IP=52,US)
23.92.25.55	32	DT	None	2021-09-27 00:00:00	2021-12-26 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - TT# 21C01970 (IP=55, US)
23.92.25.95	32	AR	None	2021-09-28 00:00:00	2021-12-27 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - 6Hr Web Attacks (IP=95,US)
23.94.104.106	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	US TO-S-2020-0698 Malware Activity
23.94.150.194	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=194,GB)
23.94.186.102	32	EE INDICATOR-SCAN	None	2021-03-19 00:00:00	2021-06-17 00:00:00	None	DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire (IP=102,US)
23.94.225.7	32	NAB	None	2021-04-05 00:00:00	2021-07-04 00:00:00	None	HIVE Case #5201 TO-S-21-1209 (IP=7,US)
23.94.30.178	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	US TO-S-2021-1007 Malicious Email Activity
23.94.36.203	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
23.94.99.125	32	dbc	None	2020-05-13 00:00:00	2021-05-13 00:00:00	None	Unaffiliated TO-S-2020-0503 Malicious Email Activity
23.95.100.194	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	US TO-S-2020-0298 Malicious Email Activity
23.95.103.140	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	US TO-S-2020-0750 Malicious Email Activity
23.95.103.201	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
23.95.122.53	32	TLM	None	2021-06-17 00:00:00	2021-12-17 00:00:00	None	HIVE Case #5644 TO-S-2021-1352 (IP=53,US)
23.95.122.95	32	TLM	None	2021-06-10 00:00:00	2021-12-10 00:00:00	None	HIVE CASE #5606 TO-S-2021-1338
23.95.18.84	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	US TO-S-2020-0535 Malicious Email Activity
23.95.206.173	32	dbc	None	2020-03-24 00:00:00	2021-03-24 00:00:00	None	US TO-S-2020-0369 Malicious Email Activity
23.95.206.186	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	US TO-S-2020-0535 Malicious Email Activity
23.95.206.187	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	US TO-S-2020-0331 Malicious Email Activity
23.95.217.153	32	TLM	None	2021-06-17 00:00:00	2021-12-17 00:00:00	None	HIVE Case #5644 TO-S-2021-1352 (IP=153,US)
23.95.217.2	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=2,US)
23.95.227.11	32	TLM	None	2021-06-17 00:00:00	2021-12-17 00:00:00	None	HIVE Case #5644 TO-S-2021-1352 (IP=11,US)
23.95.227.159	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	US TO-S-2020-0750 Malicious Email Activity
23.95.236.168	32	dbc	None	2020-06-08 00:00:00	2021-06-08 00:00:00	None	Unafiliated TO-S-2020-0592 Malicious Email Activity
23.95.6.50	32	GM	None	2021-01-05 00:00:00	2021-04-05 00:00:00	None	Unauthorized Access-Probe \ UDP: Host Sweep - TT # 21C00382 (IP=50,US)
23.95.85.176	32	NAB	None	2021-05-11 00:00:00	2021-11-11 00:00:00	None	HIVE Case #5422 DARKSIDE Ransomware (IP=176,US)
23.95.90.205	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
23.96.98.201	32	BMP	None	2021-02-23 00:00:00	2021-05-24 00:00:00	None	SERVER-WEBAPP JBoss admin-console access (1:21517:6) - SourceFire (IP=201,US)
23.98.143.179	32	UA	None	2021-08-15 00:00:00	2021-11-13 00:00:00	None	SQL injection - 6hr web attacks (IP=179,US)
23.98.146.19	32	GM	None	2020-10-29 00:00:00	2021-01-29 00:00:00	None	MALWARE-BACKDOOR JSP webshell backdoor detected - Sourcefire (IP=19,US)
23.98.147.58	32	RW	None	2021-06-29 00:00:00	2021-09-27 00:00:00	None	Command Injection (IP=58,US)
23.98.190.13	32	BMP	None	2021-06-03 00:00:00	2021-09-01 00:00:00	None	HTTP: SQL Injection - Exploit - 6hr Web Attacks (IP=13,US)
23.99.142.123	32	SW	None	2021-09-13 00:00:00	2021-12-12 00:00:00	None	File /etc/passwd Access Attempt Detect - IPS Events (IP=123,US)
23.99.216.81	32	ZH	None	2021-07-05 00:00:00	2021-10-03 00:00:00	None	SQL injection - 6hr Web Attacks (IP=81,US)
23.99.231.123	32	RR	None	2021-05-29 00:00:00	2021-08-27 00:00:00	None	Attempted Access - Inbound Brute Force - TT# 21C01232 (IP=123,US)
2371319182.sitepotion.com	---	TLM	None	2021-06-15 00:00:00	2021-09-13 00:00:00	2023-01-19 22:57:28	HIVE Case #5605 TO-S-2021-1338
24.101.114.25	32	RW	None	2021-03-18 00:00:00	2021-06-18 00:00:00	None	FTP Login Failed - 6 hr failed logons (IP=25,US)
24.11.21.189	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	US TO-S-2020-0493 Malware Activity
24.111.160.76	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=76,US)
24.112.176.248	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=248,US)
24.112.42.246	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=246,US)
24.112.75.196	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=196,US)
24.113.62.29	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=29,US)
24.114.195.114	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=114,CA)
24.116.36.200	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	US TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
24.12.22.44	32	BMP	None	2020-12-24 00:00:00	2021-03-24 00:00:00	None	SSH User Authentication Brute Force Attempt - 6hr Failed Logons (IP=44,US)
24.126.255.250	32	KH	None	2021-09-05 00:00:00	2021-12-04 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - SSH Scan (IP=250,US)
24.135.1.177	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	RS TO-S-2021-0876 Hive Case 4166 Malware Activity
24.135.198.218	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	RS TO-S-2021-0876 Hive Case 4166 Malware Activity
24.137.168.190	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=190,US)
24.137.76.62	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	CA TO-S-2021-0876 Hive Case 4166 Malware Activity
24.138.247.3	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	HIVE Case #Firepower Firepower (IP=3,PR)
24.139.189.5	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=5,US)
24.146.212.41	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=41,US)
24.148.98.177	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malware Activity
24.153.238.138	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=138,US)
24.160.3.6	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=6,US)
24.161.109.220	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=220,US)
24.161.116.239	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=239,US)
24.162.137.43	24	FT	None	2021-01-04 00:00:00	2021-04-04 00:00:00	None	IP Block Request - Self Report - TT: 21C00380 (IP=43,US)
24.162.60.160	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=160,US)
24.172.19.178	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
24.173.230.82	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=82,US)
24.178.166.79	32	RW	None	2020-01-18 00:00:00	2021-05-07 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=79,US) | updated by RW Block expiration extended with reason SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=79,US) | u
24.179.13.119	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malware Activity
24.180.247.30	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	US TO-S-2020-0298 Malicious Email Activity
24.20.4.103	32	RT	None	2021-07-30 00:00:00	2021-10-28 00:00:00	None	SQL injection - 6 HR WebAttack (IP=103,US)
24.205.167.226	32	GM	None	2021-02-04 00:00:00	2021-05-04 00:00:00	None	SSH User Authentication Brute Force Attempt - Failed Logons (IP=226,US)
24.212.215.156	24	RR	None	2021-04-23 00:00:00	2021-07-23 00:00:00	None	SERVER-WEBAPP Terramaster TOS command injection attempt - Web Attacks (IP=156,CA)
24.213.8.217	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=217,US)
24.214.120.205	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=205,US)
24.214.122.47	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=47,US)
24.214.21.36	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=36,US)
24.214.21.46	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=46,US)
24.214.236.186	32	dbc	None	2020-03-24 00:00:00	2021-03-24 00:00:00	None	US TO-S-2020-0369 Malicious Email Activity
24.216.172.139	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=139,US)
24.216.42.143	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=143,US)
24.221.106.91	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=91,US)
24.224.145.161	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	CA Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
24.232.128.205	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	AR TO-S-2020-0298 Malicious Email Activity
24.233.112.152	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malware Activity
24.237.130.180	32	AR	None	2021-05-27 00:00:00	2021-11-23 00:00:00	None	- CTO 21-131 (IP=180,US)
24.243.187.6	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=6,US)
24.245.11.31	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=31,US)
24.248.12.194	32	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	US TO-S-2020-0838 Malware Activity
24.248.226.254	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=254,US)
24.255.122.231	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=231,US)
24.3.199.27	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=27,US)
24.32.54.33	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=33,US)
24.37.34.187	32	dbc	None	2020-09-23 00:00:00	2021-09-23 00:00:00	None	CA TO-S-2020-0826 Hive Case 3950 Malicious Email Activity
24.38.81.24	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=24,US)
24.42.188.152	32	BMP	None	2021-05-14 00:00:00	2021-08-12 00:00:00	None	SERVER-WEBAPP Terramaster TOS command injection attempt - 6hr Web Attacks (IP=152,US)
24.43.169.18	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	US Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
24.43.99.75	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malware Activity
24.49.44.62	32	JKC	None	2021-09-22 00:00:00	2021-12-21 00:00:00	None	HIVE Case #NA AC hunter Excessive TCP attacks (IP=62,US)
24.53.224.65	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	CA TO-S-2020-0298 Malicious Email Activity
24.54.115.68	32	JKC	None	2021-09-22 00:00:00	2021-12-21 00:00:00	None	HIVE Case #NA AC hunter Excessive TCP attacks (IP=68,US)
24.6.145.166	32	RW	None	2021-03-07 00:00:00	2021-06-07 00:00:00	None	INDICATOR-COMPROMISE PHP backdoor communication attempt - Sourcefire (IP=166,US)
24.61.176.80	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=80,US)
24.73.0.94	32	BMP	None	2021-06-02 00:00:00	2021-08-31 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - 6hr Web Attacks (IP=94,US)
24.84.209.187	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	CA TO-S-2020-0459 Malware Activity
24.86.236.165	24	KD	None	2021-06-04 00:00:00	2021-09-03 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - Web Attacks (IP=165,CA)
24.96.209.138	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=138,US)
2400xx.com	---	TLM	None	2021-06-15 00:00:00	2021-09-13 00:00:00	2023-01-19 22:57:28	HIVE Case #5605 TO-S-2021-1338
26.17.146.151	32	NAB	None	2020-10-28 00:00:00	2021-11-03 00:00:00	None	HIVE Case #4192 COLS-NA-TIP-20-0322 (IP=151,US) | updated by dbc Block expiration extended with reason US Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
26.74.112.0	20	TLM	None	2021-07-29 00:00:00	2021-10-27 00:00:00	None	HIVE Case #5884 TO-S-2021-1435 (IP=0,US)
27.0.12.0	22	NAB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HIVE Case #5136 TO-S-21-1197 TO-S-21-1197.01 (IP=0,VN)
27.0.12.27	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=27,VN)
27.104.181.162	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	SG TO-S-2020-0459 Malware Activity
27.104.245.88	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	SG TO-S-2020-0459 Malware Activity
27.105.152.107	32	srm	None	2021-01-29 00:00:00	2021-04-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=107,TW)
27.105.231.63	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	TW TO-S-2020-0303 Malicious Email Activity
27.106.112.0	21	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	IN TO-S-2021-0876 Hive Case 4166 Malware Activity
27.106.20.0	24	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	IN TO-S-2020-0331 Malware Activity
27.106.20.50	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	IN TO-S-2020-0331 Malicious Reconnaissance Activity
27.106.7.71	24	RW	None	2021-06-17 00:00:00	2021-09-15 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - SourceFire (IP=71,IN)
27.115.124.75	24	DT	None	2021-06-28 00:00:00	2021-09-26 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Source Fire (IP=75,CH)
27.115.124.9	24	DT	None	2021-06-28 00:00:00	2021-09-26 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Source Fire (IP=49,CH)
27.123.220.0	22	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	ID TO-S-2020-0331 Malicious Web Application Activity
27.123.249.0	24	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=0,IN)
27.124.2.159	24	DT	None	2021-03-25 00:00:00	2021-06-23 00:00:00	None	TCP: SYN Host Sweep (IP=159,SG)
27.124.24.0	24	NAB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HIVE Case #5136 TO-S-21-1197 TO-S-21-1197.01 (IP=0,IN)
27.124.34.211	24	KH	None	2021-07-19 00:00:00	2021-10-17 00:00:00	None	Backdoor.APT.ChinaChopper - FE IPS (IP=211,SG)
27.124.43.40	24	RB	None	2021-03-09 00:00:00	2021-06-07 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability - 6hr web attacks (IP=40,SG)
27.124.43.40	32	wmp	None	2021-03-09 00:00:00	2021-06-09 00:00:00	None	ArcSight ESM High Attacker (IP=40,SG)
27.128.170.74	24	RW	None	2021-04-02 00:00:00	2021-07-02 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability - 6hr web attacks (IP=74,CN)
27.128.233.199	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	HIVE Case #Firepower Firepower (IP=199,CN)
27.131.178.119	24	EE	None	2021-03-28 00:00:00	2021-06-26 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=119,TH)
27.133.130.91	24	DT	None	2021-03-30 00:00:00	2021-06-28 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=91,JP)
27.147.152.166	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	BD TO-S-2020-0331 Malicious Web Application Activity
27.147.230.53	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	BD TO-S-2020-0298 Malicious Email Activity
27.147.239.142	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	BD TO-S-2020-0331 Malicious Web Application Activity
27.147.40.128	32	srm	None	2021-01-29 00:00:00	2021-04-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=128,TW)
27.148.147.26	32	wmp	None	2021-05-07 00:00:00	2021-08-07 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=26,CN)
27.148.201.143	32	srm	None	2021-05-05 00:00:00	2021-08-03 00:00:00	None	Firepower Suspicious Scan Activity (IP=143,CN)
27.151.9.103	24	GM	None	2021-03-27 00:00:00	2021-06-25 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=103,CN)
27.156.124.68	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=68,CN)
27.184.251.135	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=135,CN)
27.187.248.66	24	GM	None	2020-12-08 00:00:00	2021-03-08 00:00:00	None	Generic URI Injection wget Attempt - FireEye CMS (IP=66,CN)
27.193.129.142	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	HIVE Case #Firepower Firepower (IP=142,CN)
27.193.217.210	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=210,CN)
27.193.32.210	24	SW	None	2021-06-01 00:00:00	2021-08-30 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks(IP=210,CN)
27.194.219.100	32	srm	None	2021-04-22 00:00:00	2021-07-21 00:00:00	None	Firepower Suspicious Scan Activity (IP=100,CN)
27.194.65.75	24	GM	None	2020-11-22 00:00:00	2021-02-22 00:00:00	None	Generic URI Injection wget Attempt - FireEye (IP=75,CN)
27.196.129.238	24	WR	None	2021-06-23 00:00:00	2021-09-21 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (1:42857:3) - Sourcefire Report (IP=238,CN)
27.197.16.75	32	srm	None	2021-01-29 00:00:00	2021-04-29 00:00:00	None	Firepwer Suspicious Scan Activity (IP=75,CN)
27.198.185.116	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=116,CN)
27.198.34.106	24	DT	None	2021-06-25 00:00:00	2021-09-23 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=106,CN)
27.198.42.50	24	DT	None	2021-09-01 00:00:00	2021-11-30 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt (1:19559:13) - Source Fire (IP=50,CN)
27.199.232.65	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=65,CN)
27.199.3.194	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=194,CN)
27.2.10.67	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	VN TO-S-2020-0298 Malicious Email Activity
27.2.103.197	24	BMP	None	2021-05-25 00:00:00	2021-08-23 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6hr Failed Logons (IP=197,VN)
27.200.34.36	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=36,CN)
27.201.187.70	24	GM	None	2020-11-28 00:00:00	2021-02-28 00:00:00	None	Generic URI Injection wget Attempt - FireEye CMS (IP=70,CN)
27.202.182.201	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=201,CN)
27.202.66.46	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=46,CN)
27.203.102.12	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=12,CN)
27.203.213.79	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=79,CN)
27.203.47.104	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=104,CN)
27.203.68.144	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=144,CN)
27.203.7.141	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=141,CN)
27.204.253.74	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=74,CN)
27.205.178.110	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=110,CN)
27.206.136.101	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=101,CN)
27.206.84.153	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=153,CN)
27.207.100.235	32	wmp	None	2021-06-02 00:00:00	2021-09-02 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=235,CN)
27.207.155.31	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=31,CN)
27.207.234.9	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=9,CN)
27.208.119.27	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=27,CN)
27.208.164.18	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=18,CN)
27.208.208.123	32	wmp	None	2021-04-30 00:00:00	2021-07-30 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=123,CN)
27.208.237.105	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=105,CN)
27.208.25.59	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=59,CN)
27.209.6.39	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firep0wer Suspicious Scan Activity (IP=39,CN)
27.210.236.134	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=134,CN)
27.211.209.176	24	WR	None	2021-06-27 00:00:00	2021-09-25 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr Web Attacks (IP=176,CN)
27.213.66.112	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=112,CN)
27.213.99.44	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firep0wer Suspicious Scan Activity (IP=44,CN)
27.214.37.129	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=129,CN)
27.215.211.58	24	BMP	None	2021-05-11 00:00:00	2021-08-09 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - 6hr Web Attacks (IP=58,CN)
27.215.226.79	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=79,CN)
27.216.100.251	24	DT	None	2021-06-24 00:00:00	2021-09-22 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Web Attacks (IP=251,CN)
27.216.234.98	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=98,CN)
27.217.129.63	24	KH	None	2021-08-27 00:00:00	2021-11-25 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt (1:46624:2) - Sourcefire (IP=63,CN)
27.218.248.121	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=121,CN)
27.219.132.71	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=71,CN)
27.219.160.112	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=112,CN)
27.219.192.223	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=223,CN)
27.219.26.194	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=194,CN)
27.220.61.85	24	EE	None	2020-12-07 00:00:00	2021-03-07 00:00:00	None	POLICY-OTHER SAP NetWeaver AS LM - SourceFire (IP=85,CN)
27.222.241.223	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	HIVE Case #Firepower Firepower (IP=223,CN)
27.223.124.242	24	EE	None	2021-02-13 00:00:00	2021-05-13 00:00:00	None	SSH User Authentication Brute Force Attempt - 6 HR Failed Logon (IP=242,CN)
27.246.64.251	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=251,TW)
27.253.95.84	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	AU Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
27.254.111.200	32	NAB	None	2020-10-30 00:00:00	2021-01-28 00:00:00	None	HIVE Case #4238 COLS-NA-TIP-20-0344 (IP=200,TH)
27.254.63.20	24	GM	None	2020-11-09 00:00:00	2021-02-09 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Web Attacks (IP=20,TH)
27.3.160.0	20	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,VN)
27.34.12.112	24	RW	None	2021-01-28 00:00:00	2021-04-28 00:00:00	None	HTTP: SQL Injection Exploit II - web attacks (IP=112,NP)
27.34.12.69	32	FT	None	2021-01-24 00:00:00	2021-04-24 00:00:00	None	SERVER-WEBAPP Symantec Messaging Gateway KavaChart Component directory traversal attempt (1:40451:2) - SourceFire (IP=69,NP)
27.34.20.148	24	RB	None	2021-02-14 00:00:00	2021-05-15 00:00:00	None	HTTP: Apache mod_cgi Bash Environment Variable Code Injection - 6hr web attacks (IP=148,NP)
27.34.244.0	24	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	IN TO-S-2020-0750 Malicious Email Activity
27.34.47.51	24	WR	None	2021-05-18 00:00:00	2021-08-16 00:00:00	None	SQL injection - Web Attacks (IP=51,NP)
27.36.1.70	24	BMP	None	2021-06-09 00:00:00	2021-09-07 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6hr Failed Logons (IP=70,CN)
27.36.1.70	24	SW	None	2021-06-09 00:00:00	2021-09-07 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt (1:19559:13) - Source Fire (IP=70,CN)
27.36.1.70	24	SW	None	2021-06-09 00:00:00	2021-09-07 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt (1:19559:13) - Source Fire (IP=70,CN)
27.38.245.5	32	srm	None	2021-05-14 00:00:00	2021-08-12 00:00:00	None	Firepower Suspicious Scan Activity (IP=5,CN)
27.38.254.225	32	srm	None	2021-04-20 00:00:00	2021-07-19 00:00:00	None	Firepower Suspicious Scan Activity (IP=225,CN)
27.38.254.226	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=226,CN)
27.38.61.114	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=114,CN)
27.38.61.121	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	HIVE Case #Firepower Firepower (IP=121,CN)
27.4.74.83	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	IN Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
27.40.117.215	32	wmp	None	2021-05-13 00:00:00	2021-08-13 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=215,CN)
27.40.122.162	32	srm	None	2021-04-26 00:00:00	2021-07-25 00:00:00	None	Firepower Suspicious Scan Activity (IP=162,CN)
27.41.154.249	32	srm	None	2021-05-14 00:00:00	2021-08-12 00:00:00	None	Firepower Suspicious Scan Activity (IP=249,CN)
27.43.108.63	24	KH	None	2021-09-04 00:00:00	2021-12-03 00:00:00	None	Generic URI Injection wget Attempt - FE IPS (IP=63,CN)
27.43.112.23	32	srm	None	2021-04-27 00:00:00	2021-07-26 00:00:00	None	Firepower Suspicious Scan Activity (IP=23,CN)
27.43.115.117	32	wmp	None	2021-04-19 00:00:00	2021-07-19 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=117,CN)
27.43.121.171	24	GM	None	2021-01-28 00:00:00	2021-04-28 00:00:00	None	Generic URI Injection wget Attempt - FireEye CMS (IP=171,CN)
27.46.45.103	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=103,CN)
27.5.16.34	32	srm	None	2021-04-26 00:00:00	2021-07-25 00:00:00	None	Firepower Suspicious Scan Activity (IP=34,IN)
27.5.20.0	22	NAB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HIVE Case #5136 TO-S-21-1197 TO-S-21-1197.01 (IP=0,IN)
27.5.36.0	22	NAB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HIVE Case #5136 TO-S-21-1197 TO-S-21-1197.01 (IP=0,IN)
27.5.40.228	32	wmp	None	2021-04-29 00:00:00	2021-07-29 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=228,IN)
27.5.45.186	32	wmp	None	2021-05-07 00:00:00	2021-08-07 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=186,IN)
27.5.96.0	20	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	IN TO-S-2020-0331 Malware Activity
27.5.98.63	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	IN TO-S-2020-0331 Malicious Reconnaissance Activity
27.50.76.1	24	BMP	None	2020-12-24 00:00:00	2021-03-24 00:00:00	None	APT Webshell SUPERNOVA - FireEye CMS (IP=1,AU)
27.54.188.139	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=139,IN)
27.56.174.25	24	RW	None	2020-12-08 00:00:00	2021-03-08 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=25,IN)
27.56.75.44	32	dbc	None	2020-01-08 00:00:00	2021-01-08 00:00:00	None	IN TO-S-2020-0236 Malicious Reconnaissance Activity
27.58.109.250	24	BB	None	2021-08-27 00:00:00	2021-11-27 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - Failed Logon (IP=250, IN)
27.6.178.207	32	srm	None	2021-05-05 00:00:00	2021-08-03 00:00:00	None	Firepower Suspicious Scan Activity (IP=207,IN)
27.6.194.114	32	srm	None	2021-04-20 00:00:00	2021-07-19 00:00:00	None	Firepower Suspicious Scan Activity (IP=114,IN)
27.6.196.79	32	srm	None	2021-05-14 00:00:00	2021-08-12 00:00:00	None	Firepower Suspicious Scan Activity (IP=79,IN)
27.62.141.168	24	FT	None	2020-10-04 00:00:00	2021-01-04 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=168,IN)
27.62.224.0	21	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5629 TO-S-2021-1303 (IP=0,IN)
27.62.244.9	24	RR	None	2021-03-30 00:00:00	2021-06-28 00:00:00	None	SERVER-WEBAPP JBoss JMXInvokerServlet access attempt -SourceFire (IP=9,IN)
27.64.152.167	24	RB	None	2021-03-05 00:00:00	2021-06-03 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - Sourcefire
27.65.248.0	21	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,VN)
27.66.119.202	24	RW	None	2021-04-23 00:00:00	2021-07-23 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6 hr failed logons (IP=202,VN)
27.66.128.244	32	TLM	None	2021-06-10 00:00:00	2021-12-10 00:00:00	None	HIVE CASE #5606 TO-S-2021-1338
27.66.193.90	32	dbc	None	2020-05-22 00:00:00	2021-05-27 00:00:00	None	Unafilliated TO-S-2020-0559 Malicious Email Activity | updated by dbc Block expiration extended with reason Unafilliated TO-S-2020-0559.01 Malicious Email Activity
27.66.248.0	21	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	VN TO-S-2020-0838 Malware Activity
27.66.47.0	24	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5629 TO-S-2021-1303 (IP=0,VN)
27.68.160.0	21	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=0,VN)
27.69.247.16	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	VN TO-S-2020-0298 Malicious Email Activity
27.69.8.201	24	RR	None	2021-03-04 00:00:00	2021-06-02 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - SourceFire (IP=201,VN)
27.7.200.63	24	KD	None	2021-09-01 00:00:00	2021-12-01 00:00:00	None	PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841)- TT# 21C01711(IP=63,IN)
27.7.201.217	24	RR	None	2021-02-08 00:00:00	2021-05-09 00:00:00	None	HTTP: Grandstream UCM6200 SQL Injection Vulnerability (CVE-2020-5722) - Web Attacks (IP=217,DE)
27.70.232.0	21	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	VN TO-S-2021-0876 Hive Case 4166 Malware Activity
27.71.122.220	24	RR	None	2021-05-30 00:00:00	2021-08-28 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - Failed Logons (IP=220,VN)
27.71.34.43	32	TLM	None	2021-06-17 00:00:00	2021-12-17 00:00:00	None	HIVE Case #5644 TO-S-2021-1352 (IP=43,VN)
27.72.112.0	20	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	VN TO-S-2020-0750 Malicious Email Activity
27.72.23.211	32	jkc	None	2021-04-21 00:00:00	2021-10-21 00:00:00	None	Case # 5273 IOC_TO-S-2021-1233 Malicious callback IP
27.72.80.0	20	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,VN)
27.74.122.135	24	RR	None	2021-05-31 00:00:00	2021-08-29 00:00:00	None	SERVER-WEBAPP Cisco ASA directory traversal attempt - Web Attacks (IP=135,VN)
27.75.101.51	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=51,VN)
27.75.125.229	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	VN Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
27.75.99.4	32	srm	None	2021-01-28 00:00:00	2021-04-28 00:00:00	None	Firepower Suspicious Scan Activity (IP=4,VN)
27.77.186.226	24	RW	None	2021-07-05 00:00:00	2021-10-03 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt (1:19559:13) - Sourcefire (IP=226,VN)
27.77.24.0	21	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	VN TO-S-2020-0838 Malware Activity
27.77.248.0	21	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=0,VN)
27.79.128.0	21	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	VN TO-S-2020-0331 Malicious Web Application Activity
27.79.136.0	21	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,VN)
27.8.98.43	32	BMP	None	2020-12-24 00:00:00	2021-03-24 00:00:00	None	Generic URI Injection wget Attempt - FireEye CMS (IP=43,CN)
27.82.201.161	24	BMP	None	2021-02-28 00:00:00	2021-05-30 00:00:00	None	SERVER-WEBAPP LifeRay arbitrary Java object deserialization attempt (1:56800:1) - SourceFire (IP=161,JP) | updated by RB Block expiration extended with reason SERVER-WEBAPP LifeRay arbitrary Java object deserialization attempt (1:56800:1) - 6hr failed l
27.83.167.7	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	JP TO-S-2020-0303 Malicious Email Activity
27.97.220.234	32	dbc	None	2020-01-08 00:00:00	2021-01-08 00:00:00	None	IN TO-S-2020-0236 Malicious Email Activity
27.98.176.117	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	JP Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
2717019-tapapp.me	---	TLM	None	2021-06-15 00:00:00	2021-09-13 00:00:00	2023-01-19 22:57:27	HIVE Case #5605 TO-S-2021-1338
3.1.194.211	24	AR	None	2021-08-29 00:00:00	2021-11-27 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - 6hr Web Attack (IP=211,SG)
3.1.200.191	24	EE	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire (IP=191,SG)
3.1.204.42	24	RR	None	2021-02-20 00:00:00	2021-05-21 00:00:00	None	HTTP: SQL Injection - Exploit - Web Attacks (IP=42,SG)
3.1.5.121	24	BMP	None	2021-06-15 00:00:00	2021-09-13 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=121,SG)
3.10.117.151	24	KH	None	2021-09-04 00:00:00	2021-12-03 00:00:00	None	Masscan TCP Port Scanner - FE IPS (IP=151,GB)
3.10.234.203	24	KH	None	2021-09-04 00:00:00	2021-12-03 00:00:00	None	Masscan TCP Port Scanner - FE IPS (IP=203,GB)
3.10.81.130	24	BMP	None	2021-06-16 00:00:00	2021-09-14 00:00:00	None	SQL injection - 6hr Web Attacks (IP=130,GB)
3.101.34.96	32	GM	None	2020-12-17 00:00:00	2021-03-17 00:00:00	None	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt - Web Attacks (IP=96,US)
3.129.69.155	32	BB	None	2021-06-15 00:00:00	2021-09-14 00:00:00	None	Unauthorized Access-Probe - TT#: 21C01297 (IP=155,US)
3.138.107.62	32	DT	None	2021-03-03 00:00:00	2021-06-02 00:00:00	None	HTTP: Apache Struts OGNL Code Execution - IR# 21C00555 (IP=62,US)
3.138.134.200	32	DT	None	2021-01-30 00:00:00	2021-04-30 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - 6hr Web Attacks (IP=200,US)
3.139.101.75	32	ZH	None	2021-07-17 00:00:00	2021-10-15 00:00:00	None	HTTP SQL Injection Attempt - Web Attacks (IP=75,US)
3.139.135.28	32	BMP	None	2021-02-16 00:00:00	2021-05-15 00:00:00	None	SERVER-WEBAPP JBoss JMXInvokerServlet access attempt - 6hr Web Attacks (IP=28,US)
3.139.227.24	32	CR	None	2020-12-29 00:00:00	2021-03-29 00:00:00	None	Hosting sites associated with WebNav Broswer (IP=102,US)
3.140.249.98	32	BMP	None	2021-05-05 00:00:00	2021-08-03 00:00:00	None	Webshell.Binary.php.FEC2 - Hive Case 5311 (IP=98,US)
3.141.202.48	32	BMP	None	2021-02-23 00:00:00	2021-05-24 00:00:00	None	SERVER-WEBAPP LifeRay arbitrary Java object deserialization attempt - 6hr Web Attacks (IP=48,US)
3.144.20.108	32	BMP	None	2021-08-15 00:00:00	2021-11-13 00:00:00	None	SERVER-WEBAPP WordPress SocialWarfare deprecated function access attempt (1:49527:2) - SoureFire (IP=108,US)
3.144.79.229	32	KH	None	2021-09-04 00:00:00	2021-12-03 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - 6hr Web Attacks (IP=229,US)
3.15.156.139	32	GM	None	2020-11-04 00:00:00	2021-02-04 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=139,US)
3.15.197.210	32	BMP	None	2021-09-09 00:00:00	2021-12-08 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=210,US)
3.20.26.225	32	RW	None	2021-03-07 00:00:00	2021-06-07 00:00:00	None	SERVER-WEBAPP LifeRay arbitrary Java object deserialization attempt - Sourcefire (IP=225,US)
3.208.128.113	32	wmp	None	2020-07-02 00:00:00	2021-08-24 00:00:00	None	HIVE Case #3190 COLS-NA-TIP-20-0200 (IP=113,US) | updated by wmp Block expiration extended with reason HIVE Case #3270 COLS-NA-TIP-20-0210 (IP=113,US) | updated by dbc Block expiration extended with reason US TO-S-2020-0750 Malicious Email Activity
3.21.185.186	32	GM	None	2020-12-20 00:00:00	2021-03-20 00:00:00	None	Unauthorized Access-Probe/UDP: Host Sweep - TT # 21C00358 (IP=186,US)
3.212.105.242	32	BMP	None	2020-10-11 00:00:00	2021-01-11 00:00:00	None	Known Attack Tool User Agent V2 / UDS-OpenVAS_RC8766 - TT# 21C00100 (IP=242,US)
3.212.154.125	32	BMP	None	2020-11-25 00:00:00	2021-02-25 00:00:00	None	External scanning - Case 4380 (IP=125,US) | unblocked: IP belongs to USACE AWS | updated by BMP Block was inactive. Reactivated on 20201125 with reason External scanning - Case 4380 (IP=125,US)
3.213.208.156	32	BMP	None	2021-06-22 00:00:00	2021-09-20 00:00:00	None	SSH User Authentication Brute Force Attempt - 6hr Failed Logons (IP=156,US)
3.215.133.208	32	BMP	None	2021-04-10 00:00:00	2021-07-09 00:00:00	None	SQL injection - 6hr Web Attacks (IP=208,US)
3.215.178.87	32	BMP	None	2020-12-15 00:00:00	2021-03-15 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - SourceFire (IP=87,US)
3.216.155.27	32	BB	None	2021-07-30 00:00:00	2021-10-28 00:00:00	None	SERVER-WEBAPP Cisco ASA cross site scripting attempt - ABC Report (IP=27,US)
3.217.116.174	32	NAB	None	2021-01-22 00:00:00	2021-04-22 00:00:00	None	HIVE Case #NA FP CIO Policy (IP=174,US)
3.218.153.28	32	RR	None	2021-09-09 00:00:00	2021-12-08 00:00:00	None	Known Attack Tool User Agent V2/UDS-WhatWeb_RC8766 - TT# 21C01793 (IP=28,US)
3.220.231.94	32	DT	None	2020-10-26 00:00:00	2021-01-24 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - SourceFire (IP=94,US)
3.223.115.185	32	AR	None	2021-05-27 00:00:00	2021-11-23 00:00:00	None	- CTO 21-131 (IP=185,US)
3.229.118.30	32	BMP	None	2020-10-16 00:00:00	2021-01-14 00:00:00	None	HTTP: PHP Wordpress Plugin Revolution Slider Vulnerability - TT# 21C00132 (IP=30,US)
3.234.1.34	32	BMP	None	2021-03-13 00:00:00	2021-11-09 00:00:00	None	SERVER-WEBAPP JBoss admin-console access - 6hr Web Attacks (IP=34,US) | updated by RW Block was inactive. Reactivated on 20210811 with reason SQL injection - Web Attacks (IP=34,US)
3.234.246.94	32	RW	None	2020-10-20 00:00:00	2021-01-20 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 21C00168 (IP=94,US)
3.235.64.155	32	BMP	None	2021-03-07 00:00:00	2021-06-07 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt (1:48837:6) - SourceFire (IP=155,US)
3.236.162.125	32	RW	None	2020-10-10 00:00:00	2021-01-10 00:00:00	None	FTKNOX_HRC_IPS Signature: Known Attack Tool User Agent V2 - TT# 21C00084 (IP=125,US)
3.236.68.243	32	RB	None	2021-04-26 00:00:00	2021-07-25 00:00:00	None	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - TT# 21C01087 (IP=243,US)
3.236.88.166	32	DT	None	2020-10-28 00:00:00	2021-01-26 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=166,US)
3.238.137.1	32	GM	None	2021-01-06 00:00:00	2021-04-06 00:00:00	None	SERVER-APACHE Apache Tomcat remote JSP file upload attempt - Sourcefire (IP=1,US)
3.238.50.4	32	BMP	None	2020-12-06 00:00:00	2021-03-06 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - SourceFire (IP=4,US)
3.248.103.28	24	KH	None	2021-08-27 00:00:00	2021-11-25 00:00:00	None	SQL injection - Web attacks (IP=28,IE)
3.32.108.68	32	GM	None	2021-01-06 00:00:00	2021-04-06 00:00:00	None	APP-DETECT SSH server detected on non-standard port - Sourcefire (IP=68,US)
3.32.114.37	32	DT	None	2021-06-28 00:00:00	2021-09-26 00:00:00	None	APP-DETECT SSH server detected on non-standard port (1:13586:5) - Source Fire (IP=37,US)
3.32.127.231	32	GM	None	2021-01-06 00:00:00	2021-04-06 00:00:00	None	APP-DETECT SSH server detected on non-standard port - Sourcefire (IP=231,US)
3.32.153.255	32	ZH	None	2021-07-15 00:00:00	2021-10-13 00:00:00	None	APP-DETECT SSH server detected on non-standard port (1:13586:5) - Sourcefire Rpt (IP=255,US)
3.32.168.140	32	GM	None	2021-01-06 00:00:00	2021-04-06 00:00:00	None	APP-DETECT SSH server detected on non-standard port - Sourcefire (IP=140,US)
3.32.169.180	32	GM	None	2021-01-06 00:00:00	2021-04-06 00:00:00	None	APP-DETECT SSH server detected on non-standard port - Sourcefire (IP=180,US)
3.32.173.137	32	ZH	None	2021-07-17 00:00:00	2021-10-15 00:00:00	None	APP-DETECT SSH server detected on non-standard port (1:13586:5) - Sourcefire Rpt (IP=137,US)
3.32.209.91	32	CR	None	2021-05-05 00:00:00	2021-08-05 00:00:00	None	APP-DETECT SSH server detected on non-standard port - FirePower report (IP=91,US)
3.32.211.254	32	UA	None	2021-06-22 00:00:00	2021-09-22 00:00:00	None	APP-DETECT SSH server detected on non-standard port (IP=254,US)
3.32.218.221	32	UA	None	2021-06-22 00:00:00	2021-09-22 00:00:00	None	APP-DETECT SSH server detected on non-standard port (IP=221,US)
3.32.41.232	32	GM	None	2021-01-06 00:00:00	2021-04-06 00:00:00	None	APP-DETECT SSH server detected on non-standard port - Sourcefire (IP=232,US)
3.32.43.151	32	GM	None	2021-01-06 00:00:00	2021-04-06 00:00:00	None	APP-DETECT SSH server detected on non-standard port - Sourcefire (IP=151,US)
3.32.53.247	32	GM	None	2021-01-06 00:00:00	2021-04-06 00:00:00	None	APP-DETECT SSH server detected on non-standard port - Sourcefire (IP=247,US)
3.32.58.3	32	CR	None	2021-05-05 00:00:00	2021-08-05 00:00:00	None	APP-DETECT SSH server detected on non-standard port - FirePower report (IP=3,US)
3.32.88.159	32	CR	None	2021-05-06 00:00:00	2021-08-06 00:00:00	None	APP-DETECT SSH server detected on non-standard port - Sourcefire (IP=159,US)
3.34.131.251	24	KH	None	2021-07-21 00:00:00	2021-10-19 00:00:00	None	HTTP SQL Injection Attempt - 6 hr Web Attacks (IP=251,KR)
3.6.150.226	24	RR	None	2021-02-20 00:00:00	2021-05-21 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - SourceFire (IP=226,IN)
3.6.7.99	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=99,IN)
3.66.216.208	24	FT	None	2021-04-25 00:00:00	2021-07-25 00:00:00	None	Unauthorized Access-Probe TT# 21C01072 (IP=208,DE)
3.7.72.40	24	RT	None	2021-07-01 00:00:00	2021-09-29 00:00:00	None	Nuclei Vulnerability Scanner - FireEye IPS (IP=40,IN)
3.8.114.147	32	NAB	None	2021-05-07 00:00:00	2021-11-07 00:00:00	None	HIVE Case #5407 TO-S-21-1268 Sharkseer-TIP-21-3117 (IP=147,GB)
3.8.124.219	24	KH	None	2021-09-27 00:00:00	2021-12-26 00:00:00	None	Masscan TCP Port Scanner - FE IPS (IP=219,GB)
3.8.134.91	24	KH	None	2021-09-12 00:00:00	2021-12-11 00:00:00	None	Masscan TCP Port Scanner - FE IPS (IP=91,GB)
3.8.152.180	24	KH	None	2021-09-22 00:00:00	2021-12-21 00:00:00	None	Masscan TCP Port Scanner - Sourcefire (IP=180,GB)
3.8.237.77	24	KH	None	2021-10-01 00:00:00	2021-12-30 00:00:00	None	Masscan TCP Port Scanner - FE IPS (IP=77,GB)
3.8.77.217	32	srm	None	2021-04-23 00:00:00	2021-07-22 00:00:00	None	Firepower Suspicious Scan Activity (IP=217,GB)
3.80.199.165	32	BMP	None	2020-10-16 00:00:00	2021-01-14 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=15,US)
3.80.208.13	32	RW	None	2021-07-05 00:00:00	2021-10-03 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire (IP=13,US)
3.80.224.215	32	RT	None	2021-05-20 00:00:00	2021-08-19 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=215,US)
3.80.228.181	32	AR	None	2021-06-22 00:00:00	2021-09-20 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire Report (IP=181,US)
3.80.237.240	32	GM	None	2020-11-21 00:00:00	2021-02-21 00:00:00	None	SSLv2 Client Hello Request Detected - FireEye CMS (IP=240,US)
3.80.29.38	32	SW	None	2021-08-25 00:00:00	2021-11-23 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=38, US)
3.80.53.223	32	RT	None	2021-06-10 00:00:00	2021-09-08 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire Report (IP=223,US)
3.81.11.148	32	ZH	None	2021-07-04 00:00:00	2021-10-02 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire Rpt (IP=148,US)
3.81.142.119	32	RT	None	2021-06-29 00:00:00	2021-09-27 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire Report (IP=119,US)
3.81.158.250	32	ZH	None	2021-08-22 00:00:00	2021-11-20 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - Sourcefire (IP=250,US)
3.81.167.220	32	DT	None	2020-11-06 00:00:00	2021-02-06 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=220,US)
3.81.17.100	32	PS	None	2021-06-03 00:00:00	2021-09-01 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (1:45200:2) (IP=100,US)
3.81.184.2	32	AR	None	2021-06-30 00:00:00	2021-09-28 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - SourceFire (IP=2,US)
3.81.184.99	32	BMP	None	2020-10-12 00:00:00	2021-01-12 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=99,US)
3.81.187.119	32	BMP	None	2020-10-19 00:00:00	2021-01-17 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=119,US)
3.81.228.215	32	RW	None	2021-07-23 00:00:00	2021-07-27 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire (IP=215,US) | Unblocked - IP is owned by Amazon.com, block disabled large US based e-commerce site
3.81.40.244	32	ZH	None	2021-07-22 00:00:00	2021-10-20 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - Sourcefire Rpt (IP=244,US)
3.81.54.147	32	UA	None	2021-07-21 00:00:00	2021-10-19 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire (IP=147,US)
3.81.66.9	32	BMP	None	2021-04-27 00:00:00	2021-07-26 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=9,US)
3.81.78.163	32	BB	None	2021-09-09 00:00:00	2021-12-08 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=163,US)
3.81.89.32	24	BMP	None	2021-06-15 00:00:00	2021-09-13 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=32,MA)
3.81.94.49	32	BMP	None	2021-06-22 00:00:00	2021-09-20 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - SourceFire (IP=49,US)
3.81.95.45	32	ZH	None	2021-06-24 00:00:00	2021-09-22 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire Rpt (IP=45,US)
3.82.11.63	32	RT	None	2021-06-04 00:00:00	2021-09-02 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire Report (IP=63,US)
3.82.119.223	32	BMP	None	2021-08-08 00:00:00	2021-11-06 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=223,US)
3.82.146.90	32	CR	None	2021-05-13 00:00:00	2021-08-11 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=90,US)
3.82.161.235	32	RT	None	2021-09-19 00:00:00	2021-12-18 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire Report (IP=235,US)
3.82.161.50	32	GM	None	2020-11-09 00:00:00	2021-02-09 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=50,US)
3.82.174.64	32	UA	None	2021-07-11 00:00:00	2021-10-09 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire (IP=64,UA)
3.82.189.180	32	GM	None	2021-02-13 00:00:00	2021-05-13 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=180,US)
3.82.191.105	32	ZH	None	2021-07-05 00:00:00	2021-10-03 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - Sourcefire Rpt (IP=105,US)
3.82.222.82	32	AR	None	2021-07-19 00:00:00	2021-10-17 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2)- SourceFire (IP=82,US)
3.82.48.70	32	RT	None	2021-06-18 00:00:00	2021-09-16 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - Sourcefire Report (IP=70,US)
3.83.120.121	32	BMP	None	2021-05-03 00:00:00	2021-08-01 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=121,US)
3.83.144.49	32	RT	None	2021-06-10 00:00:00	2021-09-08 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire Report (IP=49,US)
3.83.156.151	32	ZH	None	2021-07-04 00:00:00	2021-10-02 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - Sourcefire Rpt (IP=151,US)
3.83.161.227	32	GM	None	2021-02-21 00:00:00	2021-05-22 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=227,US)
3.83.178.231	32	RT	None	2021-07-01 00:00:00	2021-09-29 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - Sourcefire Report (IP=231,US)
3.83.206.123	32	UA	None	2021-06-22 00:00:00	2021-09-22 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (IP=123,US)
3.83.244.224	32	CR	None	2021-05-30 00:00:00	2021-08-28 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=224,US)
3.83.25.214	32	BMP	None	2021-07-03 00:00:00	2021-10-01 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - SourceFire (IP=214,US)
3.83.35.87	32	BMP	None	2021-05-06 00:00:00	2021-08-04 00:00:00	None	SQL injection - 6hr Web Attacks (IP=87,US)
3.83.53.102	32	PS	None	2021-05-19 00:00:00	2021-08-17 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2)-Sourcefire Report (IP=102,US)
3.83.87.15	32	ZH	None	2021-08-19 00:00:00	2021-11-17 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire Rpt (IP=15,US)
3.84.0.78	32	ZH	None	2021-05-18 00:00:00	2021-08-16 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire Report (IP=78,US)
3.84.135.228	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=228,US)
3.84.136.109	32	BMP	None	2021-08-15 00:00:00	2021-11-13 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SoureFire (IP=109,US)
3.84.147.57	32	GM	None	2021-02-15 00:00:00	2021-05-15 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=57,US)
3.84.172.48	32	CR	None	2021-05-13 00:00:00	2021-08-11 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=48,US)
3.84.174.187	32	ZH	None	2021-08-26 00:00:00	2021-11-24 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire (IP=187,US)
3.84.179.188	32	RW	None	2021-07-05 00:00:00	2021-10-03 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire (IP=188,US)
3.84.49.194	32	RW	None	2021-08-17 00:00:00	2021-11-15 00:00:00	None	SERVER-OTHER limited RSA ciphersuite
3.84.50.147	32	RT	None	2021-09-27 00:00:00	2021-12-26 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - Sourcefire Report (IP=147,US)
3.84.52.54	32	RT	None	2021-07-01 00:00:00	2021-09-29 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - Sourcefire Report (IP=54,US)
3.84.73.117	32	AR	None	2021-06-26 00:00:00	2021-09-24 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - SourceFire (IP=117,US)
3.84.76.109	32	AR	None	2021-08-13 00:00:00	2021-11-11 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire Report (IP=109,US)
3.85.102.14	32	BMP	None	2021-03-16 00:00:00	2021-06-14 00:00:00	None	FTP Login Failed - 6hr Failed Logons (IP=14,US)
3.85.121.109	32	JKC	None	2021-06-08 00:00:00	2021-06-08 00:00:00	None	Malicious IP Hive Case 2977 TIPPER 20-0172 (ip=109, US)
3.85.127.134	32	BMP	None	2020-10-15 00:00:00	2021-01-13 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=134,US)
3.85.174.16	32	ZH	None	2021-07-13 00:00:00	2021-10-11 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire Rpt (IP=16,US)
3.85.21.148	32	BMP	None	2021-08-14 00:00:00	2021-11-12 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=148,US)
3.85.21.250	32	RW	None	2021-07-23 00:00:00	2021-10-21 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - Sourcefire (IP=250,US)
3.85.220.103	32	CR	None	2021-05-11 00:00:00	2021-08-11 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=103,US)
3.85.227.46	32	SW	None	2021-05-20 00:00:00	2021-08-19 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt SourceFire (IP=46,US)
3.85.61.48	32	ZH	None	2021-08-19 00:00:00	2021-11-17 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire Rpt (IP=48,US)
3.85.88.18	32	BMP	None	2021-09-03 00:00:00	2021-12-02 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=18, US)
3.86.178.248	32	CR	None	2021-04-29 00:00:00	2021-07-29 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt_Sourcefire (IP=248,US)
3.86.204.55	32	RT	None	2021-06-18 00:00:00	2021-09-16 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - Sourcefire Report (IP=55,US)
3.86.209.27	32	ZH	None	2021-08-20 00:00:00	2021-11-18 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire (IP=27,US)
3.86.25.184	32	BMP	None	2021-02-06 00:00:00	2021-05-06 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=184,US)
3.86.253.166	32	BMP	None	2021-02-23 00:00:00	2021-05-24 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=166,US)
3.86.4.73	32	SW	None	2021-05-20 00:00:00	2021-08-19 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt SourceFire (IP=73,US)
3.86.41.125	32	RT	None	2021-06-18 00:00:00	2021-09-16 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire Report (IP=125,US)
3.86.52.49	32	BMP	None	2021-05-27 00:00:00	2021-08-25 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=49,US)
3.86.65.235	32	GM	None	2020-11-05 00:00:00	2021-02-05 00:00:00	None	FTP Login Failed - Failed Logons (IP=235,US)
3.87.101.163	32	RW	None	2020-10-03 00:00:00	2021-01-03 00:00:00	None	Authentication Failed - 6hr Failed Logon (IP=163,US)
3.87.160.82	32	GM	None	2021-02-13 00:00:00	2021-05-13 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=82,US)
3.87.161.232	32	SW	None	2021-07-09 00:00:00	2021-10-07 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire(IP=232, US)
3.87.194.32	32	WR	None	2021-06-27 00:00:00	2021-09-25 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=32,US)
3.87.212.164	32	BMP	None	2021-04-30 00:00:00	2021-07-30 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=164,US)
3.87.220.220	32	BMP	None	2021-07-03 00:00:00	2021-10-01 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - SourceFire (IP=220,US)
3.87.23.67	32	PS	None	2021-05-19 00:00:00	2021-08-17 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2)-Sourcefire Report (IP=67,US)
3.87.242.139	32	CR	None	2021-05-31 00:00:00	2021-08-29 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=139,US)
3.87.54.140	32	BMP	None	2021-06-17 00:00:00	2021-09-15 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=140,US)
3.87.58.68	32	DT	None	2021-09-12 00:00:00	2021-12-11 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - Source Fire (IP=68,US)
3.87.66.80	32	RW	None	2021-07-05 00:00:00	2021-10-03 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire (IP=80,US)
3.88.111.47	32	ZH	None	2021-06-24 00:00:00	2021-09-22 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire Rpt (IP=47,US)
3.88.147.200	32	RW	None	2021-06-01 00:00:00	2021-08-30 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire (IP=200,US)
3.88.170.209	32	RT	None	2021-06-16 00:00:00	2021-09-14 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire Report (IP=209,US)
3.88.199.149	32	GM	None	2020-11-09 00:00:00	2021-02-09 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=149,US)
3.88.208.246	32	ZH	None	2021-06-27 00:00:00	2021-09-25 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire Rpt (IP=246,US)
3.88.212.209	32	ZH	None	2021-07-03 00:00:00	2021-10-01 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire Rpt (IP=209,US)
3.88.3.227	32	RT	None	2021-07-16 00:00:00	2021-10-14 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire Report (IP=227,US)
3.88.30.210	32	ZH	None	2021-07-13 00:00:00	2021-10-11 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - Sourcefire Rpt (IP=210,US)
3.88.35.209	32	BMP	None	2021-04-27 00:00:00	2021-07-26 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - SourceFire (IP=209,US)
3.88.5.228	32	RT	None	2021-06-10 00:00:00	2021-09-08 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire Report (IP=228,US)
3.88.85.27	32	CR	None	2021-05-31 00:00:00	2021-08-29 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=27,US)
3.89.110.150	32	DT	None	2021-08-31 00:00:00	2021-11-29 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Source Fire (IP=150,US)
3.89.135.66	32	ZH	None	2021-08-19 00:00:00	2021-11-17 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - Sourcefire Rpt (IP=66,US)
3.89.161.162	32	ZH	None	2021-06-28 00:00:00	2021-09-26 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - Sourcefire Rpt (IP=162,US)
3.89.201.234	32	ZH	None	2021-07-17 00:00:00	2021-10-15 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire Rpt (IP=234,US)
3.89.247.254	32	RW	None	2021-07-23 00:00:00	2021-10-21 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire (IP=254,US)
3.89.32.38	32	KD	None	2021-07-29 00:00:00	2021-10-27 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2)- Sourcefire (IP=38,US)
3.89.4.147	32	BMP	None	2020-10-17 00:00:00	2021-01-15 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=147,US)
3.89.42.94	32	RT	None	2021-06-16 00:00:00	2021-09-14 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire Report (IP=94,US)
3.89.43.147	32	KD	None	2021-07-13 00:00:00	2021-10-11 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2)- Source Fire (IP=147,US)
3.89.64.254	32	AR	None	2021-06-22 00:00:00	2021-09-20 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire Report (IP=254,US)
3.89.70.68	32	BMP	None	2021-09-09 00:00:00	2021-12-08 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=68, US)
3.89.98.236	32	BMP	None	2021-04-27 00:00:00	2021-07-26 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - SourceFire (IP=36,US)
3.90.0.2	32	GM	None	2021-02-13 00:00:00	2021-05-13 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=2,US)
3.90.104.85	32	BMP	None	2021-02-11 00:00:00	2021-05-11 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=85,US)
3.90.14.66	32	KH	None	2021-08-30 00:00:00	2021-11-28 00:00:00	None	SQL injection - 6hr Web Attacks (IP=66,US)
3.90.184.29	32	KD	None	2021-07-20 00:00:00	2021-10-18 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2)- Source Fire (29,US)
3.90.230.131	32	AR	None	2021-05-21 00:00:00	2021-08-19 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire Report (IP=131,US)
3.90.235.68	32	BMP	None	2021-09-03 00:00:00	2021-12-02 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=68,US)
3.90.244.160	32	RT	None	2021-09-03 00:00:00	2021-12-02 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SOURCEFIRE REPORT (IP=160,US)
3.90.244.244	32	BMP	None	2021-08-07 00:00:00	2021-11-05 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - SourceFire (IP=244,US)
3.90.252.223	32	AR	None	2021-06-30 00:00:00	2021-09-28 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=223,US)
3.90.32.251	32	DT	None	2021-09-03 00:00:00	2021-12-02 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Source Fire (IP=251,US)
3.90.39.181	32	RT	None	2021-06-29 00:00:00	2021-09-27 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire Report (IP=181,US)
3.90.50.32	32	RW	None	2020-04-29 00:00:00	2021-10-27 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=52,US) | updated by KD Block was inactive. Reactivated on 20210729 with reason SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2)- Sourcefire (IP=32,US)
3.91.178.32	32	RT	None	2021-08-18 00:00:00	2021-11-16 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - Sourcefire Report( IP=32,US)
3.91.182.168	32	ZH	None	2021-07-03 00:00:00	2021-10-01 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - Sourcefire Rpt (IP=168,US)
3.91.183.124	32	RW	None	2021-07-08 00:00:00	2021-10-06 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - Sourcefire (IP=124,US)
3.91.185.207	32	DT	None	2021-03-08 00:00:00	2021-06-08 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=207,US)
3.91.193.27	32	BMP	None	2020-10-11 00:00:00	2021-01-11 00:00:00	None	Known Attack Tool User Agent V2 / UDS-OpenVAS_RC8766 - TT# 21C00099 (IP=27,US)
3.91.31.112	32	PS	None	2021-06-03 00:00:00	2021-09-01 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire(1:45199:2) (IP=112,US)
3.91.71.253	32	BMP	None	2021-08-08 00:00:00	2021-11-06 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - SourceFire (IP=253,US)
3.92.169.237	32	WR	None	2021-06-26 00:00:00	2021-09-24 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - SourceFire (IP=237,US)
3.92.174.69	32	ZH	None	2021-07-03 00:00:00	2021-10-01 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire Rpt (IP=69,US)
3.92.179.204	32	BMP	None	2021-08-05 00:00:00	2021-11-03 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=204,US)
3.92.226.180	32	RT	None	2021-07-07 00:00:00	2021-10-05 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire Report (IP=180,US)
3.92.25.95	32	DT	None	2021-09-27 00:00:00	2021-12-26 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - TT# 21C01972 (IP=95,US)
3.92.28.102	32	SW	None	2021-10-01 00:00:00	2021-12-30 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=102,US)
3.92.48.4	32	BMP	None	2021-08-14 00:00:00	2021-11-12 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=4,US)
3.92.55.136	32	BMP	None	2021-05-03 00:00:00	2021-08-01 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=136,US)
3.93.13.96	32	RT	None	2021-07-01 00:00:00	2021-09-29 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire Report (IP=96,US)
3.93.180.189	32	RT	None	2021-07-16 00:00:00	2021-10-14 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire Report (IP=189,US)
3.93.184.236	32	PS	None	2021-05-27 00:00:00	2021-08-25 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt- SourceFire (1:45199:2) (IP=236,US)
3.93.189.113	32	ZH	None	2021-06-09 00:00:00	2021-09-07 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire Report (IP=113,US)
3.93.193.62	32	ZH	None	2021-08-26 00:00:00	2021-11-24 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire (IP=62,US)
3.93.241.214	32	RT	None	2021-10-02 00:00:00	2021-12-31 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SOURCEFIRE REPORT (IP=214,US)
3.93.25.94	32	RW	None	2020-10-11 00:00:00	2021-01-11 00:00:00	None	Known Attack Tool User Agent V2/UDS-WhatWeb_RC8766 - IR# 21C00094 (IP=94,US)
3.93.47.42	32	RT	None	2021-06-08 00:00:00	2021-09-06 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire Report (IP=42,US)
3.93.54.23	32	GM	None	2021-03-29 00:00:00	2021-06-29 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=23,US)
3.93.57.125	32	BMP	None	2021-08-05 00:00:00	2021-11-03 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - SourceFire (IP=125,US)
3.93.63.240	32	CR	None	2021-05-31 00:00:00	2021-08-29 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=240,US)
3.93.77.42	32	UA	None	2021-07-11 00:00:00	2021-10-09 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire (IP=42,US)
3.93.82.133	32	AR	None	2021-06-22 00:00:00	2021-09-20 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire Report (IP=133,US)
3.94.121.91	32	SW	None	2021-05-20 00:00:00	2021-08-19 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt SourceFire (IP=91,US)
3.94.132.160	32	BMP	None	2021-03-27 00:00:00	2021-06-25 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=160,US)
3.94.186.249	32	DT	None	2021-09-12 00:00:00	2021-12-11 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Source Fire (IP=249,US)
3.94.214.105	32	RT	None	2021-06-10 00:00:00	2021-09-08 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire Report (IP=105,US)
3.94.255.110	32	BMP	None	2021-06-03 00:00:00	2021-09-01 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - SourceFire (IP=110,US)
3.94.6.143	32	ZH	None	2021-08-22 00:00:00	2021-11-20 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire (IP=143,US)
3.94.85.218	32	BMP	None	2020-11-17 00:00:00	2021-02-15 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=218,US)
3.94.89.189	32	RT	None	2021-06-08 00:00:00	2021-09-06 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire Report (IP=189,US)
3.95.10.99	32	RT	None	2021-09-20 00:00:00	2021-12-19 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire Report (IP=99,US)
3.95.135.11	32	CR	None	2021-05-31 00:00:00	2021-08-29 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=11,US)
3.98.55.66	32	BMP	None	2021-06-01 00:00:00	2021-08-30 00:00:00	None	Attempted Access - Inbound Brute Force / SSH: SSH Login Bruteforce Detected - TT# 21C01241 (IP=66,CA)
3.99.55.32	24	ZH	None	2021-09-21 00:00:00	2021-12-20 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6hr failed logons (IP=32,CA)
31.128.249.180	24	RT	None	2021-05-20 00:00:00	2021-08-19 00:00:00	None	FTP Login Failed - 6 Hour Failed Logons (IP=180,UA)
31.13.127.10	24	RR	None	2020-11-09 00:00:00	2021-02-07 00:00:00	None	SERVER-WEBAPP Ulterius web server directory traversal attempt - SourceFire (IP=10,IL)
31.13.170.102	32	wmp	None	2021-02-12 00:00:00	2021-05-12 00:00:00	None	ArcSight High Attacker (IP=102,DE)
31.13.170.102	32	wmp	None	2021-02-12 00:00:00	2021-05-12 00:00:00	None	ArcSight High Attacker (IP=102,DE) ArcSight High Attacker (IP=102,DE)
31.13.170.109	24	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=109,DE)
31.13.170.109	24	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=109,DE) Web (HTTP) Attacks (IP=109,DE)
31.13.188.0	22	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,ES)
31.13.32.0	19	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,RU)
31.13.8.0	21	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	SE TO-S-2020-0303 Malicious Web Application Activity
31.132.132.0	22	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	RU Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
31.133.0.123	32	wmp	None	2021-05-21 00:00:00	2021-08-21 00:00:00	None	McAfee IDS Suspicious Scan Activity (IP=123,PL)
31.134.224.0	20	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	RU TO-S-2020-0331 Malicious Web Application Activity
31.135.207.95	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	PL TO-S-2020-0303 Malicious Email Activity
31.14.252.18	24	EE	None	2021-01-09 00:00:00	2021-04-09 00:00:00	None	SERVER-WEBAPP Drupal Core 8 PHP object injection RCE attempt (1:49257:2) - SourceFire (IP=18,RO)
31.14.59.56	24	SW	None	2021-06-01 00:00:00	2021-08-30 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks(IP=56,RO)
31.14.59.56	24	SW	None	2021-06-01 00:00:00	2021-08-30 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks(IP=56,RO)
31.145.209.151	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=151,TR)
31.146.249.198	32	wmp	None	2021-05-21 00:00:00	2021-08-21 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=198,GE)
31.155.141.241	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	TR TO-S-2020-0303 Malicious Email Activity
31.156.60.194	24	KH	None	2021-09-12 00:00:00	2021-12-11 00:00:00	None	Drupal Core CVE-2018-7600 Form Rendering Post_render RCE - FE IPS (IP=194,IT)
31.156.70.42	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	IT TO-S-2020-0493 Malware Activity
31.163.147.22	24	RR	None	2021-02-23 00:00:00	2021-06-23 00:00:00	None	MALCIOUS(Infection-Match) - Case 4958 (IP=22,RU)
31.163.164.248	24	DT	None	2021-06-18 00:00:00	2021-09-16 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (1:42857:3) - Source Fire (IP=248,RU)
31.163.66.64	24	DT	None	2021-02-23 00:00:00	2021-05-24 00:00:00	None	FTP Login Failed - 6hr Failed Logons (IP=64,RU)
31.170.121.238	32	NAB	None	2020-10-30 00:00:00	2021-01-28 00:00:00	None	HIVE Case #4238 COLS-NA-TIP-20-0344 (IP=238,GB)
31.170.161.19	32	NAB	None	2021-05-04 00:00:00	2021-11-04 00:00:00	None	HIVE Case #NA FP Security (IP=19,CY)
31.171.152.134	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	AL TO-S-2020-0493 Malware Activity
31.172.206.228	32	jkc	None	2020-06-26 00:00:00	2021-06-26 00:00:00	None	Case # 3146 - IOC_ CTO 20-172 malicious callback IP (ip=228,RU)
31.173.29.31	32	jkc	None	2020-06-26 00:00:00	2021-06-26 00:00:00	None	Case # 3146 - IOC_ CTO 20-172 malicious callback IP (ip=31,RU)
31.179.192.216	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	PL TO-S-2020-0331 Malicious Web Application Activity
31.179.251.74	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	PL TO-S-2020-0331 Malicious Web Application Activity
31.18.170.160	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	DE TO-S-2020-0298 Malicious Email Activity
31.184.198.75	32	NAB	None	2021-05-04 00:00:00	2021-11-04 00:00:00	None	HIVE Case #5344 TO-S-21-1245 (IP=75,RU)
31.186.215.150	24	RB	None	2021-05-16 00:00:00	2021-08-14 00:00:00	None	SERVER-WEBAPP Liferay arbitrary Java object deserialization attempt - 6hr web attacks (IP=150,PL)
31.186.241.7	32	NAB	None	2020-11-12 00:00:00	2021-11-19 00:00:00	None	HIVE Case #4301 COLS-NA-TIP-20-3049 (IP=7,GB) | updated by dbc Block expiration extended with reason GB TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
31.193.136.168	32	NAB	None	2021-04-05 00:00:00	2021-07-04 00:00:00	None	HIVE Case #5201 TO-S-21-1209 (IP=168,GB)
31.193.199.54	24	AR	None	2021-09-20 00:00:00	2021-12-19 00:00:00	None	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - TT# 21C01905 (IP=54,LT)
31.197.102.187	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	IT TO-S-2020-0493 Malware Activity
31.200.244.88	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	ES TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
31.200.246.136	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	ES Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
31.204.150.250	24	RW	None	2021-07-23 00:00:00	2021-10-21 00:00:00	None	SQL injection - Web Attacks (IP=250,JP)
31.206.142.198	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	TR TO-S-2020-0331 Malicious Web Application Activity
31.207.34.203	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	FR TO-S-2020-0459 Malware Activity
31.207.36.17	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	FR TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
31.207.47.52	32	dbc	None	2020-03-24 00:00:00	2021-03-24 00:00:00	None	NL TO-S-2020-0369 Malware Activity
31.207.47.76	32	dbc	None	2020-03-24 00:00:00	2021-03-24 00:00:00	None	NL TO-S-2020-0369 Malware Activity
31.207.64.0	20	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	RU TO-S-2020-0331 Malicious Web Application Activity
31.208.250.146	24	RR	None	2020-11-28 00:00:00	2021-02-26 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - Web Attacks (IP=146,SE)
31.208.26.88	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	SE TO-S-2020-0535 Malware Activity
31.210.159.104	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	TR TO-S-2020-0331 Malicious Email Activity
31.210.20.100	32	CR	None	2021-06-08 00:00:00	2021-09-07 00:00:00	None	Scanning Activity - Shellshock, webserver Probing - FE IPS Events (IP=100,US)
31.210.20.124	32	RW	None	2021-03-10 00:00:00	2021-06-08 00:00:00	None	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00667 (IP=124,NL)
31.210.20.183	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=183,US)
31.210.20.19	32	wmp	None	2021-03-04 00:00:00	2021-06-04 00:00:00	None	FirePower Suspicious Scan Activity (IP=19,US)
31.213.157.7	32	wmp	None	2020-09-02 00:00:00	2021-10-08 00:00:00	None	HIVE Case #3724 COLS-NA-TIP-20-0276 (IP=7,DE) | updated by dbc Block expiration extended with reason HIVE Case #4064 TO-S-2020-0859 (IP=7,DE)
31.216.32.0	21	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	SE TO-S-2020-0459 Malware Activity
31.217.192.0	21	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	FI TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
31.22.4.101	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	HIVE Case #3650 COLS-NA-TIP-20-0271 (IP=101,GB)
31.22.4.47	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	GB TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
31.22.4.51	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=51,GB)
31.22.7.102	32	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	GB TO-S-2020-0838 Malicious Email Activity
31.220.105.141	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
31.220.105.208	32	KF	None	2020-02-09 00:00:00	2021-04-23 00:00:00	None	HTTP: SQL Injection - Exploit II - Web Attacks (IP=208,US) | updated by dbc Block expiration extended with reason US TO-S-2020-0459 Malware Activity
31.220.105.231	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
31.220.110.141	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
31.220.16.0	24	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,GB)
31.220.21.97	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	LT Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
31.220.3.133	32	RW	None	2021-03-10 00:00:00	2021-06-10 00:00:00	None	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00663 (IP=133,DE)
31.220.3.97	32	DT	None	2021-03-14 00:00:00	2021-06-14 00:00:00	None	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00678 (IP=97,DE)
31.220.54.202	24	RR	None	2021-05-23 00:00:00	2021-08-21 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=202,CN)
31.220.55.219	24	ZH	None	2021-07-24 00:00:00	2021-10-22 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - 6hr Web Attacks (IP=219,CY)
31.223.101.55	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	TR TO-S-2021-1007 Malware Activity
31.223.108.83	24	RR	None	2020-10-09 00:00:00	2021-01-07 00:00:00	None	SERVER-WEBAPP Drupal unsafe internal attribute remote code execution attempt - SourceFire (IP=83,TR)
31.223.72.137	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	TR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
31.223.89.11	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	TR TO-S-2020-0331 Malicious Web Application Activity
31.223.96.203	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	TR TO-S-2020-0303 Malicious Email Activity
31.25.176.116	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	ES TO-S-2020-0303 Malicious Email Activity
31.26.136.46	24	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=46,IT)
31.27.197.55	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	IT TO-S-2020-0331 Malicious Web Application Activity
31.28.0.0	19	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	RU Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
31.28.120.0	21	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	RU Hive Case 4237 TO-S-2021-0910 Malware Activity
31.28.24.119	32	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	RU TO-S-2020-0315 Malicious Email Activity
31.29.224.0	21	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	RU Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
31.31.199.113	24	EE	None	2021-04-06 00:00:00	2021-07-05 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) Web Attack (IP=113,RU)
31.31.199.113	32	srm	None	2021-04-07 00:00:00	2021-07-07 00:00:00	None	Firepower Suspicious Scan Activity (IP=113,RU)
31.31.199.113	32	srm	None	2021-04-07 00:00:00	2021-07-07 00:00:00	None	Firepower Suspicious Scan Activity (IP=113,RU) Firepower Suspicious Scan Activity (IP=113,RU)
31.31.203.243	24	DT	None	2021-03-30 00:00:00	2021-06-28 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=243,RU)
31.31.72.215	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=215,CZ)
31.40.129.90	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	RU TO-S-2020-0331 Malicious Web Application Activity
31.40.253.14	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	US TO-S-2020-0493 Malware Activity
31.41.138.25	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	PL TO-S-2020-0331 Malicious Web Application Activity
31.42.177.129	32	wmp	None	2021-03-08 00:00:00	2021-06-08 00:00:00	None	McAfee Suspicious Scan Activity (IP=129,PL)
31.42.184.0	22	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=0,UA)
31.44.119.15	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	IT TO-S-2020-0303 Malicious Email Activity
31.44.165.6	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	IT TO-S-2020-0298 Malicious Email Activity
31.44.182.0	23	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5629 TO-S-2021-1303 (IP=0,RU)
31.44.182.0	23	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5629 TO-S-2021-1303 (IP=0,RU)
31.44.185.251	32	NAB	None	2021-04-15 00:00:00	2021-07-14 00:00:00	None	HIVE Case #NA FP Security (IP=251,RU)
31.44.185.6	32	wmp	None	2021-06-22 00:00:00	2021-09-22 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=6,RU)
31.44.185.6	32	wmp	None	2021-06-22 00:00:00	2021-09-22 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=6,RU)
31.47.103.30	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	CZ TO-S-2020-0298 Malicious Email Activity
31.47.103.86	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	CZ TO-S-2020-0303 Malicious Email Activity
31.47.169.76	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	RU TO-S-2020-0298 Malicious Email Activity
31.47.249.40	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	DE Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
31.53.246.65	24	RB	None	2021-03-18 00:00:00	2021-06-16 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - 6hr web attacks (IP=65,GB)
31.6.10.181	32	GM	None	2020-11-12 00:00:00	2021-02-12 00:00:00	None	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - TT # 21C00229 (IP=181,EG)
31.7.61.187	32	RW	None	2021-03-10 00:00:00	2021-06-10 00:00:00	None	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00664 (IP=187,PA)
31.7.61.188	32	GM	None	2021-03-09 00:00:00	2021-06-07 00:00:00	None	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00638 (IP=188,CH)
31.7.61.190	32	DT	None	2021-03-14 00:00:00	2021-06-14 00:00:00	None	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00692 (IP=190,US)
34.101.193.34	24	BMP	None	2021-04-01 00:00:00	2021-06-30 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=34,SG)
34.101.197.149	24	BMP	None	2021-06-03 00:00:00	2021-09-01 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - 6hr Web Attacks (IP=149,SG)
34.101.247.45	24	GM	None	2021-04-03 00:00:00	2021-07-03 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=45,ID)
34.101.248.255	24	RR	None	2021-03-11 00:00:00	2021-06-09 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=255,SG)
34.105.174.26	24	BMP	None	2021-04-02 00:00:00	2021-07-01 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=26,GB)
34.105.190.51	32	BMP	None	2021-03-13 00:00:00	2021-06-11 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=51,US)
34.106.240.103	32	DT	None	2021-09-11 00:00:00	2021-12-10 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# Paper TT 006
34.107.103.208	32	RR	None	2021-05-11 00:00:00	2021-08-09 00:00:00	None	Self Report / Scanning - TT# 21C01151 (IP=208,US)
34.107.109.20	24	RW	None	2021-05-08 00:00:00	2021-08-08 00:00:00	None	HTTP: Apache mod_cgi Bash Environment Variable Code Injection - Web attacks (IP=20,DE)
34.107.128.118	24	BMP	None	2021-06-09 00:00:00	2021-09-07 00:00:00	None	Riskware - Hive case 5589 (IP=118,US)
34.107.13.236	24	BMP	None	2021-05-13 00:00:00	2021-08-11 00:00:00	None	Command Injection (IP=236,DE)
34.107.3.44	24	RW	None	2021-05-08 00:00:00	2021-08-08 00:00:00	None	SQL injection - Web attacks (IP=44,DE)
34.107.31.202	24	RW	None	2021-05-08 00:00:00	2021-08-08 00:00:00	None	Adobe ColdFusion Administrator Access Restriction - Web attacks (IP=202,DE)
34.107.43.22	24	RW	None	2021-05-08 00:00:00	2021-08-08 00:00:00	None	HTTP: Apache mod_cgi Bash Environment Variable Code Injection - Web attacks (IP=22,DE)
34.107.61.54	24	GM	None	2021-03-20 00:00:00	2021-06-18 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=54,DE)
34.107.82.172	32	CR	None	2021-05-13 00:00:00	2021-08-11 00:00:00	None	Command Injection (IP=172,US)
34.121.251.162	32	BMP	None	2021-06-04 00:00:00	2021-09-02 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - 6hr Web Attacks (IP=162,US)
34.121.62.201	32	ZH	None	2021-07-13 00:00:00	2021-10-11 00:00:00	None	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script - TT# 21C01439 (IP=201,US)
34.122.156.118	32	BMP	None	2020-10-17 00:00:00	2021-01-15 00:00:00	None	SERVER-ORACLE Oracle WebLogic Server remote code execution attempt (A-type) - SourceFire (IP=118,US)
34.122.18.233	32	GM	None	2021-02-24 00:00:00	2021-06-24 00:00:00	None	SQL union select - possible sql injection attempt - GET parameter - Sourcefire (IP=223,US)
34.122.46.13	32	RW	None	2020-12-08 00:00:00	2021-03-08 00:00:00	None	ZmEu phpMyAdmin Vulnerability Scanner - Fireeye IPS(IP=13,US)
34.123.160.251	32	DT	None	2020-11-27 00:00:00	2021-02-25 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - SourceFire (IP=251,US)
34.123.210.163	32	BMP	None	2021-03-23 00:00:00	2021-06-21 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - 6hr Web Attacks (IP=163,US)
34.123.216.134	32	DT	None	2021-04-24 00:00:00	2021-07-24 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr web attacks (IP=134,US)
34.123.82.245	32	GLM	None	2021-04-05 00:00:00	2021-07-04 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=245,US)
34.125.101.155	32	RW	None	2020-10-04 00:00:00	2021-01-04 00:00:00	None	HTTP: Adobe ColdFusion Directory Traversal Information Disclosure Vulnerability - TT# 21C00021 (IP=155,US)
34.125.142.143	32	AR	None	2021-09-23 00:00:00	2021-12-22 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - TT# 21C01927 (IP=143,US)
34.125.159.237	32	BMP	None	2021-01-01 00:00:00	2021-04-01 00:00:00	None	OS-OTHER Bash CGI environment variable injection attempt - SourceFire (IP=237,US)
34.125.201.182	32	RW	None	2021-02-09 00:00:00	2021-05-09 00:00:00	None	Unauthorized Access-Probe / UDP Host Sweep - TT# 21C00483 (IP=182,US)
34.125.8.26	32	BMP	None	2021-03-30 00:00:00	2021-06-28 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=26,US)
34.125.87.11	32	KD	None	2021-09-01 00:00:00	2021-12-01 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841)- TT# 21C01712 (IP=11,US)
34.126.149.135	24	KH	None	2021-09-04 00:00:00	2021-12-03 00:00:00	None	SERVER-WEBAPP JBoss web console access attempt - 6hr Web Attacks (IP=135,SG)
34.126.175.246	24	KH	None	2021-09-04 00:00:00	2021-12-03 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr Web Attacks (IP=246,SG)
34.126.67.99	24	EE	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	SERVER-WEBAPP Blueimp jQuery File Upload arbitrary PHP file upload attempt (1:48263:1) - SourceFire (IP=99,SG)
34.126.92.51	24	EE	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=51,SG)
34.131.64.118	24	RR	None	2021-08-24 00:00:00	2021-11-22 00:00:00	None	SERVER-WEBAPP JBoss JMX console access attempt - SourceFire (IP=118, IN)
34.193.50.162	32	CR	None	2021-04-28 00:00:00	2021-07-27 00:00:00	None	INDICATOR-OBFUSCATION obfuscated javascript excessive fromCharCode - potential attack - TT# 21C01095 (IP=162,RO)
34.196.48.110	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	US TO-S-2020-0750 Malicious Email Activity
34.200.114.5	32	BMP	None	2021-04-11 00:00:00	2021-07-10 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=5,US)
34.201.117.68	32	BMP	None	2021-06-24 00:00:00	2021-09-22 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=68,US)
34.201.137.130	32	RW	None	2021-06-29 00:00:00	2021-09-27 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire (IP=130,US)
34.201.150.178	32	DT	None	2021-08-12 00:00:00	2021-11-10 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Source Fire (IP=178,US)
34.201.34.176	32	BMP	None	2021-02-11 00:00:00	2021-05-11 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=176,US)
34.201.38.46	32	BMP	None	2021-09-15 00:00:00	2021-12-14 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=46,US)
34.201.69.83	32	BMP	None	2021-06-18 00:00:00	2021-09-16 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - SourceFire (IP=83,US)
34.201.81.34	32	WR	None	2021-06-14 00:00:00	2021-09-14 00:00:00	None	INDICATOR-OBFUSCATION obfuscated javascript excessive fromCharCode - potential attack - TT# 21C01293 (IP=34,US)
34.202.205.93	32	RW	None	2020-11-30 00:00:00	2021-03-02 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=93,US)
34.202.62.232	32	BMP	None	2020-10-11 00:00:00	2021-01-11 00:00:00	None	BOT: Darkshell Botnet Activity Detected - TT# 21C00087 (IP=232,US)
34.203.192.82	32	ZH	None	2021-06-27 00:00:00	2021-09-25 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire Rpt (IP=82,US)
34.203.193.204	32	RT	None	2021-06-10 00:00:00	2021-09-08 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire Report (IP=204,US)
34.203.203.23	32	CJC	None	2020-12-13 00:00:00	2021-03-13 00:00:00	None	Hive Case # 4481 - FireEye Blog IP related to SunBurst Backdoor (IP=23,US)
34.203.221.98	32	DT	None	2020-10-05 00:00:00	2021-01-05 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=98,US)
34.203.224.39	32	BMP	None	2021-02-08 00:00:00	2021-05-09 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=39,US)
34.203.233.153	32	GM	None	2021-02-13 00:00:00	2021-05-13 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=153,US)
34.203.30.190	32	DT	None	2021-02-21 00:00:00	2021-05-22 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=190,US)
34.204.37.127	32	ZH	None	2021-08-19 00:00:00	2021-11-17 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - Sourcefire Rpt (IP=127,US)
34.204.43.243	32	KD	None	2021-07-29 00:00:00	2021-10-27 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2)- Sourcefire (IP=243,US)
34.204.49.41	32	ZH	None	2021-07-13 00:00:00	2021-10-11 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire Rpt (IP=41,US)
34.204.70.216	32	BMP	None	2021-05-27 00:00:00	2021-08-25 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=216,US)
34.204.94.93	32	RW	None	2021-09-30 00:00:00	2021-12-29 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire (IP=93,US)
34.205.129.151	32	DT	None	2021-08-12 00:00:00	2021-11-10 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Source Fire (IP=151,US)
34.205.139.8	32	RT	None	2021-09-26 00:00:00	2021-12-25 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire Report (IP=8,US)
34.205.157.147	32	BMP	None	2021-06-01 00:00:00	2021-08-30 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=147,US)
34.205.24.143	32	SW	None	2021-05-20 00:00:00	2021-08-19 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt SourceFire (IP=143,US)
34.205.62.238	32	RT	None	2021-07-10 00:00:00	2021-10-08 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire Report (IP=238,US)
34.206.109.107	32	GM	None	2020-11-03 00:00:00	2021-02-03 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Sourcefire (IP=107,US)
34.206.217.125	32	DT	None	2020-10-21 00:00:00	2021-01-21 00:00:00	None	SERVER-WEBAPP Ulterius web server directory traversal attempt - Sourcefire (IP=125,US)
34.207.104.4	32	KH	None	2021-08-03 00:00:00	2021-11-01 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire (IP=4,US)
34.207.104.93	32	ZH	None	2021-06-27 00:00:00	2021-09-25 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire Rpt (IP=93,US)
34.207.147.209	32	ZH	None	2021-06-27 00:00:00	2021-09-25 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - Sourcefire Rpt (IP=209,US)
34.207.179.184	32	PS	None	2021-05-19 00:00:00	2021-08-17 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2)-Sourcefire Report (IP=184,US)
34.207.199.27	32	ZH	None	2021-07-24 00:00:00	2021-10-22 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire Rpt (IP=27,US)
34.207.210.236	32	AR	None	2021-07-18 00:00:00	2021-10-16 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=236,US)
34.207.222.252	32	BMP	None	2021-03-30 00:00:00	2021-06-28 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - 6hr Web Attacks (IP=252,US)
34.207.53.201	32	DT	None	2021-09-11 00:00:00	2021-12-10 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Source Fire (IP=201,US)
34.208.21.187	32	NAB	None	2021-01-22 00:00:00	2021-04-22 00:00:00	None	HIVE Case #NA FP CIO Policy (IP=187,US)
34.214.104.166	32	SW	None	2021-10-01 00:00:00	2021-12-30 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - WebAttacks (IP=166, US)
34.214.253.40	32	BMP	None	2020-10-06 00:00:00	2021-01-06 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - 6hr Web Attacks (IP=40,US)
34.216.233.149	32	BMP	None	2021-03-25 00:00:00	2021-06-23 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - SourceFire (IP=149,US)
34.221.77.220	32	RB	None	2021-07-19 00:00:00	2021-10-17 00:00:00	None	Self Report/URL manipulation attempts (IP=220,US)
34.224.18.63	32	DT	None	2020-11-07 00:00:00	2021-02-07 00:00:00	None	SERVER-OTHER limited RSA ciphersuite
34.224.51.122	32	DT	None	2021-08-04 00:00:00	2021-11-02 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Source Fire (IP=122,US)
34.224.66.196	32	BMP	None	2021-09-03 00:00:00	2021-12-02 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=196, US)
34.224.78.45	32	WR	None	2021-06-26 00:00:00	2021-09-24 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=45,US)
34.224.82.198	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	US TO-S-2020-0750 Malicious Email Activity
34.226.119.248	32	AR	None	2021-06-30 00:00:00	2021-09-28 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=248,US)
34.226.152.185	32	RT	None	2021-07-01 00:00:00	2021-09-29 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - Sourcefire Report (IP=185,US)
34.226.155.130	32	RT	None	2021-08-18 00:00:00	2021-11-16 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire Report( IP=130,US)
34.226.206.75	32	RW	None	2021-09-20 00:00:00	2021-12-19 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - Sourcefire (IP=75,US)
34.226.213.226	32	RW	None	2021-06-25 00:00:00	2021-09-23 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=226,US)
34.226.222.190	32	ZH	None	2021-08-26 00:00:00	2021-11-24 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire (IP=190,US)
34.226.28.179	32	RR	None	2021-05-11 00:00:00	2021-08-09 00:00:00	None	INDICATOR-OBFUSCATION obfuscated javascript excessive fromCharCode - potential attack - TT# 21C01141 (IP=179,US)
34.227.102.243	32	SW	None	2021-07-09 00:00:00	2021-10-07 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - SourceFire(IP=243, US)
34.227.53.113	32	AR	None	2021-06-30 00:00:00	2021-09-28 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - SourceFire (IP=113,US)
34.227.69.158	32	BMP	None	2020-10-12 00:00:00	2021-01-12 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=158,US)
34.227.83.80	32	BMP	None	2021-08-14 00:00:00	2021-11-12 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=80,US)
34.227.95.60	32	RT	None	2021-07-14 00:00:00	2021-10-12 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire Report (IP=60,US)
34.228.11.129	32	ZH	None	2021-08-20 00:00:00	2021-11-18 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire (IP=129,US)
34.228.142.100	32	BMP	None	2021-04-30 00:00:00	2021-07-29 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - SourceFire (IP=100,US)
34.228.237.207	32	AR	None	2021-07-11 00:00:00	2021-10-09 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=207,US)
34.228.82.204	32	BMP	None	2021-08-08 00:00:00	2021-11-06 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=204,US)
34.229.1.118	32	RT	None	2021-07-10 00:00:00	2021-10-08 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire Report (IP=118,US)
34.229.110.248	32	RT	None	2021-09-27 00:00:00	2021-12-26 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire Report (IP=248,US)
34.229.112.98	32	DT	None	2021-08-04 00:00:00	2021-11-02 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Source Fire (IP=98,US)
34.229.114.233	32	ZH	None	2021-07-04 00:00:00	2021-10-02 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire Rpt (IP=233,US)
34.229.196.3	32	BMP	None	2021-02-11 00:00:00	2021-05-11 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=3,US)
34.229.229.42	32	RT	None	2021-06-16 00:00:00	2021-09-14 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire Report (IP=42,US)
34.229.236.208	32	ZH	None	2021-06-28 00:00:00	2021-09-26 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - Sourcefire Rpt (IP=208,US)
34.229.243.128	32	RW	None	2021-08-17 00:00:00	2021-11-15 00:00:00	None	SERVER-OTHER limited RSA
34.229.251.229	32	GM	None	2021-02-13 00:00:00	2021-05-13 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=229,US)
34.229.50.89	32	GM	None	2021-02-13 00:00:00	2021-05-13 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=89,US)
34.229.61.25	32	BMP	None	2021-04-30 00:00:00	2021-07-29 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=25,US)
34.229.7.239	32	AR	None	2021-06-04 00:00:00	2021-09-02 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire Report (IP=239,US)
34.229.9.108	32	AR	None	2021-08-29 00:00:00	2021-11-27 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) – SourceFire Report (IP=108,US)
34.229.92.66	32	ZH	None	2021-07-05 00:00:00	2021-10-03 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire Rpt (IP=66,US)
34.230.54.251	32	BMP	None	2021-05-03 00:00:00	2021-08-01 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=251,US)
34.230.59.242	32	ZH	None	2021-06-12 00:00:00	2021-09-10 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - Sourcefire Rpt (IP=242,US)
34.234.91.26	32	KH	None	2021-08-27 00:00:00	2021-11-25 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire (IP=26,US)
34.234.92.144	32	KH	None	2021-07-19 00:00:00	2021-10-17 00:00:00	None	SSLv2 Client Hello Request Detected - FE IPS (IP=144,US)
34.235.161.154	32	UA	None	2021-06-22 00:00:00	2021-09-22 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (IP=154,US)
34.235.165.207	32	RT	None	2021-08-25 00:00:00	2021-11-23 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire Report (IP=207,US)
34.235.87.216	32	RT	None	2021-09-03 00:00:00	2021-12-02 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SOURCEFIRE REPORT (IP=216,US)
34.236.155.181	32	AR	None	2021-08-28 00:00:00	2021-11-26 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire Report (IP=181,US)
34.238.121.223	32	RT	None	2021-08-18 00:00:00	2021-11-16 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - Sourcefire Report( IP=223,US)
34.238.122.215	32	SW	None	2021-08-25 00:00:00	2021-11-23 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=215, US)
34.238.161.135	32	BMP	None	2021-04-27 00:00:00	2021-07-26 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=135,US)
34.238.172.108	32	DT	None	2021-08-12 00:00:00	2021-11-10 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Source Fire (IP=108,US)
34.239.106.166	32	BMP	None	2021-04-30 00:00:00	2021-07-30 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=164,US)
34.239.142.17	32	RT	None	2021-08-18 00:00:00	2021-11-16 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire Report( IP=17,US)
34.239.43.236	32	RW	None	2021-08-17 00:00:00	2021-11-15 00:00:00	None	SERVER-OTHER limited RSA ciphersuite
34.241.77.13	24	RR	None	2021-05-04 00:00:00	2021-08-02 00:00:00	None	FTP Login Failed - Web Attacks (IP=13,IE)
34.243.104.112	24	BMP	None	2021-03-27 00:00:00	2021-06-25 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=112,IE)
34.243.209.83	24	BMP	None	2021-03-07 00:00:00	2021-06-07 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=83,IE)
34.247.16.192	24	SW	None	2021-07-15 00:00:00	2021-10-13 00:00:00	None	SQL injection - Web Attacks (IP=192,IE)
34.248.31.107	24	EE	None	2021-04-08 00:00:00	2021-07-07 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=107,IR)
34.249.108.31	24	DT	None	2021-03-25 00:00:00	2021-06-23 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=31,IE)
34.253.13.236	24	RR	None	2021-03-23 00:00:00	2021-06-21 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) -SourceFire (IP=236,IL)
34.64.248.182	24	GM	None	2021-03-27 00:00:00	2021-06-25 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=182,KR)
34.66.220.29	32	CR	None	2021-06-24 00:00:00	2021-09-22 00:00:00	None	SERVER-WEBAPP VMWare vSphere Client remote code execution attempt_ABC report (IP=29,US)
34.67.144.160	32	RW	None	2021-03-06 00:00:00	2021-06-06 00:00:00	None	SERVER-WEBAPP LifeRay arbitrary Java object deserialization attempt - Sourcefire (IP=160,US)
34.67.85.179	32	RW	None	2021-01-15 00:00:00	2021-04-15 00:00:00	None	Nuclei Vulnerability Scanner - Fireye IPS (IP=179,US)
34.69.49.146	32	BMP	None	2021-05-05 00:00:00	2021-08-03 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - 6hr Web Attacks (IP=146,US)
34.70.139.51	32	DT	None	2021-03-25 00:00:00	2021-06-23 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=51,US)
34.70.142.124	32	BMP	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=124,US)
34.71.165.82	32	BMP	None	2021-02-23 00:00:00	2021-05-24 00:00:00	None	Multiple Events - FireEye IPS (IP=82,US)
34.74.117.180	32	wmp	None	2021-02-08 00:00:00	2021-05-08 00:00:00	None	FireEye IPS Nuclei Vulnerability Scanner (IP=180,US)
34.74.78.69	32	GM	None	2021-03-24 00:00:00	2021-06-24 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=69,US)
34.76.224.145	24	BMP	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	FTP Login Failed - 6hr Failed Logons (IP=145,BE)
34.76.47.142	24	BMP	None	2020-10-17 00:00:00	2021-01-15 00:00:00	None	FTP Login Failed - 6hr Failed Logons (IP=142,BE)
34.76.78.209	24	BMP	None	2020-10-17 00:00:00	2021-01-15 00:00:00	None	FTP Login Failed - 6hr Failed Logons (IP=209,BE)
34.76.80.167	24	BMP	None	2021-05-07 00:00:00	2021-08-17 00:00:00	None	FTP Login Failed - 6hr Failed Logons (IP=167,BE) | updated by BMP Block expiration extended with reason FTP Login Failed - 6hr Failed Logons (IP=167,BE) | updated by RT Block expiration extended with reason FTP Login Failed - 6hr Failed Logons (IP=167
34.77.163.42	24	BMP	None	2021-05-14 00:00:00	2021-08-12 00:00:00	None	FTP Login Failed - 6hr Failed Logons (IP=42,BE)
34.78.120.246	24	RW	None	2021-05-08 00:00:00	2021-08-08 00:00:00	None	SQL injection - Web attacks (IP=246,BG)
34.78.227.165	24	RW	None	2020-11-09 00:00:00	2021-02-09 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=165,BE)
34.80.164.158	24	ZH	None	2021-06-18 00:00:00	2021-09-16 00:00:00	None	POLICY-OTHER PHP uri tag injection attempt (1:23111:14) - Sourcefire Rpt (IP=158,TW)
34.80.192.52	24	ZH	None	2021-06-01 00:00:00	2021-08-30 00:00:00	None	SQL injection - Web Attack Report (IP=52,TW)
34.80.246.102	24	ZH	None	2021-09-08 00:00:00	2021-12-07 00:00:00	None	SERVER-WEBAPP VMware vRealize Operations Manager SSRF attempt - Sourcefire Rpt (IP=102,TW)
34.80.37.175	32	DT	None	2021-03-25 00:00:00	2021-06-23 00:00:00	None	UDP: Host Sweep (IP=175,US)
34.80.74.123	24	RR	None	2021-08-24 00:00:00	2021-11-22 00:00:00	None	SERVER-APACHE Apache Struts remote code execution attempt - POST parameter - SourceFire (IP=123, TW)
34.80.94.124	24	DT	None	2021-08-26 00:00:00	2021-11-24 00:00:00	None	SQL injection - Web Attacks (IP=124,TW)
34.81.102.246	24	ZH	None	2021-08-26 00:00:00	2021-11-24 00:00:00	None	SQL injection - 6hr Web Attacks (IP=246,TW)
34.81.135.35	32	RW	None	2021-07-18 00:00:00	2021-10-16 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=35,US)
34.81.166.157	24	SW	None	2021-09-17 00:00:00	2021-12-16 00:00:00	None	POLICY-OTHER PHP uri tag injection attempt - SourceFire (IP=157,TW)
34.81.169.13	32	BB	None	2021-09-10 00:00:00	2021-12-09 00:00:00	None	SERVER-WEBAPP JBoss JMXInvokerServlet access attempt (1:24343:4) - SourceFire (IP=13,US)
34.81.210.223	24	SW	None	2021-09-24 00:00:00	2021-12-23 00:00:00	None	SERVER-WEBAPP Hikvision IP camera admin authentication attempt (1:45413:2) - SourceFire (IP=223,TW)
34.81.234.161	24	RT	None	2021-07-30 00:00:00	2021-10-28 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6 HR WebAttack (IP=161,TW)
34.81.243.55	24	KH	None	2021-09-12 00:00:00	2021-12-11 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - Sourcefire (IP=55,TW)
34.81.245.225	24	DT	None	2021-09-09 00:00:00	2021-12-08 00:00:00	None	Adobe ColdFusion Administrator Access Restriction - Web Attacks (IP=255,TW)
34.81.64.201	24	ZH	None	2021-09-28 00:00:00	2021-12-27 00:00:00	None	SERVER-WEBAPP JBoss web console access attempt (1:24342:4) - Sourcefire Rpt (IP=201,TW)
34.81.73.107	24	BMP	None	2021-09-09 00:00:00	2021-12-08 00:00:00	None	SERVER-WEBAPP Cisco ASA cross site scripting attempt (1:57857:1) - SourceFire (IP=107,TW)
34.82.103.126	32	GM	None	2020-10-08 00:00:00	2021-01-08 00:00:00	None	SSLv2 Client Hello Request Detected - FE CMS/IPS alerts (IP=126,US)
34.82.192.151	32	GM	None	2020-10-08 00:00:00	2021-01-08 00:00:00	None	SSLv2 Client Hello Request Detected - FE CMS/IPS alerts (IP=151,US)
34.83.113.75	32	GM	None	2020-12-03 00:00:00	2021-03-03 00:00:00	None	SSLv2 Client Hello Request Detected - FireEye CMS (IP=75,US)
34.83.170.101	32	GM	None	2020-11-20 00:00:00	2021-02-20 00:00:00	None	Generic URI Injection wget Attempt - FireEye CMS (IP=101,US)
34.83.208.136	32	BMP	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=136,US)
34.84.146.247	32	BMP	None	2021-04-02 00:00:00	2021-07-01 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=247,US)
34.84.169.138	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	US TO-S-2020-0750 Malicious Email Activity
34.84.184.169	24	DT	None	2021-03-30 00:00:00	2021-06-28 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=169,JP)
34.85.106.43	32	BMP	None	2021-03-25 00:00:00	2021-06-23 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=43,US)
34.85.81.195	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	US TO-S-2020-0750 Malicious Email Activity
34.87.185.104	24	EE SERVER-WEBAPP	None	2021-03-19 00:00:00	2021-06-17 00:00:00	None	PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=104,SG)
34.87.190.62	24	CR	None	2020-11-16 00:00:00	2021-02-14 00:00:00	None	Nuclei Vulnerability Scanner - IPS Events (IP=62,SG)
34.87.94.66	32	srm	None	2021-04-07 00:00:00	2021-07-07 00:00:00	None	Firepower Suspicious Scan Activity (IP=66,SG)
34.87.94.66	24	EE	None	2021-04-06 00:00:00	2021-07-06 00:00:00	None	Webshell.Binary.php.FEC2 - Hive Case 5213 (IP=66,SG)
34.87.96.97	24	CR	None	2021-05-30 00:00:00	2021-08-28 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Sourcefire (IP=97,SG)
34.89.184.112	24	RR	None	2021-08-24 00:00:00	2021-11-22 00:00:00	None	SQL union select - possible sql injection attempt - GET parameter - SourceFire (IP=112, DE)
34.89.244.105	32	RR	None	2021-05-11 00:00:00	2021-08-09 00:00:00	None	Self Report / Scanning - TT# 21C01142 (IP=105,US)
34.90.125.228	24	EE	None	2021-03-12 00:00:00	2021-06-10 00:00:00	None	SERVER-WEBAPP Liferay arbitrary Java object deserialization attempt - SourceFire (IP=228,KR)
34.92.143.240	32	FT	None	2020-10-30 00:00:00	2021-01-30 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Atacks (IP=240,HK)
34.95.43.49	24	BMP	None	2021-02-16 00:00:00	2021-05-15 00:00:00	None	CitrixNetScalerGateway - Hive Case 4934 (IP=49,CA)
35.134.10.227	32	RW	None	2020-10-17 00:00:00	2021-01-17 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 12 hour ET Scans (IP=227,US)
35.142.192.138	32	AR	None	2021-09-16 00:00:00	2021-12-15 00:00:00	None	Known Attack Tool User Agent V2 - TT# 21C01870 (IP=138,US)
35.153.129.89	32	GM	None	2021-02-24 00:00:00	2021-06-24 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=89,US)
35.154.226.58	24	RR	None	2021-03-30 00:00:00	2021-06-28 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=58,IN)
35.154.55.223	24	RR	None	2021-03-22 00:00:00	2021-06-20 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=223,IN)
35.155.107.34	32	GM	None	2021-03-11 00:00:00	2021-06-11 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=34,US)
35.155.107.34	32	GM	None	2021-03-11 00:00:00	2021-06-11 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=34,US)
35.155.107.34	32	GM	None	2021-03-11 00:00:00	2021-06-11 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=34,US)
35.156.240.123	24	BMP	None	2021-04-29 00:00:00	2021-07-29 00:00:00	None	SQL injection - 6hr Web Attacks (IP=123,DE)
35.157.109.78	24	BMP	None	2021-03-13 00:00:00	2021-06-11 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=78,DE)
35.157.192.140	24	DT	None	2021-03-20 00:00:00	2021-06-18 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=104,DE)
35.159.26.202	24	BMP	None	2021-04-02 00:00:00	2021-07-01 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=202,DE)
35.166.114.225	32	BMP	None	2021-04-01 00:00:00	2021-06-30 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=225,US)
35.170.18.186	32	BMP	None	2021-03-27 00:00:00	2021-06-25 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=186,US)
35.170.246.68	32	BMP	None	2021-09-15 00:00:00	2021-12-14 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=68,US)
35.171.183.161	32	DT	None	2021-07-01 00:00:00	2021-09-29 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Source Fire (IP=161,US)
35.171.25.247	32	AR	None	2021-07-12 00:00:00	2021-10-10 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=247,US)
35.171.69.120	32	ZH	None	2021-09-08 00:00:00	2021-12-07 00:00:00	None	SQL HTTP URI blind injection attempt - Sourcefire Rpt (IP=120,US)
35.172.136.216	32	ZH	None	2021-07-24 00:00:00	2021-10-22 00:00:00	None	SERVER-WEBAPP VMware vRealize Operations Manager SSRF attempt (1:57435:1) - Sourcefire Rpt (IP=216,US)
35.172.182.227	32	BMP	None	2021-06-12 00:00:00	2021-09-10 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - SourceFire (IP=227,US)
35.172.182.227	32	BMP	None	2021-06-12 00:00:00	2021-09-10 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - SourceFire (IP=227,US)
35.172.191.117	32	ZH	None	2021-05-18 00:00:00	2021-08-16 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - SourceFire Report (IP=117,US)
35.172.193.250	32	BMP	None	2021-02-11 00:00:00	2021-05-11 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=250,US)
35.172.212.45	24	BMP	None	2021-06-15 00:00:00	2021-09-13 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=45,MA)
35.173.131.150	32	DT	None	2020-11-06 00:00:00	2021-02-06 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=150,US)
35.173.160.135	32	RB	None	2021-04-27 00:00:00	2021-11-15 00:00:00	None	AR ARCYBER SSL/TLS Server X.509 Cert Field contains 'O=AO Kaspersky Lab' AR 17-XXX - TT# 21C01089 (IP=135,US) | updated by KH Block was inactive. Reactivated on 20210817 with reason AR ARCYBER SSL/TLS Server X.509 AR ARCYBER SSL/TLS Server X.509
35.173.160.135	32	KH	None	2021-08-17 00:00:00	2021-11-15 00:00:00	None	AR ARCYBER SSL/TLS Server X.509 Cert Field contains 'O=AO Kaspersky Lab' AR 17-XXX - TT# 21C01089 (IP=135,US) | updated by KH Block was inactive. Reactivated on 20210817 with reason AR ARCYBER SSL/TLS Server X.509 AR ARCYBER SSL/TLS Server X.509
35.173.160.135	32	KH	None	2021-08-17 00:00:00	2021-11-15 00:00:00	None	AR ARCYBER SSL/TLS Server X.509 Cert Field contains 'O=AO Kaspersky Lab' AR 17-XXX - TT# 21C01569 (IP=135,US)
35.173.188.0	32	CR	None	2021-05-31 00:00:00	2021-08-29 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=0,US)
35.173.247.18	32	NAB	None	2021-05-07 00:00:00	2021-11-07 00:00:00	None	HIVE Case #5407 TO-S-21-1268 Sharkseer-TIP-21-3117 (IP=18,US)
35.173.249.175	24	BMP	None	2021-05-14 00:00:00	2021-08-12 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=175,US)
35.173.31.53	24	DT	None	2021-04-25 00:00:00	2021-07-25 00:00:00	None	Unauthorized Access-Probe TT# 21C01073 (IP=53,US)
35.174.115.3	32	DT	None	2021-01-28 00:00:00	2021-04-28 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - 6hr Web Attacks (IP=3,US)
35.175.128.148	32	SW	None	2021-05-26 00:00:00	2021-08-24 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote
35.175.128.148	32	SW	None	2021-05-26 00:00:00	2021-08-24 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - SourceFire (IP=148,US)
35.175.140.73	32	DT	None	2021-03-08 00:00:00	2021-06-08 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=73,US)
35.175.140.98	32	BMP	None	2021-07-03 00:00:00	2021-10-01 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - SourceFire (IP=98,US)
35.175.141.192	32	AR	None	2021-05-25 00:00:00	2021-08-23 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire Report(IP=192,US)
35.175.144.14	32	RT	None	2021-10-02 00:00:00	2021-12-31 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SOURCEFIRE REPORT (IP=14,US)
35.175.192.127	32	BMP	None	2021-06-09 00:00:00	2021-09-07 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - Sourcefire (IP=127,US)
35.176.119.18	24	BMP	None	2020-10-19 00:00:00	2021-01-18 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - 6hr Web Attacks (IP=18,GB) | updated by RR Block expiration extended with reason SERVER-WEBAPP PHPUnit PHP remote code execution attempt - SourceFire (IP=18,GB)
35.176.184.181	24	KH	None	2021-09-22 00:00:00	2021-12-21 00:00:00	None	Masscan TCP Port Scanner - Sourcefire (IP=181,GB)
35.176.47.215	24	KH	None	2021-09-23 00:00:00	2021-12-22 00:00:00	None	Masscan TCP Port Scanner - FE IPS (IP=215,GB)
35.177.26.42	24	KH	None	2021-09-22 00:00:00	2021-12-21 00:00:00	None	Masscan TCP Port Scanner - Sourcefire (IP=42,GB)
35.178.73.176	24	KH	None	2021-09-12 00:00:00	2021-12-11 00:00:00	None	Masscan TCP Port Scanner - FE IPS (IP=176,GB)
35.178.75.70	24	KH	None	2021-09-04 00:00:00	2021-12-03 00:00:00	None	Masscan TCP Port Scanner - FE IPS (IP=70,GB)
35.180.99.44	24	BMP	None	2020-10-24 00:00:00	2021-01-21 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - SourceFire (IP=44,FR)
35.181.45.190	32	RB	None	2021-04-27 00:00:00	2021-07-26 00:00:00	None	Unauthorized Access-Probe // UDP: Host Sweep - TT# 21C01091 (IP=190,US)
35.182.255.214	32	BMP	None	2021-06-25 00:00:00	2021-09-23 00:00:00	None	Unauthorized Access-Probe - TT# 21C01366 (IP=214,US)
35.183.7.197	24	WR	None	2021-06-09 00:00:00	2021-09-07 00:00:00	None	HTTP: Unauthorized Access-Probe / UDP: Host Sweep - TT# 21C01236 (IP=197, CA)
35.185.160.194	24	BMP	None	2021-08-15 00:00:00	2021-11-13 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - 6hr Web Attacks (IP=194,SG)
35.185.171.165	24	DT	None	2021-09-09 00:00:00	2021-12-08 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=165,TW)
35.187.181.116	24	RW	None	2021-05-08 00:00:00	2021-08-08 00:00:00	None	SQL injection - Web attacks (IP=116,BG)
35.187.190.226	24	GM	None	2020-11-01 00:00:00	2021-02-01 00:00:00	None	FTP Login Failed - Failed Logons (IP=226,BE)
35.192.148.244	24	GM	None	2020-10-25 00:00:00	2021-01-25 00:00:00	None	Nuclei Vulnerability Scanner - FireEye CMS (IP=244,US)
35.192.48.222	32	GM	None	2021-03-16 00:00:00	2021-06-16 00:00:00	None	HTTP: SQL Injection - Exploit - Web Attacks (IP=222,US)
35.193.100.19	32	BMP	None	2021-02-28 00:00:00	2021-05-28 00:00:00	None	HTTP: Apache mod_cgi Bash Environment Variable Code Injection - 6hr Web Attacks (IP=19,US)
35.193.167.3	32	BMP	None	2021-04-10 00:00:00	2021-07-10 00:00:00	None	CitrixNetScalerGateway - Hive Case 5230 (IP=3,US)
35.194.149.46	24	RW	None	2021-06-01 00:00:00	2021-08-30 00:00:00	None	HTTP SQL Injection Attempt - Web Attacks (IP=46,TW)
35.194.149.46	24	RW	None	2021-06-01 00:00:00	2021-08-30 00:00:00	None	HTTP SQL Injection Attempt - Web Attacks (IP=46,TW)
35.194.196.160	24	AR	None	2021-09-10 00:00:00	2021-12-09 00:00:00	None	SQL injection - Web Attacks (IP=160,TW)
35.194.243.243	32	wmp	None	2021-02-08 00:00:00	2021-05-08 00:00:00	None	FireEye IPS Nuclei Vulnerability Scanner (IP=243,US)
35.194.249.143	24	RW	None	2021-09-16 00:00:00	2021-12-15 00:00:00	None	SERVER-WEBAPP JBoss web console access attempt (1:24342:4) - Sourcefire (IP=143,TW)
35.194.90.78	32	GM	None	2021-03-09 00:00:00	2021-06-07 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=78,US)
35.195.92.187	24	BMP	None	2021-05-13 00:00:00	2021-08-11 00:00:00	None	Command Injection (IP=187,BE)
35.198.113.100	32	RR	None	2021-08-24 00:00:00	2021-11-22 00:00:00	None	MULTIPLE UNRECOGNIZED TECHNIQUES; FORWARD TO DEV TEAM (IP=100, US)
35.198.113.100	24	RR	None	2021-08-24 00:00:00	2021-11-22 00:00:00	None	POLICY-OTHER Adobe ColdFusion admin API access attempt - SourceFire (IP=100, DE)
35.198.207.133	24	GM	None	2021-03-11 00:00:00	2021-06-11 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=133,SG)
35.198.207.133	24	GM	None	2021-03-11 00:00:00	2021-06-11 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=133,SG)
35.198.207.133	24	GM	None	2021-03-11 00:00:00	2021-06-11 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=133,SG)
35.198.221.224	24	AR	None	2021-06-09 00:00:00	2021-09-07 00:00:00	None	HTTP: SQL Injection - Exploit - 6 HR Web Attack (IP=224,SG)
35.201.141.145	24	RW	None	2021-06-01 00:00:00	2021-08-30 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability CVE-2017-9841 - 6hr Web Attacks IP=145,US | updated by RW Block expiration extended with reason HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=145,TW) HTTP: ThinkPHP CMS Getshell Vulnerabil
35.201.141.145	24	RW	None	2021-06-01 00:00:00	2021-08-30 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=145,TW)
35.201.141.145	24	BMP	None	2021-04-21 00:00:00	2021-08-30 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability CVE-2017-9841 - 6hr Web Attacks IP=145,US | updated by RW Block expiration extended with reason HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=145,TW) HTTP: ThinkPHP CMS Getshell Vulnerabil
35.201.176.15	24	CR	None	2021-05-31 00:00:00	2021-08-29 00:00:00	None	Webshell.Binary.php.FEC2 (IP=15,TW)
35.201.196.189	24	RR	None	2021-05-23 00:00:00	2021-08-21 00:00:00	None	POLICY-OTHER SAP NetWeaver AS LM Configuration Wizard access detected - SourceFire (IP=189,TW)
35.201.207.217	24	BMP	None	2021-06-10 00:00:00	2021-09-08 00:00:00	None	MULTIPLE UNRECOGNIZED TECHNIQUES; FORWARD TO DEV TEAM (IP=217,TW)
35.201.236.91	24	RR	None	2021-06-06 00:00:00	2021-09-04 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=91,TW) | updated by RR Block expiration extended with reason SERVER-WEBAPP PHPUnit PHP remote code execution attempt - SourceFire (IP=91,TW) SERVER-WEBAPP PHPUnit P
35.201.236.91	32	DT	None	2021-08-31 00:00:00	2021-11-29 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 21C01682 (IP=91,US)
35.201.236.91	32	DT	None	2021-08-31 00:00:00	2021-11-29 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 21C01682 (IP=91,US) HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 21C01682 (IP=91,US)
35.201.236.91	24	BMP	None	2021-06-04 00:00:00	2021-09-04 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=91,TW) | updated by RR Block expiration extended with reason SERVER-WEBAPP PHPUnit PHP remote code execution attempt - SourceFire (IP=91,TW) SERVER-WEBAPP PHPUnit P
35.201.91.40	32	DT	None	2021-08-11 00:00:00	2021-11-09 00:00:00	None	Riskware - Hive Case 5953 (IP=40,US)
35.202.46.138	32	CR	None	2021-05-13 00:00:00	2021-08-11 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=138,US)
35.203.89.93	32	BMP	None	2021-03-23 00:00:00	2021-06-21 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=93,US)
35.205.38.119	32	CR	None	2021-05-13 00:00:00	2021-08-11 00:00:00	None	Command Injection (IP=119,US)
35.209.212.73	32	BMP	None	2021-03-25 00:00:00	2021-06-23 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - 6hr Web Attacks (IP=73,US)
35.212.180.253	32	GM	None	2021-03-09 00:00:00	2021-06-07 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=253,US)
35.220.139.251	24	BMP	None	2021-03-27 00:00:00	2021-06-25 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - 6hr Web Attacks (IP=251,HK)
35.221.226.123	24	RR	None	2021-05-28 00:00:00	2021-08-26 00:00:00	None	SERVER-ORACLE Oracle WebLogic Server remote code execution attempt (A-type) - SourceFire (IP=123,TW)
35.221.38.207	32	GM	None	2021-03-29 00:00:00	2021-06-29 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=207,US)
35.222.232.184	32	BMP	None	2020-12-12 00:00:00	2021-03-12 00:00:00	None	External Scanning - FireEye CMS (IP=184,US)
35.223.0.208	32	BMP	None	2021-03-27 00:00:00	2021-06-25 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=208,US)
35.223.218.242	32	BMP	None	2021-03-08 00:00:00	2021-08-19 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=242,US) | updated by BB Block expiration extended with reason SERVER-WEBAPP PHPUnit PHP remote code execution attempt - WebAttacks (IP=242,US) SERVER-WEBAPP PHPUnit PHP remote code executi
35.223.218.242	32	BB	None	2021-05-20 00:00:00	2021-08-19 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=242,US) | updated by BB Block expiration extended with reason SERVER-WEBAPP PHPUnit PHP remote code execution attempt - WebAttacks (IP=242,US) SERVER-WEBAPP PHPUnit PHP remote code executi
35.224.165.247	32	GM	None	2020-11-29 00:00:00	2021-03-01 00:00:00	None	SERVER-WEBAPP Oracle WebLogic Server command injection attempt - Web Attacks (IP=247,US)
35.224.194.243	32	CR	None	2020-11-17 00:00:00	2021-02-17 00:00:00	None	Google Chrome XSSAuditor Policy ByPass - IPS Event (IP=243,US)
35.227.160.178	32	DT	None	2021-03-14 00:00:00	2021-06-14 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=178,US)
35.227.76.94	32	BMP	None	2021-04-11 00:00:00	2021-07-10 00:00:00	None	SQL injection - 6hr Web Attacks (IP=94,US)
35.228.70.130	24	EE SERVER-WEBAPP	None	2021-03-19 00:00:00	2021-06-17 00:00:00	None	PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=130,FI)
35.229.154.215	24	AR	None	2021-06-04 00:00:00	2021-09-02 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - 6 HR Web Attacks (IP=215,TW)
35.229.197.102	24	BMP	None	2021-09-09 00:00:00	2021-12-08 00:00:00	None	SERVER-WEBAPP Joomla 3.7.0 com_fields view SQL injection attempt (1:42958:4) - SourceFire (IP=102,TW)
35.230.7.148	32	GM	None	2020-12-08 00:00:00	2021-03-08 00:00:00	None	SSLv2 Client Hello Request Detected - FireEye CMS (IP=148,US)
35.233.145.124	32	GM	None	2020-10-08 00:00:00	2021-01-08 00:00:00	None	SSLv2 Client Hello Request Detected - FE CMS/IPS alerts (IP=124,US)
35.234.14.87	24	BMP	None	2021-09-09 00:00:00	2021-12-08 00:00:00	None	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt (1:41420:2) - SourceFire (IP=87,TW)
35.234.61.120	24	FT	None	2021-04-08 00:00:00	2021-07-07 00:00:00	None	SQL union select - possible sql injection attempt - GET parameter - 6hr web attacks (IP=120,TW)
35.234.78.191	24	RW	None	2021-05-08 00:00:00	2021-08-08 00:00:00	None	Adobe ColdFusion Administrator Access Restriction - Web attacks (IP=191,DE)
35.234.93.207	32	RR	None	2021-05-11 00:00:00	2021-08-09 00:00:00	None	Self Report / Scanning - TT# 21C01143 (IP=207,US)
35.234.95.222	32	RR	None	2020-10-20 00:00:00	2021-01-20 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - TT# 21C00169 (IP=222,US)
35.236.145.23	32	CR	None	2021-06-24 00:00:00	2021-09-22 00:00:00	None	MULTIPLE UNRECOGNIZED TECHNIQUES; FORWARD TO DEV TEAM_ABC report (IP=23,US)
35.236.215.231	32	GM	None	2020-10-24 00:00:00	2021-01-24 00:00:00	None	SERVER-WEBAPP Ulterius web server directory traversal attempt - Web Attacks (IP=231,US)
35.239.148.144	32	GM	None	2021-01-12 00:00:00	2021-04-12 00:00:00	None	Possible Cross-site Scripting Attack - FireEye CMS (IP=144,US)
35.239.43.144	32	GM	None	2021-03-27 00:00:00	2021-06-25 00:00:00	None	SERVER-WEBAPP RevSlider information disclosure attempt - Web Attacks (IP=144,US)
35.240.130.247	24	BMP	None	2021-07-20 00:00:00	2021-10-18 00:00:00	None	Command Injection (IP=247,SG)
35.240.136.125	24	DT	None	2021-03-30 00:00:00	2021-06-28 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=125,SG)
35.240.137.150	24	BMP	None	2021-06-23 00:00:00	2021-09-21 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=150,SG)
35.240.200.230	24	ZH	None	2021-09-08 00:00:00	2021-12-07 00:00:00	None	SQL injection - 6hr Web Attacks (IP=230,SG)
35.240.232.3	24	DT	None	2021-04-05 00:00:00	2021-07-04 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=3,SG)
35.240.235.31	24	EE	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=31,SG)
35.241.100.8	32	DT	None	2021-03-25 00:00:00	2021-06-23 00:00:00	None	TCP: SYN Host Sweep (IP=8,US)
35.241.100.8	32	DT	None	2021-03-25 00:00:00	2021-06-23 00:00:00	None	TCP: SYN Host Sweep (IP=8,US)
35.241.178.17	24	SW	None	2021-05-26 00:00:00	2021-08-24 00:00:00	None	SERVER-WEBAPP Atlassian Crowd
35.241.178.17	24	SW	None	2021-05-26 00:00:00	2021-08-24 00:00:00	None	SERVER-WEBAPP Atlassian Crowd pdkinstall plugin remote code execution attempt - SourceFire (IP=17,BE)
35.241.96.64	24	GM	None	2021-03-29 00:00:00	2021-06-29 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=64,HK)
35.242.134.83	32	BMP	None	2021-03-23 00:00:00	2021-06-21 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=83,US)
35.242.199.220	24	RW	None	2021-05-08 00:00:00	2021-08-08 00:00:00	None	SQL injection - Web attacks (IP=220,DE)
35.242.205.148	32	RR	None	2021-05-11 00:00:00	2021-08-09 00:00:00	None	Self Report / Scanning - TT# 21C01144 (IP=148,US)
35.244.234.195	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	US TO-S-2020-0750 Malicious Email Activity
35.245.96.145	32	DT	None	2021-03-25 00:00:00	2021-06-23 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=145,US)
35.246.134.22	24	RW	None	2021-05-08 00:00:00	2021-08-08 00:00:00	None	SQL injection - Web attacks (IP=22,DE)
35.246.184.182	24	RW	None	2021-05-08 00:00:00	2021-08-08 00:00:00	None	Adobe ColdFusion Administrator Access Restriction - Web attacks (IP=182,DE)
35.246.245.87	32	RR	None	2021-05-11 00:00:00	2021-08-09 00:00:00	None	Self Report / Scanning - TT# 21C01145 (IP=87,US)
35.246.251.32	32	CR	None	2021-05-13 00:00:00	2021-08-11 00:00:00	None	MULTIPLE UNRECOGNIZED TECHNIQUES; FORWARD TO DEV TEAM (IP=32,US)
35.247.157.43	24	DT	None	2021-09-06 00:00:00	2021-12-05 00:00:00	None	SERVER-WEBAPP SolarWinds Orion authentication bypass attempt (1:56916:1) - Source Fire (IP=43,SG)
35.247.170.93	24	KD	None	2021-08-24 00:00:00	2021-11-22 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=93,SG)
35.247.183.238	32	CR	None	2021-04-30 00:00:00	2021-07-30 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability - 6 hr failed logons (IP=238,US)
35.247.21.80	32	GM	None	2020-11-29 00:00:00	2021-03-01 00:00:00	None	SSLv2 Client Hello Request Detected - FireEye CMS (IP=80,US)
35.247.249.133	32	BMP	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=133,US)
35.98.113.100	32	JKC	None	2021-08-24 00:00:00	2021-11-22 00:00:00	None	HIVE Case #NA imperva (IP=100,US)
36.107.30.94	24	BMP	None	2020-12-24 00:00:00	2021-03-24 00:00:00	None	Generic URI Injection wget Attempt - FireEye CMS (IP=94,CN)
36.109.168.71	32	srm	None	2021-04-20 00:00:00	2021-07-19 00:00:00	None	Firepower Suspicious Scan Activity (IP=71,CN)
36.110.189.107	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=107,CN)
36.110.50.234	24	RW	None	2021-07-17 00:00:00	2021-10-15 00:00:00	None	SSH User Authentication Brute Force Attempt - 6hr failed logons (IP=234,CN)
36.112.130.101	24	FT	None	2020-11-04 00:00:00	2021-02-04 00:00:00	None	SERVER-WEBAPP vBulletin pre-authenticated command injection attempt - SourceFire (IP=101,CN)
36.112.171.51	24	RT	None	2021-06-03 00:00:00	2021-09-04 00:00:00	None	SSH2 Failed Login Attempt - 6HR Failed Logons (IP=51,CN) | updated by RR Block expiration extended with reason SSH2 Failed Login Attempt - Web Attacks (IP=51,CN)
36.112.75.114	24	GM	None	2021-04-03 00:00:00	2021-07-03 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=114,CN)
36.112.86.13	24	RB	None	2020-11-18 00:00:00	2021-02-16 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt - Sourcefire (IP=13,CN)
36.133.196.172	24	RW	None	2021-03-31 00:00:00	2021-06-30 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Sourcefire (IP=172,CN)
36.134.69.69	24	EE	None	2021-03-22 00:00:00	2021-06-20 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attack (IP=69,CN)
36.154.37.158	24	GM	None	2020-11-10 00:00:00	2021-02-10 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Sourcefire (IP=158,CN)
36.155.109.244	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=244,CN)
36.155.112.221	24	GM	None	2021-03-16 00:00:00	2021-06-16 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=221,CN)
36.156.138.107	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=107,CN)
36.156.141.241	24	FT	None	2020-10-13 00:00:00	2021-01-11 00:00:00	None	SERVER-WEBAPP vBulletin template rendering arbitrary PHP code execution attempt (1:54768:2) - SourceFire (IP=241,CN)
36.156.152.80	24	RR	None	2021-02-27 00:00:00	2021-05-28 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=80,CN)
36.234.19.109	24	RB	None	2021-05-10 00:00:00	2021-08-08 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr web attacks (IP=109,TW)
36.249.49.176	24	KH	None	2021-09-04 00:00:00	2021-12-03 00:00:00	None	Generic URI Injection wget Attempt - FE IPS (IP=176,CN)
36.251.157.225	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=225,CN)
36.255.90.219	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=219,IN)
36.26.51.234	32	wmp	None	2021-04-16 00:00:00	2021-07-16 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=234,CN)
36.26.71.182	24	GM	None	2021-03-20 00:00:00	2021-06-18 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=182,CN)
36.27.208.157	24	GM	None	2020-12-27 00:00:00	2021-03-27 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=157,CN)
36.33.160.167	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=167,CN)
36.33.24.203	32	RB	None	2020-10-13 00:00:00	2021-01-11 00:00:00	None	HTTP: Apache Tomcat PUT JSP File Upload (CVE-2017-12615 and CVE-2017-12617) - TT# 21C00108 (IP=203,CN)
36.34.148.221	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=221,CN)
36.34.150.236	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=236,CN)
36.36.243.67	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=67,CN)
36.37.192.0	20	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	KH TO-S-2020-0331 Malicious Web Application Activity
36.37.208.170	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	KH TO-S-2020-0459 Malware Activity
36.4.210.249	24	DT	None	2020-10-03 00:00:00	2021-01-03 00:00:00	None	SERVER-WEBAPP Laravel Framework PendingCommand arbitrary command execution attempt - SourceFire (IP=102,FR)
36.57.37.107	24	RB	None	2021-05-09 00:00:00	2021-08-07 00:00:00	None	FTP Login Failed - 6hr failed logons (IP=107,CN)
36.62.10.22	24	RB	None	2021-05-09 00:00:00	2021-08-07 00:00:00	None	FTP Login Failed - 6hr failed logons (IP=22,CN)
36.62.11.151	24	RB	None	2021-05-09 00:00:00	2021-08-07 00:00:00	None	FTP Login Failed - 6hr failed logons (IP=151,CN)
36.62.8.13	24	RB	None	2021-05-09 00:00:00	2021-08-07 00:00:00	None	FTP Login Failed - 6hr failed logons (IP=13,CN)
36.62.9.48	24	RB	None	2021-05-09 00:00:00	2021-08-07 00:00:00	None	FTP Login Failed - 6hr failed logons (IP=48,CN)
36.65.128.0	20	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	ID TO-S-2021-0876 Hive Case 4166 Malicious Web Application Activity
36.65.16.0	21	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=0,ID)
36.65.165.67	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	ID TO-S-2020-0298 Malicious Email Activity
36.65.48.0	20	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	ID TO-S-2020-0331 Malicious Web Application Activity
36.65.83.213	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	ID TO-S-2020-0298 Malicious Email Activity
36.65.88.19	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	ID TO-S-2020-0303 Malicious Email Activity
36.66.124.193	24	RR	None	2021-07-27 00:00:00	2021-10-25 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=193,ID)
36.68.120.0	21	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	ID TO-S-2020-0838 Malware Activity
36.68.13.0	24	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	ID Hive Case 4187 TO-S-2021-0898 Malware Activity
36.68.146.0	23	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	ID TO-S-2020-0298 Malicious Email Activity
36.68.176.0	21	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	ID Hive Case 4187 TO-S-2021-0898 Malware Activity
36.68.232.0	23	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	ID TO-S-2020-0331 Malicious Web Application Activity
36.68.24.0	21	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	ID TO-S-2020-0298 Malicious Email Activity
36.68.52.81	24	WR	None	2021-05-25 00:00:00	2021-08-23 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability- 6 hr web attacks (IP=81,ID)
36.68.54.234	24	BMP	None	2021-06-25 00:00:00	2021-09-23 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6hr Failed Logons (IP=234,ID)
36.68.64.117	24	RR	None	2021-06-19 00:00:00	2021-09-17 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - Failed Logns (IP=117,ID)
36.69.14.0	24	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,ID)
36.69.224.0	21	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5629 TO-S-2021-1303 (IP=0,ID)
36.69.48.0	20	jkc	None	2021-04-21 00:00:00	2021-10-21 00:00:00	None	Case # 5273 IOC_TO-S-2021-1233 Malicious callback IP
36.69.71.141	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	ID TO-S-2020-0303 Malicious Email Activity
36.70.48.0	20	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	ID TO-S-2020-0331 Malicious Web Application Activity
36.70.94.132	24	ZH	None	2021-07-13 00:00:00	2021-10-11 00:00:00	None	POLICY-OTHER Micro Focus Operations Bridge default credentials login attempt (1:57495:1) - Sourcefire Rpt (IP=132,ID)
36.71.108.0	22	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=0,ID)
36.71.137.101	24	BMP	None	2021-02-20 00:00:00	2021-05-20 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6hr Failed Logons (IP=101,ID)
36.71.214.120	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	ID Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
36.71.232.122	32	dbc	None	2020-05-27 00:00:00	2021-05-27 00:00:00	None	Unafilliated TO-S-2020-0559.01 Malicious Email Activity
36.71.232.122	32	dbc	None	2020-05-22 00:00:00	2021-05-22 00:00:00	None	Unafilliated TO-S-2020-0559 Malicious Email Activity
36.71.233.0	24	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	ID TO-S-2020-0331 Malicious Web Application Activity
36.71.44.0	22	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	ID TO-S-2020-0315 Malicious Web Application Activity
36.72.168.0	21	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	ID TO-S-2021-0989 Hive Case # 4493 Unknown Malicious Activity
36.72.213.0	24	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	ID TO-S-2020-0298 Malicious Email Activity
36.72.215.0	24	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	ID TO-S-2020-0331 Malicious Web Application Activity
36.72.216.193	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	ID TO-S-2020-0303 Malicious Email Activity
36.72.218.136	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	ID TO-S-2020-0303 Malicious Email Activity
36.72.219.187	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	ID TO-S-2020-0298 Malicious Email Activity
36.72.219.24	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	ID TO-S-2020-0298 Malicious Email Activity
36.73.0.0	20	TLM	None	2021-06-10 00:00:00	2021-12-10 00:00:00	None	HIVE CASE #5606 TO-S-2021-1338
36.73.169.145	24	KH	None	2021-07-12 00:00:00	2021-10-10 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt (1:19559:13) - SourceFire (IP=145,ID)
36.73.34.140	32	dbc	None	2020-05-22 00:00:00	2021-05-27 00:00:00	None	Unafilliated TO-S-2020-0559 Malicious Email Activity | updated by dbc Block expiration extended with reason Unafilliated TO-S-2020-0559.01 Malicious Email Activity
36.73.48.0	20	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	ID TO-S-2020-0298 Malicious Email Activity
36.74.104.0	21	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	ID TO-S-2020-0331 Malicious Web Application Activity
36.74.202.212	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	ID TO-S-2020-0298 Malicious Email Activity
36.74.42.84	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	ID TO-S-2021-0876 Hive Case 4166 Malware Activity
36.74.47.0	24	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	ID TO-S-2021-0876 Hive Case 4166 Malware Activity
36.74.96.0	22	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=0,ID)
36.75.141.34	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	ID Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
36.75.142.156	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	ID TO-S-2020-0303 Malicious Email Activity
36.75.240.0	20	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	ID TO-S-2020-0331 Malicious Web Application Activity
36.75.56.151	24	RT	None	2021-05-21 00:00:00	2021-08-19 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - 6hr Web Attacks (IP=151,ID)
36.75.57.9	24	DT	None	2021-04-24 00:00:00	2021-07-24 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr web attacks (IP=9,ID)
36.75.64.0	22	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	ID TO-S-2020-0838 Malware Activity
36.76.144.0	20	jkc	None	2021-04-21 00:00:00	2021-10-21 00:00:00	None	Case # 5273 IOC_TO-S-2021-1233 Malicious callback IP
36.76.176.0	20	TLM	None	2021-06-10 00:00:00	2021-12-10 00:00:00	None	HIVE CASE #5606 TO-S-2021-1338
36.77.128.0	20	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	ID TO-S-2021-0941 Hive Case 4361 Malware Activity
36.77.254.207	24	RW	None	2021-02-19 00:00:00	2021-05-19 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - Sourcefire (IP=207,ID)
36.77.43.44	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	ID Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
36.77.48.0	20	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	ID TO-S-2020-0838 Malware Activity
36.77.92.0	22	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	ID TO-S-2021-0941 Hive Case 4361 Malicious Web Application Activity
36.78.107.223	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	ID TO-S-2020-0331 Malicious Web Application Activity
36.78.110.68	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	ID TO-S-2020-0303 Malicious Email Activity
36.78.22.64	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	ID TO-S-2020-0298 Malicious Email Activity
36.78.64.0	19	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	ID TO-S-2020-0535 Malicious Email Activity
36.79.208.0	20	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	ID TO-S-2020-0331 Malicious Web Application Activity
36.79.254.211	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	ID TO-S-2020-0303 Malicious Email Activity
36.80.0.0	20	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	ID Hive Case 4187 TO-S-2021-0898 Malware Activity
36.80.130.153	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	ID TO-S-2020-0303 Malicious Email Activity
36.81.10.0	24	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	ID Hive Case 4187 TO-S-2021-0898 Malware Activity
36.81.12.0	24	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,ID)
36.81.128.0	20	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	ID TO-S-2021-0989 Hive Case # 4493 Malware Activity
36.81.16.0	20	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	ID TO-S-2020-0331 Malicious Web Application Activity
36.81.216.41	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	ID TO-S-2020-0303 Malicious Email Activity
36.81.6.0	24	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	ID TO-S-2020-0331 Malicious Web Application Activity
36.81.80.170	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	ID Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
36.82.102.247	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	ID TO-S-2020-0303 Malicious Email Activity
36.82.176.0	21	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	ID TO-S-2020-0331 Malicious Web Application Activity
36.82.202.27	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	ID TO-S-2020-0303 Malicious Email Activity
36.82.241.73	24	CR	None	2021-05-11 00:00:00	2021-08-11 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt_Sourcefire (IP=73,IN)
36.82.32.0	20	TLM	None	2021-06-10 00:00:00	2021-12-10 00:00:00	None	HIVE CASE #5606 TO-S-2021-1338
36.82.98.0	24	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	ID TO-S-2020-0750 Malicious Email Activity
36.83.12.0	22	TLM	None	2021-06-10 00:00:00	2021-12-10 00:00:00	None	HIVE CASE #5606 TO-S-2021-1338
36.83.2.0	24	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	ID TO-S-2020-0298 Malicious Email Activity
36.84.146.157	24	EE	None	2021-01-13 00:00:00	2021-04-13 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt (1:19559:13) - SOURCEFIRE (IP=157,ID)
36.84.54.80	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	ID Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
36.84.64.77	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	ID TO-S-2020-0298 Malicious Email Activity
36.85.176.0	21	jkc	None	2021-04-21 00:00:00	2021-10-21 00:00:00	None	Case # 5273 IOC_TO-S-2021-1233 Malicious callback IP
36.85.216.0	22	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	ID TO-S-2020-0298 Malicious Email Activity
36.85.240.0	23	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	ID TO-S-2021-0989 Hive Case # 4493 Unknown Malicious Activity
36.88.32.67	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	ID Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
36.89.11.31	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	ID Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
36.89.129.125	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	ID TO-S-2020-0331 Malicious Web Application Activity
36.89.139.207	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	ID TO-S-2020-0298 Malicious Email Activity
36.89.141.154	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	ID TO-S-2020-0303 Malicious Email Activity
36.89.143.33	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=33,ID)
36.89.165.23	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	ID TO-S-2021-0989 Hive Case # 4493 Malware Activity
36.89.186.237	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=237,ID)
36.89.213.53	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	ID TO-S-2020-0303 Malicious Email Activity
36.89.253.235	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	ID TO-S-2020-0303 Malicious Email Activity
36.89.29.233	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	ID TO-S-2020-0303 Malicious Email Activity
36.89.80.51	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	ID TO-S-2020-0331 Malicious Web Application Activity
36.89.85.173	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	ID TO-S-2020-0298 Malicious Email Activity
36.90.148.0	23	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,ID)
36.90.162.0	23	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	ID TO-S-2020-0750 Malicious Email Activity
36.90.170.153	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	ID Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
36.90.178.23	24	BMP	None	2021-05-08 00:00:00	2021-08-08 00:00:00	None	SERVER-WEBAPP vBulletin pre-authenticated command injection attempt - 6hr Web Attacks (IP=23,ID) | updated by RW Block expiration extended with reason INDICATOR-SCAN PHP backdoor scan attemptt - Sourcefire (IP=23,ID)
36.90.40.0	22	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	ID Hive Case 4187 TO-S-2021-0898 Malicious Web Application Activity
36.90.48.0	22	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	ID Hive Case 4237 TO-S-2021-0910 Malware Activity
36.90.56.150	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	ID TO-S-2020-0303 Malicious Email Activity
36.90.61.73	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	ID TO-S-2020-0303 Malicious Email Activity
36.90.8.0	22	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	ID TO-S-2020-0298 Malicious Email Activity
36.91.115.105	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	ID TO-S-2020-0298 Malicious Email Activity
36.91.177.167	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	ID TO-S-2020-0298 Malicious Email Activity
36.91.181.195	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	ID TO-S-2020-0331 Malicious Web Application Activity
36.91.39.59	32	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5629 TO-S-2021-1303 (IP=59,ID)
36.91.42.35	32	NAB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HIVE Case #5136 TO-S-21-1197 TO-S-21-1197.01 (IP=35,ID)
36.91.45.10	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=10,ID)
36.91.87.221	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	ID Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
36.91.96.0	20	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	ID TO-S-2020-0331 Malicious Web Application Activity
36.92.1.31	24	KH	None	2021-08-06 00:00:00	2021-11-04 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt (1:19559:13) - Sourcefire (IP=31,ID)
36.92.103.0	24	TLM	None	2021-06-17 00:00:00	2021-12-17 00:00:00	None	HIVE Case #5644 TO-S-2021-1352 (IP=0,ID)
36.92.104.153	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	ID Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
36.92.140.21	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	ID Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
36.92.143.71	24	GM	None	2021-03-11 00:00:00	2021-06-11 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=71,ID)
36.92.144.0	24	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=0,ID)
36.92.156.117	32	jkc	None	2021-04-21 00:00:00	2021-10-21 00:00:00	None	Case # 5273 IOC_TO-S-2021-1233 Malicious callback IP
36.92.19.205	32	dbc	None	2020-09-17 00:00:00	2021-09-17 00:00:00	None	ID TO-S-2020-0805 Malware Activity
36.92.24.0	21	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,ID)
36.92.66.178	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=178,ID)
36.92.94.0	24	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5629 TO-S-2021-1303 (IP=0,ID)
36.94.137.167	24	EE	None	2021-01-20 00:00:00	2021-04-21 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6 HR Web Attacks (IP=167,ID) | updated by RB Block expiration extended with reason SERVER-WEBAPP Drupal 8 remote code execution attempt - Sourcefire (IP=167,ID)
36.94.49.202	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=202,ID)
36.94.55.26	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=26,ID)
36.96.188.212	32	srm	None	2021-04-27 00:00:00	2021-07-26 00:00:00	None	Firepower Suspicious Scan Activity (IP=212,CN)
37.0.11.129	24	UA	None	2021-08-04 00:00:00	2021-11-02 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=129,NL)
37.1.201.192	32	NAB	None	2021-02-16 00:00:00	2021-11-07 00:00:00	None	HIVE Case #NA FP Security (IP=192,NL) | updated by NAB Block was inactive. Reactivated on 20210809 with reason HIVE Case #NA FP Security (IP=192,NL)
37.1.212.70	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	US TO-S-2020-0535 Malware Activity
37.1.219.164	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	NL TO-S-2020-0535 Malicious Email Activity
37.10.71.0	24	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5629 TO-S-2021-1303 (IP=0,GB)
37.10.71.0	24	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5629 TO-S-2021-1303 (IP=0,GB)
37.115.124.3	32	jkc	None	2020-06-26 00:00:00	2021-06-26 00:00:00	None	Case # 3146 - IOC_ CTO 20-172 malicious callback IP (ip=3,UA)
37.115.203.152	32	jkc	None	2020-06-26 00:00:00	2021-06-26 00:00:00	None	Case # 3146 - IOC_ CTO 20-172 malicious callback IP (ip=152,UA)
37.115.207.216	32	jkc	None	2020-06-26 00:00:00	2021-06-26 00:00:00	None	Case # 3146 - IOC_ CTO 20-172 malicious callback IP (ip=216,UA)
37.116.38.76	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	IT TO-S-2020-0298 Malicious Email Activity
37.120.153.27	24	EE SERVER-WEBAPP	None	2021-02-15 00:00:00	2021-05-15 00:00:00	None	Oracle Glassfish unauthenticated directory traversal attempt - 6 HR Web Attacks (IP=27,SE)
37.120.209.204	24	BMP	None	2021-06-22 00:00:00	2021-09-20 00:00:00	None	Adobe ColdFusion Administrator Access Restriction - 6hr Web Attacks (IP=204,SE)
37.120.218.86	24	EE	None	2021-01-21 00:00:00	2021-04-22 00:00:00	None	PHP-CGI Remote Command Execution Vulnerability - Hive Case 4808 (IP=86,BE)
37.120.247.135	24	EE	None	2021-06-29 00:00:00	2021-09-27 00:00:00	None	HIVE Case #5669 IOC_ Nobelium (IP=135,RO)
37.122.176.170	24	RB	None	2021-03-09 00:00:00	2021-06-07 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6hr failed logons (IP=170,ME)
37.122.209.28	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	GB TO-S-2020-0459 Malware Activity
37.122.209.28	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	GB TO-S-2020-0459 Malware Activity
37.122.215.136	32	dbc	None	2020-09-17 00:00:00	2021-09-17 00:00:00	None	DE TO-S-2020-0805 Malicious Email Activity
37.123.99.221	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	TR TO-S-2020-0303 Malicious Email Activity
37.128.148.25	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	NL Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
37.128.169.231	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	ES TO-S-2020-0331 Malicious Web Application Activity
37.128.186.141	32	TLM	None	2021-06-17 00:00:00	2021-12-17 00:00:00	None	HIVE Case #5644 TO-S-2021-1352 (IP=141,GB)
37.130.122.185	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	TR TO-S-2020-0535 Malware Activity
37.130.41.248	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	PL Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
37.131.224.0	21	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	GE Hive Case 4187 TO-S-2021-0898 Malware Activity
37.139.21.175	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	NL TO-S-2021-0876 Hive Case 4166 Malware Activity
37.139.8.104	32	GM	None	2019-10-29 00:00:00	2021-06-14 00:00:00	None	Possible Cyber Attack - 20C00710 (IP=104,US) | updated by DT Block was inactive. Reactivated on 20210314 with reason HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00678 (IP=104,NL)
37.142.233.63	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	IL TO-S-2020-0303 Malicious Email Activity
37.142.238.197	32	jkc	None	2020-06-26 00:00:00	2021-06-26 00:00:00	None	Case # 3146 - IOC_ CTO 20-172 malicious callback IP (ip=197,IL)
37.148.210.129	24	RW	None	2021-03-31 00:00:00	2021-06-30 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=129,TR)
37.151.10.224	24	KH	None	2021-08-03 00:00:00	2021-11-01 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt (1:19559:13) - Sourcefire (IP=224,KZ)
37.152.88.112	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	ES Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
37.152.88.54	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	ES Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
37.152.88.95	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	ES Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
37.152.88.96	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	ES TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
37.161.6.40	24	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=40,FR)
37.17.224.134	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	DE TO-S-2020-0698 Malicious Email Activity
37.17.248.0	21	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	SE TO-S-2021-0876 Hive Case 4166 Malicious Web Application Activity
37.179.29.142	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	IT Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
37.18.16.0	24	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	RU TO-S-2020-0322 Malware Activity
37.18.248.0	21	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	RU Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
37.182.224.23	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	IT TO-S-2020-0303 Malicious Email Activity
37.183.37.41	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	IT Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
37.186.124.222	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=222,AM)
37.186.167.208	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	IT TO-S-2020-0459 Malware Activity
37.187.111.135	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	FR TO-S-2020-0459 Malware Activity
37.187.111.135	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	FR TO-S-2020-0459 Malware Activity
37.187.138.24	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	FR TO-S-2020-0459 Malware Activity
37.187.138.24	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	FR TO-S-2020-0459 Malware Activity
37.187.162.221	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	FR Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
37.187.172.80	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	FR TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
37.187.197.113	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	FI TO-S-2020-0493 Malware Activity
37.187.2.199	32	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	FR TO-S-2020-0315 Malicious Email Activity
37.187.254.86	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	FR TO-S-2020-0331 Malware Activity
37.187.64.220	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	FR TO-S-2020-0459 Malware Activity
37.187.64.220	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	FR TO-S-2020-0459 Malware Activity
37.187.72.193	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	FR TO-S-2021-0876 Hive Case 4166 Malware Activity
37.187.77.201	32	kmw	None	2020-01-02 00:00:00	2021-01-02 00:00:00	None	FR TO-S-2020-0228 Malicious Email Activity
37.187.89.147	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	FR TO-S-2020-0459 Malware Activity
37.187.95.163	32	NAB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HIVE Case #5136 TO-S-21-1197 TO-S-21-1197.01 (IP=163,FR)
37.19.196.251	24	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=251,GB)
37.19.197.246	32	JKC	None	2021-08-27 00:00:00	2021-11-25 00:00:00	None	HIVE Case #NA PA web attacks (IP=246,US)
37.19.198.73	24	BMP	None	2021-06-17 00:00:00	2021-09-15 00:00:00	None	SQL injection - 6hr Web Attacks (IP=73,UA)
37.190.61.236	32	TLM	None	2021-06-10 00:00:00	2021-12-10 00:00:00	None	HIVE CASE #5606 TO-S-2021-1338
37.200.249.6	24	RB	None	2021-03-24 00:00:00	2021-06-22 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr web attack (IP=6,OM)
37.201.4.127	24	RW	None	2021-07-17 00:00:00	2021-10-15 00:00:00	None	HTTP SQL Injection Attempt - Web Attacks (IP=127,DE)
37.201.85.138	24	SW	None	2021-09-02 00:00:00	2021-12-01 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - WebAttacks (IP=138,DE)
37.203.11.99	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	UA Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
37.203.240.0	21	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	RU TO-S-2020-0535 Malware Activity
37.205.10.140	24	RB	None	2021-02-12 00:00:00	2021-05-12 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - Sourcefire (IP=140,CZ)
37.205.159.206	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	IT TO-S-2020-0493 Malware Activity
37.207.247.58	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	IT TO-S-2020-0493 Malware Activity
37.209.73.2	24	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=2,NL)
37.210.112.25	24	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=25,QA)
37.211.181.38	24	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=38,QA)
37.211.239.182	24	CR	None	2021-06-29 00:00:00	2021-09-27 00:00:00	None	ESM High Attacker Suspicious Scan Activity (IP=182,QA)
37.211.242.133	24	CR	None	2021-06-29 00:00:00	2021-09-27 00:00:00	None	ESM High Attacker Suspicious Scan Activity (IP=133,QA)
37.212.19.22	24	CR	None	2020-12-29 00:00:00	2021-03-29 00:00:00	None	FTP Login Failed - 6 hr failed logon (IP=22,BY)
37.212.33.238	24	BMP	None	2020-10-17 00:00:00	2021-01-15 00:00:00	None	FTP Login Failed - 6hr Failed Logons (IP=238,IN)
37.212.54.123	24	BMP	None	2021-05-14 00:00:00	2021-08-12 00:00:00	None	FTP Login Failed - 6hr Failed Logons (IP=123,BY)
37.212.58.53	24	GM	None	2020-12-17 00:00:00	2021-03-17 00:00:00	None	FTP Login Failed - Failed Logons (IP=53,BY)
37.221.113.54	32	dbc	None	2020-06-10 00:00:00	2021-06-10 00:00:00	None	GB TO-S-2020-0601 Malicious Email Activity
37.221.114.56	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	DE TO-S-2020-0303 Malicious Reconnaissance Activity
37.221.115.84	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	US Hive Case 4237 TO-S-2021-0910 Malicious Web Application Activity
37.221.160.0	19	TLM	None	2021-06-14 00:00:00	2021-12-14 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=0,RO)
37.221.248.225	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	CZ Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
37.221.248.228	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	CZ Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
37.221.248.239	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	CZ Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
37.221.248.8	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	CZ Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
37.228.129.0	24	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	US TO-S-2020-0303 Malicious Reconnaissance Activity
37.228.137.0	24	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	IR TO-S-2020-0315 Malicious Email Activity
37.230.110.50	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	TR Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
37.231.142.108	24	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=108,KW)
37.235.179.121	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	RU TO-S-2020-0303 Malicious Email Activity
37.235.187.210	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	RU TO-S-2020-0298 Malicious Email Activity
37.235.209.136	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	RU TO-S-2020-0331 Malicious Web Application Activity
37.235.235.180	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	RU TO-S-2020-0298 Malicious Email Activity
37.235.243.128	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	RU TO-S-2020-0303 Malicious Email Activity
37.24.204.215	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	DE TO-S-2020-0298 Malicious Email Activity
37.247.101.213	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	TR TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
37.247.108.133	24	FT	None	2020-11-20 00:00:00	2021-02-20 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt (1:28556:3) - Sourcefire (IP=133,TR)
37.247.39.151	32	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	NL TO-S-2020-0838 Malicious Email Activity
37.252.10.136	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	PL Hive Case 4187 TO-S-2021-0898 Malicious Web Application Activity
37.252.10.226	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	DE TO-S-2020-0298 Malicious Email Activity
37.252.123.239	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	NL TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
37.26.0.218	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	AZ Hive Case 4187 TO-S-2021-0898 Malware Activity
37.26.86.19	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	AL TO-S-2020-0331 Malicious Web Application Activity
37.29.92.173	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=173,RU)
37.34.57.30	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	NL TO-S-2020-0535 Malware Activity
37.43.79.86	24	RW	None	2021-03-25 00:00:00	2021-06-25 00:00:00	None	SQL injection - 6hr web attacks (IP=86,SA)
37.44.212.35	32	GM	None	2020-04-07 00:00:00	2021-12-18 00:00:00	None	Possible SQLi attempt / HTTP: SqlMap SQL Injection - Scanning I - TT# 20C02456 (IP=90,US) | updated by dbc Block was inactive. Reactivated on 20201218 with reason US TO-S-2021-1007 Malware Activity
37.44.238.159	24	UA	None	2021-09-15 00:00:00	2021-12-14 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt - Sourcefire (IP=159,FR)
37.44.238.35	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=35,FR)
37.44.252.0	22	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	RU Hive Case 4237 TO-S-2021-0910 Malware Activity
37.44.255.113	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	US TO-S-2020-0493 Malware Activity
37.45.51.107	24	RB	None	2020-11-11 00:00:00	2021-02-09 00:00:00	None	FTP Login Failed - 6hr failed login (IP=107,BY)
37.46.114.113	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	BG TO-S-2021-1007 Malware Activity
37.46.128.0	21	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	RU TO-S-2020-0331 Malicious Email Activity
37.46.128.158	24	KD	None	2021-06-02 00:00:00	2021-09-03 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=158,RU)
37.46.150.59	24	GM	None	2020-10-05 00:00:00	2021-01-05 00:00:00	None	MALWARE-CNC URI - known scanner tool muieblackcat - Sourcefire (IP=59,NL)
37.47.172.238	24	CR	None	2021-06-29 00:00:00	2021-09-27 00:00:00	None	ESM High Attacker Suspicious Scan Activity (IP=238,PL)
37.48.108.155	24	ZH	None	2021-05-26 00:00:00	2021-08-24 00:00:00	None	SQL injection - 6hr Web Attacks (IP=155,NL)
37.48.108.155	24	ZH	None	2021-05-26 00:00:00	2021-08-24 00:00:00	None	SQL injection - 6hr Web Attacks (IP=155,NL)
37.48.119.235	24	FT	None	2021-03-20 00:00:00	2021-06-18 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=235,NL)
37.49.207.235	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	RU TO-S-2020-0298 Malicious Email Activity
37.49.224.67	32	dbc	None	2020-09-17 00:00:00	2021-09-17 00:00:00	None	EE TO-S-2020-0805 Malicious Email Activity
37.49.226.137	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	EE Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
37.49.226.140	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	EE Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
37.49.226.154	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	EE Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
37.49.226.157	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	EE Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
37.49.226.209	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	Unaffiliated TO-S-2020-0535 Malicious Email Activity
37.49.230.106	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	EE Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
37.49.230.190	32	wmp	None	2021-03-09 00:00:00	2021-06-09 00:00:00	None	ArcSight ESM High Attacker (IP=190,NL)
37.49.230.210	24	RW	None	2021-03-31 00:00:00	2021-06-30 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt - Sourcefire (IP=210,NL)
37.49.230.238	32	wmp	None	2021-01-08 00:00:00	2021-04-08 00:00:00	None	Suspicious Scan Activity (IP=238,NL)
37.49.230.92	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	EE Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
37.53.57.235	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=235,UA)
37.59.126.230	24	EE	None	2021-04-02 00:00:00	2021-08-21 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=230,FR) | updated by RR Block expiration extended with reason HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=230,FR)
37.59.211.231	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	BE TO-S-2020-0303 Malicious Reconnaissance Activity
37.59.221.112	24	BMP	None	2021-04-01 00:00:00	2021-06-30 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=112,FR)
37.59.226.84	32	dbc	None	2020-09-23 00:00:00	2021-09-23 00:00:00	None	ES TO-S-2020-0826 Hive Case 3950 Malicious Email Activity
37.59.236.156	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=156,FR)
37.59.24.177	32	dbc	None	2020-05-13 00:00:00	2021-05-13 00:00:00	None	FR TO-S-2020-0503 Malicious Email Activity
37.59.46.20	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	FR TO-S-2020-0493 Malware Activity
37.59.47.80	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	FR TO-S-2020-0493 Malware Activity
37.59.55.199	24	RR	None	2021-05-30 00:00:00	2021-08-28 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - SourceFire (IP=199,FR)
37.6.157.87	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	GR TO-S-2020-0331 Malicious Web Application Activity
37.6.163.132	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	GR TO-S-2020-0303 Malicious Email Activity
37.6.163.71	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	GR TO-S-2020-0331 Malicious Web Application Activity
37.6.167.88	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	GR TO-S-2020-0303 Malicious Email Activity
37.6.53.207	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	GR TO-S-2020-0331 Malicious Web Application Activity
37.6.92.171	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	GR TO-S-2020-0331 Malicious Web Application Activity
37.70.101.43	24	KH	None	2021-09-04 00:00:00	2021-12-03 00:00:00	None	Drupal Core CVE-2018-7600 Form Rendering Post_render RCE - FE IPS (IP=43,FR)
37.70.8.161	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	FR TO-S-2021-0876 Hive Case 4166 Malware Activity
37.72.171.98	32	dbc	None	2020-06-10 00:00:00	2021-06-10 00:00:00	None	Unaffiliated TO-S-2020-0601 Malicious Email Activity
37.72.175.179	32	dbc	None	2020-01-08 00:00:00	2021-01-08 00:00:00	None	US TO-S-2020-0236 Malware Activity
37.72.60.161	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	TR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
37.72.98.117	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=117,NL)
37.75.10.148	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	TR TO-S-2020-0331 Malware Activity
37.9.2.180	24	DT	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr web attacks (IP=180,RU)
37.9.57.150	32	wmp	None	2021-04-15 00:00:00	2021-07-15 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=150,GB)
37.9.57.150	24	EE	None	2021-04-15 00:00:00	2021-07-14 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt (1:28556:3) Sourcefire (IP=150,GB)
37.97.190.42	24	BMP	None	2021-03-08 00:00:00	2021-06-08 00:00:00	None	SERVER-WEBAPP LifeRay arbitrary Java object deserialization attempt - 6hr Web Attacks (IP=42,NL)
37.99.118.0	23	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	KZ Hive Case 4187 TO-S-2021-0898 Malicious Web Application Activity
38.101.225.138	32	UA	None	2021-08-15 00:00:00	2021-11-13 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=138,US)
38.103.25.42	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	US TO-S-2020-0303 Malicious Email Activity
38.104.238.180	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=180,US)
38.111.112.229	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	US TO-S-2020-0698 Malware Activity
38.111.141.32	32	NAB	None	2021-05-17 00:00:00	2021-11-17 00:00:00	None	HIVE Case #NA FP Security (IP=32,US)
38.114.192.134	32	SW	None	2021-06-17 00:00:00	2021-09-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=134,US)
38.114.192.136	32	SW	None	2021-06-17 00:00:00	2021-09-15 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=136,US)
38.123.76.111	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	MX TO-S-2020-0303 Malicious Web Application Activity
38.128.66.209	32	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	US TO-S-2020-0322 Malware Activity
38.132.103.147	32	BMP	None	2020-11-13 00:00:00	2021-02-11 00:00:00	None	SERVER-WEBAPP Citrix ADC and Gateway information disclosure attempt - SourceFire (IP=147,US)
38.132.103.148	32	FT	None	2020-10-17 00:00:00	2021-12-18 00:00:00	None	HTTP: Apache Tomcat PUT JSP File Upload (CVE-2017-12615 and | updated by dbc Block expiration extended with reason US TO-S-2021-1007 Malware Activity
38.132.103.149	32	RW	None	2020-11-22 00:00:00	2021-02-22 00:00:00	None	SERVER-WEBAPP Cisco ASA directory traversal attempt - Web Attacks (IP=149,US)
38.132.118.133	32	RW	None	2020-12-08 00:00:00	2021-03-08 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - SourceFire (IP=133,US)
38.133.48.158	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	CA TO-S-2020-0298 Malicious Email Activity
38.135.104.189	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	Unaffiliated TO-S-2020-0698 Malicious Email Activity
38.135.122.36	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=36,US)
38.135.33.244	32	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	US TO-S-2020-0838 Malicious Email Activity
38.135.93.90	32	dbc	None	2020-03-24 00:00:00	2021-03-24 00:00:00	None	US TO-S-2020-0369 Malicious Email Activity
38.29.208.208	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=208,US)
38.39.190.47	32	BMP	None	2021-02-13 00:00:00	2021-05-13 00:00:00	None	Unauthorized Access-Probe/UDP: Host Sweep - IR# 21C00494 (IP=47,US)
38.39.201.69	32	dbc	None	2020-04-08 00:00:00	2021-04-08 00:00:00	None	NL TO-S-2020-0419 Malware Activity
38.70.235.100	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	US TO-S-2021-1007 Malicious Email Activity
38.87.33.4	32	RW	None	2021-03-31 00:00:00	2021-06-30 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability - 6hr web attacks (IP=4,US)
38.96.46.149	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=149,US)
39.101.171.110	24	BMP	None	2021-08-23 00:00:00	2021-11-21 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - 6hr Web Attacks (IP=110,CN)
39.102.40.104	24	BMP	None	2021-06-02 00:00:00	2021-08-31 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=104,CN)
39.102.48.140	32	UA	None	2021-08-14 00:00:00	2021-11-12 00:00:00	None	SERVER-WEBAPP Sonatype Nexus Repository Manager remote code execution attempt (1:50533:1) - SourceFire Report (IP=140,CN)
39.104.160.163	32	srm	None	2021-04-07 00:00:00	2021-07-07 00:00:00	None	Firepower Suspicious Scan Activity (IP=163,CN)
39.104.69.228	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	HIVE Case #Firepower Firepower (IP=228,CN)
39.105.14.35	32	srm	None	2021-04-07 00:00:00	2021-07-07 00:00:00	None	Firepower Suspicious Scan Activity (IP=35,CN)
39.105.145.76	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=76,CN)
39.105.162.54	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=54,CN)
39.105.175.176	32	srm	None	2021-04-07 00:00:00	2021-07-07 00:00:00	None	Firepower Suspicious Scan Activity (IP=176,CN)
39.105.178.41	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=41,CN)
39.105.18.132	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=132,CN)
39.105.206.89	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=89,CN)
39.105.53.67	24	GM	None	2020-10-05 00:00:00	2021-01-05 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - Web Attacks (IP=67,CN)
39.105.72.176	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=176,CN)
39.105.80.23	32	wmp	None	2021-02-18 00:00:00	2021-05-18 00:00:00	None	Firepower Suspicious Scan Activity (IP=23,CN)
39.105.81.114	24	BMP	None	2021-03-25 00:00:00	2021-06-23 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=114,CN)
39.106.108.238	24	RR	None	2020-12-01 00:00:00	2021-03-01 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt (1:51395:1) - SourceFire (IP=238,CN)
39.106.119.103	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=103,CN)
39.106.181.141	24	RB	None	2021-03-30 00:00:00	2021-06-28 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Sourcefire (IP=141,CN)
39.106.61.183	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=183,CN)
39.106.89.208	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=208,CN)
39.107.113.31	32	srm	None	2021-04-07 00:00:00	2021-07-07 00:00:00	None	Firepower Suspicious Scan Activity (IP=31,CN)
39.107.117.72	24	RB	None	2021-05-09 00:00:00	2021-08-09 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability - 6hr web attacks (IP=72,CN)
39.107.177.233	24	CR	None	2021-06-29 00:00:00	2021-09-27 00:00:00	None	ESM High Attacker Suspicious Scan Activity (IP=233,CN)
39.107.241.5	32	srm	None	2021-04-07 00:00:00	2021-07-07 00:00:00	None	Firepower Suspicious Scan Activity (IP=5,CN)
39.107.249.254	32	srm	None	2021-04-07 00:00:00	2021-07-07 00:00:00	None	Firepower Suspicious Scan Activity (IP=254,CN)
39.107.254.55	24	CR	None	2021-05-19 00:00:00	2021-08-18 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=55,CN)
39.107.65.241	24	BB	None	2021-07-13 00:00:00	2021-10-11 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=241,CN)
39.108.80.147	24	AR	None	2021-07-06 00:00:00	2021-10-04 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6 HR Web Attack (IP=147,CN)
39.109.104.0	24	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	HK Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
39.109.122.226	24	GM	None	2021-01-11 00:00:00	2021-04-11 00:00:00	None	SERVER-WEBAPP vBulletin pre-authenticated command injection attempt - Sourcefire (IP=226,HK)
39.109.123.178	24	GM	None	2021-01-02 00:00:00	2021-04-02 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Web Attacks (IP=178,HK)
39.109.125.99	32	srm	None	2021-01-29 00:00:00	2021-04-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=99,HK)
39.109.126.80	24	RW	None	2021-01-19 00:00:00	2021-04-19 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - Sourcefire (IP=80,HK)
39.109.130.160	24	RR	None	2021-06-05 00:00:00	2021-09-03 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - Web Attacks (IP=160,SG)
39.109.191.196	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	SG TO-S-2020-0535 Malware Activity
39.109.34.105	24	RB	None	2021-05-17 00:00:00	2021-08-15 00:00:00	None	SERVER-WEBAPP vBulletin pre-authenticated command injection attempt - 6hr web attacks (IP=105,HK)
39.115.201.150	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	KR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
39.130.145.183	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	HIVE Case #Firepower Firepower (IP=183,CN)
39.134.165.19	24	SW	None	2021-08-20 00:00:00	2021-11-18 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - WebAttacks (IP=19,CN)
39.152.178.176	24	EE	None	2021-02-26 00:00:00	2021-05-27 00:00:00	None	SSH2 Failed Login Attempt - 6hr Failed Logons (IP=176,CN)
39.152.3.142	24	RR	None	2020-12-29 00:00:00	2021-03-29 00:00:00	None	SSH User Authentication Brute Force Attempt - Failed Logons (IP=142,CN)
39.162.98.216	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=216,CN)
39.164.112.139	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=139,CN)
39.170.27.182	24	RB	None	2021-04-13 00:00:00	2021-07-12 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=182,CN)
39.32.190.18	24	RR	None	2021-05-24 00:00:00	2021-08-22 00:00:00	None	FTP Login Failed - Failed Logons (IP=18,PK)
39.32.43.93	24	EE	None	2021-04-06 00:00:00	2021-07-05 00:00:00	None	FTP Login Failed - Failed Logon (IP=93,PK)
39.33.43.182	24	RB	None	2021-01-13 00:00:00	2021-04-13 00:00:00	None	FTP Login Failed - 6hr failed logons (IP=182,PK)
39.33.56.45	24	BMP	None	2020-12-05 00:00:00	2021-03-05 00:00:00	None	SSH FTP Login Failed - 6hr Failed Logons (IP=45,PK)
39.33.73.130	24	EE	None	2020-12-26 00:00:00	2021-03-26 00:00:00	None	FTP Login Failed - 6 HR Failed Logons (IP=130,PK)
39.33.76.15	24	CR	None	2021-05-31 00:00:00	2021-08-29 00:00:00	None	Nuclei Vulnerability Scanner - IPS Event (IP=15,PK)
39.36.172.1	24	KH	None	2021-09-05 00:00:00	2021-12-04 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6hr Failed Logons (IP=1,PK)
39.36.221.117	24	EE	None	2021-04-22 00:00:00	2021-07-21 00:00:00	None	FTP Login Failed Failed Logon (IP=117,PK)
39.43.121.188	24	EE	None	2021-01-26 00:00:00	2021-04-26 00:00:00	None	FTP Login Failed - 6 HR Failed Logons (IP=188,PK)
39.43.74.87	32	BMP	None	2020-12-05 00:00:00	2021-03-05 00:00:00	None	FTP Login Failed - 6hr Failed Logons (IP=87,US)
39.44.22.190	24	BMP	None	2020-10-17 00:00:00	2021-01-15 00:00:00	None	POLICY-OTHER Adobe ColdFusion admin interface access attempt - 6hr Web Attacks (IP=190,PK)
39.44.78.58	24	BMP	None	2020-10-16 00:00:00	2021-01-14 00:00:00	None	HTTP: Apache mod_cgi Bash Environment Variable Code Injection - 6hr Web Attacks (IP=58,PK)
39.46.100.171	24	EE	None	2020-12-31 00:00:00	2021-03-31 00:00:00	None	FTP Login Failed - 6 HR Failed Logons (IP=171,PK)
39.50.39.77	24	RW	None	2021-06-29 00:00:00	2021-09-27 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt (1:19559:13) - Sourcefire (IP=77,PK)
39.52.241.227	24	GM	None	2021-01-02 00:00:00	2021-04-02 00:00:00	None	FTP Login Failed - Failed Logons (IP=227,PK)
39.53.137.95	24	KD	None	2021-09-01 00:00:00	2021-12-01 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=95,PK)
39.53.174.47	24	RW	None	2021-08-31 00:00:00	2021-11-29 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=47,PK)
39.53.97.120	24	RT	None	2021-08-18 00:00:00	2021-11-17 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6HR Failed Logons (IP=120,PK) | updated by BB Block expiration extended with reason INDICATOR-SCAN SSH brute force login attempt (1:19559:13) - SSH (IP=120,PK)
39.60.67.167	24	RR	None	2021-03-09 00:00:00	2021-06-07 00:00:00	None	FTP Login Failed - Failed Logons (IP=167,PK)
39.60.98.169	24	BMP	None	2020-12-06 00:00:00	2021-03-06 00:00:00	None	SSH FTP Login Failed - 6hr Failed Logons (IP=169,PK)
39.64.88.227	32	srm	None	2021-04-07 00:00:00	2021-07-07 00:00:00	None	Firepower Suspicious Scan Activity (IP=227,CN)
39.65.243.129	24	GM	None	2021-01-26 00:00:00	2021-04-26 00:00:00	None	Generic URI Injection wget Attempt - FireEye CMS (IP=129,CN)
39.65.52.124	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=124,CN)
39.65.68.49	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=49,CN)
39.65.70.223	32	wmp	None	2021-05-06 00:00:00	2021-08-06 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=223,CN)
39.65.87.176	32	srm	None	2021-02-02 00:00:00	2021-05-03 00:00:00	None	Firepwer Suspicious Scan Activity (IP=176,CN)
39.66.115.94	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=94,CN)
39.66.129.163	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=163,CN)
39.66.80.106	32	srm	None	2021-04-20 00:00:00	2021-07-19 00:00:00	None	Firepower Suspicious Scan Activity (IP=106,CN)
39.67.146.60	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=60,CN)
39.67.92.131	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=131,CN)
39.68.124.76	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	HIVE Case #Firepower Firepower (IP=76,CN)
39.68.226.21	24	GM	None	2021-01-30 00:00:00	2021-04-30 00:00:00	None	Generic URI Injection wget Attempt - FireEye CMS (IP=21,CN)
39.68.249.255	32	srm	None	2021-04-07 00:00:00	2021-07-07 00:00:00	None	Firepower Suspicious Scan Activity (IP=255,CN)
39.68.40.255	32	srm	None	2021-01-29 00:00:00	2021-04-29 00:00:00	None	Firepwer Suspicious Scan Activity (IP=255,CN)
39.72.167.202	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=202,CN)
39.74.172.85	32	srm	None	2021-05-04 00:00:00	2021-08-02 00:00:00	None	Firepower Suspicious Scan Activity (IP=85,CN)
39.74.31.192	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=192,CN)
39.74.42.248	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	HIVE Case #Firepower Firepower (IP=248,CN)
39.76.78.251	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=251,CN)
39.76.79.43	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=43,CN)
39.77.113.201	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=201,CN)
39.77.114.45	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=45,CN)
39.77.14.27	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	HIVE Case #Firepower Firepower (IP=27,CN)
39.77.150.203	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=203,CN)
39.79.107.66	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=66,CN)
39.79.62.43	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=43,CN)
39.80.127.214	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=214,CN)
39.80.28.124	32	srm	None	2021-04-23 00:00:00	2021-07-22 00:00:00	None	Firepower Suspicious Scan Activity (IP=124,CN)
39.80.36.151	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=151,CN)
39.80.38.27	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=27,CN)
39.80.43.244	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=244,CN)
39.80.68.141	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=141,CN)
39.83.94.11	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=11,CN)
39.84.91.64	24	FT	None	2020-10-19 00:00:00	2021-01-19 00:00:00	None	APP-DETECT SSH server detected on non-standard port (1:13586:5) - SourceFire (IP=91,CN)
39.85.241.89	32	srm	None	2021-01-29 00:00:00	2021-04-29 00:00:00	None	Firepwer Suspicious Scan Activity (IP=89,CN)
39.85.54.4	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=4,CN)
39.86.129.233	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=233,CN)
39.86.184.164	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=164,CN)
39.86.58.13	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=13,CN)
39.86.78.146	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=146,CN)
39.86.78.244	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=244,CN)
39.87.168.222	32	srm	None	2021-04-22 00:00:00	2021-07-21 00:00:00	None	Firepower Suspicious Scan Activity (IP=222,CN)
39.87.98.115	24	BMP	None	2021-01-15 00:00:00	2021-04-15 00:00:00	None	Generic URI Injection wget Attempt - Fireye IPS (IP=115,CN)
39.88.122.190	24	WR	None	2021-06-23 00:00:00	2021-09-21 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (1:42857:3) - Sourcefire Report (IP=190,CN)
39.88.143.176	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=176,CN)
39.88.155.96	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=96,CN)
39.88.175.172	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=172,CN)
39.89.146.36	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=36,CN)
39.89.253.227	24	DT	None	2021-06-24 00:00:00	2021-09-22 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (1:42857:3) - Source Fire (IP=227,CH)
39.89.63.23	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=23,CN)
39.89.68.70	24	DT	None	2021-06-21 00:00:00	2021-09-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=70,CN)
39.90.231.70	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	HIVE Case #Firepower Firepower (IP=70,CN)
39.96.12.154	24	BMP	None	2021-06-17 00:00:00	2021-09-15 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=154,CN)
3979365288.adollarchange.coom	---	TLM	None	2021-06-15 00:00:00	2021-09-13 00:00:00	2023-01-19 22:57:32	HIVE Case #5605 TO-S-2021-1338
3gmir3.com	---	gl	None	2020-02-10 00:00:00	2021-02-10 00:00:00	2023-01-19 22:36:20	HIVE Case #1948 FE NX DTI.Callback
4.16.113.138	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=138,US)
4.2.190.34	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=34,US)
4.2.190.45	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=45,US)
4.4.91.162	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=162,US)
4.71.37.45	32	DT	None	2020-08-25 00:00:00	2021-08-21 00:00:00	None	SERVER-WEBAPP Zeroshell Linux Router command injection attempt - SourceFire (IP=45,US) | updated by wmp Block was inactive. Reactivated on 20210521 with reason Palo Alto Suspicious Scan Activity (IP=45,US)
40.108.217.56	32	dbc	None	2020-06-08 00:00:00	2021-06-08 00:00:00	None	Unafiliated TO-S-2020-0592 Malicious Email Activity
40.108.245.27	32	dbc	None	2020-06-08 00:00:00	2021-06-08 00:00:00	None	Unafiliated TO-S-2020-0592 Malicious Email Activity
40.108.247.53	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	Unaffiliated TO-S-2020-0535 Malicious Email Activity
40.112.249.15	32	BMP	None	2020-10-16 00:00:00	2021-01-14 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - 6hr Web Attacks (IP=15,US)
40.113.200.106	32	ZH	None	2021-06-28 00:00:00	2021-09-26 00:00:00	None	SERVER-WEBAPP Atlassian Jira makeRequest server side request forgery attempt (1:52406:1) - Sourcefire Rpt (IP=106,US)
40.113.200.106	32	SW	None	2021-06-28 00:00:00	2021-09-26 00:00:00	None	Apache Struts2 ParametersInterceptor Remote Command Execution - IPS Events (IP=106,US)
40.113.205.34	32	KD	None	2021-08-24 00:00:00	2021-11-22 00:00:00	None	Command Injection - ABC Report (IP=34,US)
40.113.207.176	32	BMP	None	2021-06-12 00:00:00	2021-09-10 00:00:00	None	HTTP: Adobe ColdFusion Directory Traversal Information Disclosure Vulnerability - 6hr Web Attacks (IP=176,US)
40.113.207.176	32	BMP	None	2021-06-12 00:00:00	2021-09-10 00:00:00	None	HTTP: Adobe ColdFusion Directory Traversal Information Disclosure Vulnerability - 6hr Web Attacks (IP=176,US)
40.113.207.246	32	BMP	None	2021-05-29 00:00:00	2021-08-27 00:00:00	None	SQL injection - 6hr Web Attacks (IP=246,US)
40.114.105.225	32	BMP	None	2021-05-26 00:00:00	2021-08-24 00:00:00	None	Artica Web Proxy SQL Injection Vulnerability - 6hr Web Attacks (IP=225,US)
40.114.105.225	32	PS	None	2021-05-26 00:00:00	2021-08-24 00:00:00	None	SERVER-WEBAPP PHPMailer command injection remote code execution attempt - Sourcefire (1:45917:1) (IP=225,US)
40.114.105.225	32	BMP	None	2021-05-26 00:00:00	2021-08-24 00:00:00	None	Artica Web Proxy SQL Injection Vulnerability - 6hr Web Attacks (IP=225,US)
40.114.105.225	32	PS	None	2021-05-26 00:00:00	2021-08-24 00:00:00	None	SERVER-WEBAPP PHPMailer command injection remote code execution attempt - Sourcefire (1:45917:1) (IP=225,US)
40.114.35.7	32	DT	None	2021-02-23 00:00:00	2021-05-24 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - SourceFire (IP=7,US)
40.114.88.81	32	DT	None	2020-11-06 00:00:00	2021-02-06 00:00:00	None	HTTP: Apache Struts OGNL Code Execution - TT# 21C00216 (IP=81,US)
40.118.43.80	24	BMP	None	2021-03-07 00:00:00	2021-06-07 00:00:00	None	INDICATOR-COMPROMISE PHP backdoor communication attempt (1:50950:1) - SourceFire (IP=80,NL)
40.121.20.37	32	BMP	None	2021-03-07 00:00:00	2021-06-07 00:00:00	None	OS-OTHER Bash CGI environment variable injection attempt (1:31978:5) - SourceFire (IP=37,US)
40.121.232.25	32	GM	None	2021-03-24 00:00:00	2021-06-24 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=25,US)
40.121.62.170	32	DT	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr web attacks (IP=170,US)
40.121.62.170	32	DT	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr web attacks (IP=170,US)
40.121.62.170	32	DT	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr web attacks (IP=170,US)
40.122.160.125	32	KH	None	2021-10-01 00:00:00	2021-12-30 00:00:00	None	Possible Cross-site Scripting Attack - FE IPS (IP=125,US)
40.122.36.205	32	RW	None	2021-09-17 00:00:00	2021-12-16 00:00:00	None	Possible Cross-site Scripting Attack - FireEye IPS (IP=205, US)
40.122.36.205	32	RW	None	2021-09-17 00:00:00	2021-12-16 00:00:00	None	Possible Cross-site Scripting Attack - FireEye IPS (IP=205, US)
40.122.47.242	32	RW	None	2021-07-27 00:00:00	2021-10-25 00:00:00	None	Web server exploit attempts - Fireeye Web (IP=242,US)
40.122.78.41	32	CR	None	2021-05-31 00:00:00	2021-08-29 00:00:00	None	File /etc/passwd Access Attempt Detect - IPS Event (IP=41,US)
40.123.208.141	24	BMP	None	2021-02-16 00:00:00	2021-05-15 00:00:00	None	SERVER-WEBAPP JBoss JMX console access attempt - 6hr Web Attacks (IP=141,AE)
40.123.248.170	32	wmp	None	2021-03-04 00:00:00	2021-06-04 00:00:00	None	FirePower Suspicious Scan Activity (IP=170,ZA)
40.124.30.174	32	ZH	None	2021-07-16 00:00:00	2021-10-14 00:00:00	None	possible SQL injection attempt - ABC Report (IP=174,US)
40.124.41.59	32	ZH	None	2021-08-21 00:00:00	2021-11-19 00:00:00	None	ABC Command Injection (IP=59,US)
40.124.48.144	32	ZH	None	2021-07-21 00:00:00	2021-10-19 00:00:00	None	Command Injection - ABC Report (IP=144,US)
40.124.48.144	32	KH	None	2021-07-21 00:00:00	2021-10-19 00:00:00	None	Command Injection - ABC Report (IP=144,US)
40.132.78.121	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	US TO-S-2020-0298 Malicious Email Activity
40.133.0.77	32	GM	None	2020-12-03 00:00:00	2021-03-03 00:00:00	None	HTTP SQL Injection Attempt - Web Attacks (IP=77,US)
40.136.78.142	32	dbc	None	2021-03-03 00:00:00	2021-09-03 00:00:00	None	US CTO 21-056 Continuous Usage of Telnet
40.65.182.67	24	RR	None	2021-05-19 00:00:00	2021-09-03 00:00:00	None	SQL injection - Web Attacks (IP=67,SG) | updated by RR Block expiration extended with reason SQL injection - Web Attacks (IP=67,SG) SQL injection - Web Attacks (IP=67,SG) | updated by RR Block expiration extended with reason HTTP: SQL Injection - Exp
40.65.182.67	24	RR	None	2021-05-18 00:00:00	2021-09-03 00:00:00	None	SQL injection - Web Attacks (IP=67,SG) | updated by RR Block expiration extended with reason SQL injection - Web Attacks (IP=67,SG) SQL injection - Web Attacks (IP=67,SG) | updated by RR Block expiration extended with reason HTTP: SQL Injection - Exp
40.65.182.67	24	RR	None	2021-06-05 00:00:00	2021-09-03 00:00:00	None	SQL injection - Web Attacks (IP=67,SG) | updated by RR Block expiration extended with reason SQL injection - Web Attacks (IP=67,SG) SQL injection - Web Attacks (IP=67,SG) | updated by RR Block expiration extended with reason HTTP: SQL Injection - Exp
40.65.99.132	32	AR	None	2021-08-22 00:00:00	2021-11-20 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - 6hr Web Attacks (IP=132,US)
40.66.31.98	32	AR	None	2021-05-27 00:00:00	2021-11-23 00:00:00	None	- CTO 21-131 (IP=98,US)
40.66.31.98	32	AR	None	2021-05-27 00:00:00	2021-11-23 00:00:00	None	- CTO 21-131 (IP=98,US)
40.69.157.11	32	DT	None	2021-08-20 00:00:00	2021-11-18 00:00:00	None	Command Injection (IP=11,US)
40.71.94.186	32	BMP	None	2020-11-11 00:00:00	2021-02-11 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - 6hr Web Attacks (IP=186,US)
40.73.0.168	24	BMP	None	2021-01-21 00:00:00	2021-04-21 00:00:00	None	Drupal Core CVE-2018-7600 Form Rendering Post_render RCE - FireEye CMS (IP=168,CN)
40.73.0.168	24	BMP	None	2021-01-21 00:00:00	2021-04-21 00:00:00	None	Drupal Core CVE-2018-7600 Form Rendering Post_render RCE - FireEye CMS (IP=168,CN)
40.74.139.130	32	wmp	None	2021-02-08 00:00:00	2021-05-08 00:00:00	None	Firepower Suspicious Scan Activity (IP=130,JP)
40.74.248.222	32	CR	None	2021-05-30 00:00:00	2021-08-28 00:00:00	None	FortiOS SSL VPN CVE-2018-13379 Information Disclosure - IPS Events (IP=222,US)
40.74.248.222	32	CR	None	2021-05-30 00:00:00	2021-08-28 00:00:00	None	FortiOS SSL VPN CVE-2018-13379 Information Disclosure - IPS Events (IP=222,US)
40.74.65.232	24	RR	None	2020-12-29 00:00:00	2021-03-29 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - SourceFire (IP=232,JP)
40.76.226.14	32	UA	None	2021-06-22 00:00:00	2021-09-22 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (IP=14,US)
40.76.226.14	32	UA	None	2021-06-22 00:00:00	2021-09-22 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Source Fire (IP=14,US)
40.76.48.188	32	GM	None	2020-11-22 00:00:00	2021-02-22 00:00:00	None	SERVER-WEBAPP Apache Tomcat FileStore directory traversal attempt - Sourcefire (IP=188,US)
40.76.59.60	32	GM	None	2020-11-20 00:00:00	2021-02-20 00:00:00	None	SERVER-WEBAPP JBoss JMXInvokerServlet access attempt - Web Attacks (IP=60,US)
40.76.68.86	32	PS	None	2021-06-03 00:00:00	2021-09-01 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=86,US)
40.76.68.86	32	PS	None	2021-06-03 00:00:00	2021-09-01 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=86,US)
40.76.76.177	32	AR	None	2021-05-25 00:00:00	2021-08-30 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire Report(IP=177,US) | updated by ZH Block expiration extended with reason SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher S
40.76.76.177	32	ZH	None	2021-06-01 00:00:00	2021-08-30 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire Report(IP=177,US) | updated by ZH Block expiration extended with reason SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher S
40.77.17.49	32	AR	None	2021-09-21 00:00:00	2021-12-20 00:00:00	None	SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1272 attack attempt - 6Hr Web Attacks (IP=49,US)
40.77.56.191	32	RW	None	2021-07-14 00:00:00	2021-10-12 00:00:00	None	Multiple web server exploit attempts - Fireeye MPS (IP=191,US)
40.77.60.228	32	BMP	None	2021-06-22 00:00:00	2021-09-20 00:00:00	None	rConfig SQL Injection Vulnerability - 6hr Web Attacks (IP=228,US)
40.77.69.111	32	BMP	None	2021-06-26 00:00:00	2021-09-24 00:00:00	None	SQL injection - 6hr Web Attacks (IP=111,US)
40.78.23.161	32	KF	None	2020-02-02 00:00:00	2021-05-21 00:00:00	None	HTTP: SQL Injection - Exploit II (IP=161,US) | updated by RW Block expiration extended with reason HTTP: SQL Injection - Exploit II - 6hr web attacks (IP=161,US) | updated by dbc Block expiration extended with reason Unaffiliated TO-S-2020-0535 Malwa
40.78.88.230	32	ZH	None	2021-09-21 00:00:00	2021-12-20 00:00:00	None	SERVER-WEBAPP Kibana Console for Elasticsearch local file inclusion attempt (1:48815:3) - Sourcefire Rpt (IP=230,US)
40.80.152.102	32	DT	None	2021-03-30 00:00:00	2021-06-28 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=102,US)
40.80.88.135	24	RW	None	2021-04-18 00:00:00	2021-07-18 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web attacks (IP=135,IN)
40.81.207.42	24	RR	None	2021-04-15 00:00:00	2021-07-14 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=42,JP)
40.83.12.175	32	ZH	None	2021-09-14 00:00:00	2021-12-13 00:00:00	None	T1190 - Command Injection,SQL Injection (IP=175,US)
40.83.12.38	32	BB	None	2021-09-02 00:00:00	2021-12-01 00:00:00	None	Command Injection - ABC Report(IP=38,US)
40.83.15.123	32	ZH	None	2021-07-24 00:00:00	2021-10-22 00:00:00	None	SQL injection - 6hr Web Attacks (IP=123,US)
40.83.40.40	32	DT	None	2021-08-31 00:00:00	2021-11-29 00:00:00	None	SQL injection - Web Attacks (IP=40,US)
40.83.47.197	32	KH	None	2021-08-16 00:00:00	2021-11-14 00:00:00	None	Command Injection - ABC Report (IP=197,US)
40.84.140.168	32	KH	None	2021-09-27 00:00:00	2021-12-26 00:00:00	None	File /etc/passwd Access Attempt Detect - FE IPS (IP=168,US)
40.84.153.78	32	BMP	None	2021-04-27 00:00:00	2021-07-26 00:00:00	None	SQL injection - 6hr Web Attacks (IP=78,US)
40.84.190.95	32	ABC	None	2021-09-20 00:00:00	2021-12-19 00:00:00	None	T1190 - Command Injection,SQL Injection (IP=95,US)
40.84.213.43	32	CR	None	2021-05-13 00:00:00	2021-08-11 00:00:00	None	Command Injection (IP=43,US)
40.84.230.71	32	BB	None	2021-07-05 00:00:00	2021-10-03 00:00:00	None	Command Injection - ABC Report (IP=71,US)
40.86.93.51	32	ZH	None	2021-08-29 00:00:00	2021-11-27 00:00:00	None	ABC Command Injection 6hr Web Attack (IP=51,US)
40.88.144.52	32	BMP	None	2021-08-08 00:00:00	2021-11-06 00:00:00	None	Attempted Access - Inbound Brute Force - TT# 21C01529 (IP=52,US)
40.88.39.15	32	DT	None	2021-04-24 00:00:00	2021-07-24 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr web attacks (IP=15,US)
40.89.132.231	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	FR TO-S-2020-0535 Malicious Email Activity
40.89.150.169	24	BB	None	2021-07-06 00:00:00	2021-10-04 00:00:00	None	SERVER-OTHER Mikrotik RouterOS directory traversal attempt - SourceFire (IP=169,FR)
40.90.232.54	32	RT	None	2021-05-20 00:00:00	2021-08-19 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - 6 hr web attacks (IP=54,US)
41.0.224.0	21	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5629 TO-S-2021-1303 (IP=0,ZA)
41.105.1.184	24	RR	None	2021-06-06 00:00:00	2021-09-04 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - SourceFire (IP=184,DZ)
41.105.231.0	24	DT	None	2021-04-23 00:00:00	2021-07-23 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=0,DZ)
41.106.180.61	24	EE	None	2021-02-07 00:00:00	2021-05-08 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6 HR Failed Logons (IP=61,DZ)
41.107.38.113	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=113,DZ)
41.110.179.238	32	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	DZ TO-S-2020-0838 Malware Activity
41.111.131.98	24	DT	None	2021-04-23 00:00:00	2021-07-23 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6 hr failed logons (IP=98,DZ)
41.111.132.33	24	GM	None	2021-03-03 00:00:00	2021-06-03 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Web Attacks (IP=33,DZ)
41.13.40.54	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	ZA Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
41.138.112.0	23	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	NG TO-S-2020-0303 Malware Activity
41.138.186.0	24	dbc	None	2020-09-17 00:00:00	2021-09-17 00:00:00	None	NG TO-S-2020-0805 Malicious Web Application Activity
41.139.128.0	19	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	KE Hive Case 4237 TO-S-2021-0910 Malware Activity
41.139.149.158	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	KE Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
41.139.155.50	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	KE TO-S-2020-0303 Malicious Email Activity
41.139.160.0	19	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=0,KE)
41.140.173.144	24	BB	None	2021-09-26 00:00:00	2021-12-25 00:00:00	None	SQL injection - Web Attacks (IP=144,MA)
41.140.173.144	24	BB	None	2021-09-26 00:00:00	2021-12-25 00:00:00	None	SQL injection - Web Attacks (IP=144,MA)
41.140.173.144	24	BB	None	2021-09-26 00:00:00	2021-12-25 00:00:00	None	SQL injection - Web Attacks (IP=144,MA)
41.140.173.144	24	BB	None	2021-09-26 00:00:00	2021-12-25 00:00:00	None	SQL injection - Web Attacks (IP=144,MA)
41.140.173.144	24	BB	None	2021-09-26 00:00:00	2021-12-25 00:00:00	None	SQL injection - Web Attacks (IP=144,MA)
41.140.68.134	24	DT	None	2021-08-20 00:00:00	2021-11-18 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - Sourcefire (IP=134,MA)
41.143.155.247	24	RR	None	2020-12-22 00:00:00	2021-03-22 00:00:00	None	OS-OTHER Bash CGI environment variable injection attempt - Web Attacks (IP=247,MA)
41.144.141.20	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	ZA Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
41.146.3.2	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	ZA TO-S-2020-0298 Malicious Email Activity
41.155.243.150	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	EG Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
41.175.155.78	24	DT	None	2021-01-02 00:00:00	2021-04-02 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr Web attacks (IP=78,ZA)
41.185.120.40	24	EE	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=40,ZA)
41.186.71.252	24	EE	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attack (IP=252,RW)
41.188.104.98	24	FT	None	2020-10-18 00:00:00	2021-01-18 00:00:00	None	SERVER-WEBAPP WordPress SocialWarfare deprecated function access attempt (1:49527:2) - SourceFire (IP=98,EG)
41.188.105.28	24	GM	None	2021-01-07 00:00:00	2021-04-07 00:00:00	None	Generic URI Injection wget Attempt - FireEye CMS (IP=28,MR)
41.190.29.100	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=100,NG)
41.190.45.238	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	ZW Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
41.191.100.0	22	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	CM TO-S-2020-0298 Malicious Email Activity
41.193.162.185	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	ZA TO-S-2020-0298 Malicious Email Activity
41.193.171.91	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	ZA TO-S-2020-0298 Malicious Email Activity
41.193.88.148	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	ZA TO-S-2020-0331 Malicious Web Application Activity
41.204.254.0	24	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	NG TO-S-2020-0331 Malicious Web Application Activity
41.204.93.114	24	GM	None	2021-04-03 00:00:00	2021-07-03 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=114,CM)
41.204.96.0	24	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	MG TO-S-2020-0331 Malicious Web Application Activity
41.205.25.245	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	CM TO-S-2020-0303 Malicious Email Activity
41.205.92.70	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	CM TO-S-2020-0303 Malicious Email Activity
41.206.61.116	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	KE TO-S-2020-0298 Malicious Email Activity
41.206.61.34	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	KE TO-S-2020-0298 Malicious Email Activity
41.207.166.35	32	dbc	None	2020-01-08 00:00:00	2021-01-08 00:00:00	None	TG TO-S-2020-0236 Malicious Email Activity
41.208.71.14	32	dbc	None	2020-09-17 00:00:00	2021-09-17 00:00:00	None	LY TO-S-2020-0805 Malicious Email Activity
41.209.96.0	19	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	SD TO-S-2020-0750 Malicious Email Activity
41.210.32.43	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	GH TO-S-2020-0298 Malicious Email Activity
41.211.104.48	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	CM TO-S-2020-0303 Malicious Email Activity
41.211.109.48	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	CM TO-S-2020-0303 Malicious Email Activity
41.211.124.0	22	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	CM TO-S-2020-0298 Malicious Email Activity
41.215.252.0	23	dbc	None	2020-08-26 00:00:00	2021-08-26 00:00:00	None	CD TO-S-2020-0758 Malware Activity
41.216.64.0	19	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	ZM Hive Case 4237 TO-S-2021-0910 Malware Activity
41.217.47.20	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	NE Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
41.219.65.138	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	NA Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
41.220.242.50	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	KE Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
41.221.32.216	24	EE	None	2021-04-04 00:00:00	2021-07-03 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attack (IP=216,TZ)
41.221.64.0	20	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	MZ TO-S-2020-0298 Malicious Email Activity
41.223.184.0	22	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	CF TO-S-2020-0298 Malicious Email Activity
41.223.227.0	24	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	RW TO-S-2020-0331 Malicious Web Application Activity
41.223.232.0	22	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	BF TO-S-2021-1007 Malware Activity
41.225.19.163	24	RB	None	2021-06-05 00:00:00	2021-09-03 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability - 6hr web attacks (IP=163,TN)
41.226.199.104	24	RW	None	2020-11-09 00:00:00	2021-02-09 00:00:00	None	Malicious IP - Hive Case #4267 (IP=104,TN)
41.226.25.4	24	GM	None	2021-01-29 00:00:00	2021-08-21 00:00:00	None	SSH2 Failed Login Attempt - Failed Logons (IP=4,TN) | updated by RR Block was inactive. Reactivated on 20210523 with reason SSH2 Failed Login Attempt - Failed Logons(IP=4,TN)
41.226.60.115	32	srm	None	2021-01-28 00:00:00	2021-04-28 00:00:00	None	Firepower Suspicious Scan Activity (IP=115,TN)
41.226.60.138	32	srm	None	2021-01-29 00:00:00	2021-04-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=138,TN)
41.234.162.97	24	KH	None	2021-09-11 00:00:00	2021-12-10 00:00:00	None	INDICATOR-OBFUSCATION select concat statement - possible sql injection (1:19437:6) - Sourcefire (IP=97,EG)
41.243.15.138	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	US TO-S-2020-0303 Malicious Email Activity
41.248.239.139	24	GM	None	2020-10-08 00:00:00	2021-01-08 00:00:00	None	SERVER-WEBAPP Wordpress File Manager plugin elFinder remote code execution attempt - Sourcefire (IP=139,MA)
41.251.198.0	24	KD	None	2021-06-15 00:00:00	2021-09-14 00:00:00	None	PROTOCOL-FTP ProFTPD mod_copy remote code execution attempt (1:34225:5) - SourceFire (IP=0,MA) | updated by KD Block expiration extended with reason PROTOCOL-FTP ProFTPD mod_copy remote code execution attempt (1:34225:5)- Source fire (IP=0,MA) PROTOCOL
41.251.198.0	24	BMP	None	2021-06-15 00:00:00	2021-09-14 00:00:00	None	PROTOCOL-FTP ProFTPD mod_copy remote code execution attempt (1:34225:5) - SourceFire (IP=0,MA) | updated by KD Block expiration extended with reason PROTOCOL-FTP ProFTPD mod_copy remote code execution attempt (1:34225:5)- Source fire (IP=0,MA) PROTOCOL
41.35.224.207	24	AR	None	2021-07-08 00:00:00	2021-10-06 00:00:00	None	SQL injection - 6 HR WEB ATTACK (IP=207,EG)
41.35.49.138	24	DT	None	2021-07-09 00:00:00	2021-10-07 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - Failed Logons (IP=138,EG)
41.39.158.162	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=162,EG)
41.39.158.162	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=162,EG)
41.42.89.237	24	BB	None	2021-07-31 00:00:00	2021-10-29 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt (1:19559:13) - SourceFire (IP=237,EG)
41.45.131.31	24	CR	None	2021-05-18 00:00:00	2021-08-16 00:00:00	None	HTTP: SQL Injection - Exploit - Web Attacks (IP=31,EG)
41.45.94.201	24	RW	None	2021-01-15 00:00:00	2021-04-15 00:00:00	None	Nuclei Vulnerability Scanner - Fireeye IPS (IP=201,EG)
41.50.85.181	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	ZA TO-S-2020-0331 Malicious Web Application Activity
41.50.89.94	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	ZA TO-S-2020-0331 Malicious Web Application Activity
41.57.136.74	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	ZA Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
41.57.42.156	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	ZA TO-S-2020-0298 Malicious Email Activity
41.57.96.0	20	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	KE TO-S-2020-0331 Malicious Web Application Activity
41.59.89.0	24	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,TZ)
41.62.58.195	32	dbc	None	2020-03-24 00:00:00	2021-03-24 00:00:00	None	US TO-S-2020-0369 Malicious Email Activity
41.63.159.0	24	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	MG TO-S-2020-0298 Malicious Email Activity
41.65.122.0	24	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=0,EG)
41.65.36.0	24	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	EG Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
41.67.59.14	24	RW	None	2021-03-31 00:00:00	2021-06-30 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability - 6hr web attacks (IP=14,SD)
41.68.130.9	24	BMP	None	2021-06-08 00:00:00	2021-09-06 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6hr Failed Logons (IP=9,EG)
41.68.131.77	32	BB	None	2021-09-10 00:00:00	2021-12-09 00:00:00	None	INDICATOR-OBFUSCATION select concat statement - possible sql injection (1:19437:6) - SourceFire (IP=77,US)
41.72.192.94	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	KE TO-S-2020-0331 Malicious Web Application Activity
41.72.197.38	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	KE Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
41.72.199.58	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	KE Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
41.72.203.6	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	KE TO-S-2020-0298 Malicious Email Activity
41.72.203.70	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	KE TO-S-2020-0298 Malicious Email Activity
41.72.205.18	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	US TO-S-2020-0303 Malicious Email Activity
41.75.112.0	20	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	MW TO-S-2021-1007 Malware Activity
41.75.64.0	20	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	US TO-S-2020-0303 Malicious Email Activity
41.76.168.0	21	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,KE)
41.76.208.0	21	TLM	None	2021-07-29 00:00:00	2021-10-27 00:00:00	None	HIVE Case #5884 TO-S-2021-1435 (IP=0,ZA)
41.77.138.0	24	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	EG Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
41.77.200.0	21	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	US TO-S-2020-0303 Malicious Email Activity
41.78.172.0	22	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	NG TO-S-2020-0298 Malicious Email Activity
41.78.38.182	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	ZA Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
41.78.88.0	22	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	NG TO-S-2020-0331 Malicious Web Application Activity
41.80.96.0	22	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	KE Hive Case 4237 TO-S-2021-0910 Malware Activity
41.83.48.133	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=133,SN)
41.84.156.206	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	KE Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
41.84.234.39	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	SZ Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
41.86.18.10	32	srm	None	2021-01-28 00:00:00	2021-04-28 00:00:00	None	Firepower Suspicious Scan Activity (IP=10,LR)
41.86.18.133	32	srm	None	2021-01-28 00:00:00	2021-04-28 00:00:00	None	Firepower Suspicious Scan Activity (IP=133,LR)
41.86.18.153	32	srm	None	2021-01-28 00:00:00	2021-04-28 00:00:00	None	Firepower Suspicious Scan Activity (IP=153,LR)
41.86.18.165	32	srm	None	2021-01-28 00:00:00	2021-04-28 00:00:00	None	Firepower Suspicious Scan Activity (IP=165,LR)
41.86.18.200	32	srm	None	2021-01-28 00:00:00	2021-04-28 00:00:00	None	Firepower Suspicious Scan Activity (IP=200,LR)
41.86.19.140	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=140,LR)
41.86.19.146	32	srm	None	2021-01-28 00:00:00	2021-04-28 00:00:00	None	Firepower Suspicious Scan Activity (IP=146,LR)
41.86.19.80	32	srm	None	2021-01-28 00:00:00	2021-04-28 00:00:00	None	Firepower Suspicious Scan Activity (IP=80,LR)
41.86.21.12	32	srm	None	2021-01-28 00:00:00	2021-04-28 00:00:00	None	Firepower Suspicious Scan Activity (IP=12,LR)
41.86.21.22	32	srm	None	2021-01-28 00:00:00	2021-04-28 00:00:00	None	Firepower Suspicious Scan Activity (IP=22,LR)
41.86.21.3	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=3,LR)
41.86.21.40	32	srm	None	2021-01-28 00:00:00	2021-04-28 00:00:00	None	Firepower Suspicious Scan Activity (IP=40,LR)
41.86.21.59	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=59,LR)
41.86.21.60	32	srm	None	2021-01-28 00:00:00	2021-04-28 00:00:00	None	Firepower Suspicious Scan Activity (IP=60,LR)
41.86.21.61	32	srm	None	2021-01-28 00:00:00	2021-04-28 00:00:00	None	Firepower Suspicious Scan Activity (IP=61,LR)
41.86.5.104	32	srm	None	2021-01-28 00:00:00	2021-04-28 00:00:00	None	Firepower Suspicious Scan Activity (IP=104,LR)
41.86.5.164	32	srm	None	2021-01-28 00:00:00	2021-04-28 00:00:00	None	Firepower Suspicious Scan Activity (IP=164,LR)
41.86.5.176	32	srm	None	2021-01-28 00:00:00	2021-04-28 00:00:00	None	Firepower Suspicious Scan Activity (IP=176,LR)
41.86.5.180	32	srm	None	2021-01-28 00:00:00	2021-04-28 00:00:00	None	Firepower Suspicious Scan Activity (IP=180,LR)
41.86.5.197	32	srm	None	2021-01-28 00:00:00	2021-04-28 00:00:00	None	Firepower Suspicious Scan Activity (IP=197,LR)
41.86.5.206	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=206,LR)
41.89.63.0	24	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5629 TO-S-2021-1303 (IP=0,KE)
41.90.106.98	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	KE Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
41.92.66.44	24	ZH	None	2021-07-13 00:00:00	2021-10-11 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6hr Failed Logons (IP=44,MA)
41.94.0.2	32	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	FR TO-S-2020-0315 Malicious Email Activity
41.95.95.45	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	SD TO-S-2020-0698 Malicious Web Application Activity
42.106.100.29	24	RW	None	2021-07-05 00:00:00	2021-10-03 00:00:00	None	SQL injection - Web Attacks (IP=29,IN)
42.106.104.49	24	RW	None	2021-07-05 00:00:00	2021-10-03 00:00:00	None	POLICY-OTHER PHP uri tag injection attempt (1:23111:14) - Sourcefire (IP=49,IN)
42.106.109.212	24	RW	None	2021-07-05 00:00:00	2021-10-03 00:00:00	None	SERVER-WEBAPP PHPMailer command injection remote code execution attempt (1:45917:1) - Sourcefire (IP=212,IN)
42.106.112.70	24	RW	None	2021-07-05 00:00:00	2021-10-03 00:00:00	None	POLICY-OTHER F5 iControl REST interface tm.util.bash invocation attempt (1:57336:1) - Sourcefire (IP=70,IN)
42.106.116.25	24	RW	None	2021-07-05 00:00:00	2021-10-03 00:00:00	None	SQL injection - Web Attacks (IP=25,IN)
42.106.122.37	24	RW	None	2021-07-05 00:00:00	2021-10-03 00:00:00	None	SERVER-WEBAPP JBoss web console access attempt (1:24342:4) - Sourcefire (IP=37,IN)
42.106.126.22	24	FT	None	2020-10-18 00:00:00	2021-01-18 00:00:00	None	SQL union select - possible sql injection attempt - GET parameter (1:13990:26) - SourceFire (IP=22,IN)
42.106.126.50	24	RW	None	2021-07-05 00:00:00	2021-10-03 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=50,IN)
42.106.92.239	32	dbc	None	2020-01-08 00:00:00	2021-01-08 00:00:00	None	IN TO-S-2020-0236 Malicious Reconnaissance Activity
42.106.96.9	24	RW	None	2021-07-05 00:00:00	2021-10-03 00:00:00	None	HTTP SQL Injection Attempt - Web Attacks (IP=9,IN)
42.108.239.70	32	dbc	None	2020-01-08 00:00:00	2021-01-08 00:00:00	None	IN TO-S-2020-0236 Malicious Email Activity
42.110.146.151	24	JKC	None	2020-04-13 00:00:00	2021-04-13 00:00:00	None	CTR-20-0629 MALWARE CAMPAIGN HIVE CASE #2512 (IP=151, IN)
42.110.146.151	32	dbc	None	2020-06-10 00:00:00	2021-06-10 00:00:00	None	IN TO-S-2020-0601 Malware Activity
42.110.151.141	32	dbc	None	2020-01-08 00:00:00	2021-01-08 00:00:00	None	IN TO-S-2020-0236 Malicious Email Activity
42.111.137.195	24	FT	None	2020-10-05 00:00:00	2021-01-05 00:00:00	None	SERVER-WEBAPP Oracle Business Intelligence directory traversal attempt - SourceFire (IP=137,IN)
42.113.20.70	24	BMP	None	2021-04-27 00:00:00	2021-07-26 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt (1:48837:6) - SourceFire (IP=70,VN)
42.113.219.245	24	ZH	None	2021-07-04 00:00:00	2021-10-02 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - Sourcefire Rpt (IP=245,VN)
42.113.221.132	24	UA	None	2021-07-11 00:00:00	2021-10-09 00:00:00	None	SERVER-WEBAPP Facade Ignition remote code execution attempt (1:57872:1) - Sourcefire (IP=132,VN)
42.114.201.215	24	RT	None	2021-07-21 00:00:00	2021-10-19 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6HR Web Attack (IP=215,VN)
42.114.71.115	24	RR	None	2020-11-15 00:00:00	2021-02-13 00:00:00	None	SERVER-ORACLE Oracle WebLogic Server remote code execution attempt (A-type) - SourceFire (IP=115,VN)
42.114.71.223	24	KD	None	2021-07-29 00:00:00	2021-10-27 00:00:00	None	SQL injection - 6Hr Web Attacks (IP=223,VN)
42.115.106.97	24	RB	None	2021-04-01 00:00:00	2021-06-30 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - Sourcefire (IP=97,VN)
42.115.238.94	24	CR	None	2021-04-29 00:00:00	2021-07-29 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Web Attack (IP=94,VN)
42.115.251.207	24	RW	None	2021-04-29 00:00:00	2021-07-29 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web attacks (IP=207,VN)
42.116.113.146	24	KH	None	2021-09-12 00:00:00	2021-12-11 00:00:00	None	SQL injection - 6hr Web Attacks (IP=146,VN)
42.116.152.173	24	RT	None	2021-07-16 00:00:00	2021-10-14 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6HR Failed Logons (IP=173,VN)
42.116.162.173	24	KH	None	2021-07-26 00:00:00	2021-10-24 00:00:00	None	Adobe ColdFusion Administrator Access Restriction - Web Attacks (IP=173,VN)
42.116.42.148	24	RW	None	2021-04-29 00:00:00	2021-07-29 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web attacks (IP=148,VN)
42.116.58.137	24	RW	None	2021-05-08 00:00:00	2021-08-08 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Sourcefire (IP=137,VN)
42.117.34.26	24	RB	None	2021-04-27 00:00:00	2021-07-26 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=26,VN)
42.117.58.41	24	RW	None	2021-04-29 00:00:00	2021-07-29 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web attacks (IP=41,VN)
42.118.113.179	24	WR	None	2021-06-27 00:00:00	2021-09-25 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6hr Failed Logons (IP=179,VN)
42.118.176.116	24	RR	None	2020-11-15 00:00:00	2021-02-13 00:00:00	None	SERVER-WEBAPP Citrix ADC and Gateway information disclosure attempt - SourceFire (IP=116,VN)
42.118.236.85	24	RR	None	2020-11-15 00:00:00	2021-02-13 00:00:00	None	SERVER-WEBAPP vBulletin pre-authenticated command injection attempt - SourceFire (IP=85,VN)
42.118.245.157	24	RR	None	2021-05-13 00:00:00	2021-08-11 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=157,VN)
42.118.72.204	24	EE HTTP:	None	2021-03-19 00:00:00	2021-06-17 00:00:00	None	PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attack (IP=204,VN)
42.118.82.193	24	UA	None	2021-08-04 00:00:00	2021-11-02 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6hr Failed Logons (IP=193,VN)
42.119.154.45	24	BMP	None	2021-01-19 00:00:00	2021-04-19 00:00:00	None	SERVER-WEBAPP vBulletin pre-authenticated command injection attempt - 6hr Web Attacks (IP=45,VN)
42.119.158.10	32	FT	None	2021-01-24 00:00:00	2021-04-24 00:00:00	None	CVE-2020-10148 SolarWinds Orion Authentication Bypass attempt (1:9800082:1) - SourceFire (IP=10,VN)
42.119.159.182	24	BMP	None	2021-04-18 00:00:00	2021-07-18 00:00:00	None	SERVER-OTHER HP Integrated Lights-Out HTTP headers processing buffer overflow attempt (1:45682:2) -
42.119.179.231	24	RR	None	2021-03-23 00:00:00	2021-06-21 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=231,VN)
42.119.201.251	24	ZH	None	2021-07-27 00:00:00	2021-10-25 00:00:00	None	SQL Injection - 6hr Web Attacks (IP=251,VN)
42.119.83.66	24	DT	None	2020-11-15 00:00:00	2021-02-23 00:00:00	None	SERVER-WEBAPP vBulletin pre-authenticated command injection attempt - 6hr Web Attacks (IP=66,VN)
42.119.95.201	24	BMP	None	2021-07-27 00:00:00	2021-10-25 00:00:00	None	SQL injection - Web Attacks (IP=201,VN)
42.159.186.29	32	KH	None	2021-07-13 00:00:00	2021-10-11 00:00:00	None	Attempted Access - Inbound Brute Force - TT# 21C01436 (IP=29,US)
42.176.112.72	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=72,CN)
42.180.32.29	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=29,CN)
42.188.101.144	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	MY Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
42.188.164.155	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	MY TO-S-2020-0303 Malicious Email Activity
42.188.166.67	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	MY Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
42.188.59.175	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	MY TO-S-2020-0331 Malicious Web Application Activity
42.189.160.12	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	MY TO-S-2020-0331 Malicious Web Application Activity
42.189.207.4	32	RB	None	2019-07-01 00:00:00	2021-04-23 00:00:00	None	HTTP: Joomla HTTP Header Unauthenticated Remote Code Execution - TT#19C02453 (IP=4,MY) | updated by dbc Block was inactive. Reactivated on 20200423 with reason MY TO-S-2020-0459 Malware Activity
42.189.21.13	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	MY Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
42.190.105.240	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	MY TO-S-2020-0298 Malicious Email Activity
42.190.126.207	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	MY Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
42.190.130.162	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	MY Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
42.190.25.5	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	MY Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
42.192.100.157	24	EE	None	2020-12-31 00:00:00	2021-03-31 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web attacks (IP=157,CN)
42.192.11.192	24	RB	None	2021-05-07 00:00:00	2021-08-05 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Sourcefire (IP=192,CN)
42.192.124.78	24	RB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr web attacks (IP=78,CN)
42.192.143.36	32	wmp	None	2021-01-14 00:00:00	2021-04-14 00:00:00	None	Suspicious Scan Activity (IP=36,CN)
42.192.144.151	24	GLM	None	2021-04-05 00:00:00	2021-07-04 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=151,CN)
42.192.183.60	24	CR	None	2020-12-30 00:00:00	2021-04-01 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - 6 hr web attack (IP=60,CN)
42.192.184.76	24	DT	None	2021-04-09 00:00:00	2021-07-08 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=76,CN)
42.192.205.33	24	RR	None	2020-12-06 00:00:00	2021-03-06 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=33,CN)
42.192.21.126	24	WR	None	2021-05-19 00:00:00	2021-08-18 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability - Web Attacks (IP=126,CN)
42.192.21.248	24	RR	None	2020-11-08 00:00:00	2021-02-06 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Wen Attacks (IP=248,CN)
42.192.222.217	24	RR	None	2021-04-01 00:00:00	2021-06-30 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=217,CN)
42.192.232.222	24	EE	None	2021-04-02 00:00:00	2021-07-01 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=222,CN)
42.192.40.23	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	HIVE Case #Firepower Firepower (IP=23,CN)
42.192.41.33	24	DT	None	2021-03-25 00:00:00	2021-06-23 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=33,CN)
42.192.46.238	24	FT	None	2020-11-14 00:00:00	2021-02-22 00:00:00	None	SERVER-WEBAPP vBulletin template rendering arbitrary PHP code execution attempt - 6hr Web Attacks (IP=238,CN)
42.192.62.83	24	DT	None	2021-01-24 00:00:00	2021-04-24 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=83,CN)
42.192.75.197	24	EE	None	2021-03-27 00:00:00	2021-06-25 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=197,CN)
42.192.90.213	24	EE	None	2021-01-08 00:00:00	2021-04-08 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt (1:51395:1) - SourceFire (IP=213,CN)
42.193.10.254	24	FT	None	2021-03-20 00:00:00	2021-06-18 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=254,CN)
42.193.100.127	24	RB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=127,CN)
42.193.101.94	24	EE	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=94,CN)
42.193.141.112	24	RW	None	2021-03-31 00:00:00	2021-06-30 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Sourcefire (IP=112,CN)
42.193.175.196	24	GM	None	2021-04-02 00:00:00	2021-07-02 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=196,CN)
42.193.181.109	24	RB	None	2021-06-05 00:00:00	2021-09-03 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - 6hr web attacks (IP=109,CN)
42.193.23.161	24	KD	None	2021-06-04 00:00:00	2021-09-03 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=161,CN)
42.193.47.246	24	GM	None	2021-03-29 00:00:00	2021-06-29 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=246,CN)
42.193.49.173	24	KD	None	2021-06-08 00:00:00	2021-09-07 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=173,CN)
42.193.98.215	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=215,CN)
42.194.132.6	24	EE	None	2021-03-27 00:00:00	2021-06-25 00:00:00	None	SERVER WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=6,CN)
42.194.133.149	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=149,CN)
42.194.142.186	24	EE	None	2020-12-09 00:00:00	2021-03-09 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=186,CN)
42.194.158.100	24	RR	None	2021-03-09 00:00:00	2021-06-07 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=100,CN)
42.194.176.213	24	RW	None	2021-04-09 00:00:00	2021-07-09 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - web attacks (IP=213,CN)
42.194.178.100	24	FT	None	2020-11-06 00:00:00	2021-02-06 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - 6hr Web Attacks (IP=100,CN)
42.194.181.92	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=92,CN)
42.194.208.4	24	RR	None	2021-05-05 00:00:00	2021-08-03 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=4,CN)
42.194.222.156	24	EE	None	2021-04-02 00:00:00	2021-07-01 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=156,CN)
42.194.232.225	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=225,CN)
42.194.236.30	24	RR	None	2021-03-29 00:00:00	2021-06-27 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=30,CN)
42.2.80.88	24	RW	None	2021-01-04 00:00:00	2021-04-04 00:00:00	None	Authentication Failure - 6 hr failed logons (IP=88,HK)
42.200.137.210	24	BMP	None	2021-03-08 00:00:00	2021-06-08 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=210,HK)
42.202.101.184	32	wmp	None	2021-06-02 00:00:00	2021-09-02 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=184,CN)
42.202.101.31	32	wmp	None	2021-04-29 00:00:00	2021-07-29 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=31,CN)
42.224.122.161	24	KH	None	2021-08-27 00:00:00	2021-11-25 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt (1:46624:2) - Sourcefire (IP=161,CN)
42.224.126.64	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=64,CN)
42.224.234.23	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=23,CN)
42.224.252.43	24	GM	None	2020-11-29 00:00:00	2021-03-01 00:00:00	None	Generic URI Injection wget Attempt - FireEye CMS (IP=43,CN)
42.224.53.33	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	HIVE Case #Firepower Firepower (IP=33,CN)
42.224.79.122	32	srm	None	2021-05-05 00:00:00	2021-08-03 00:00:00	None	Firepower Suspicious Scan Activity (IP=122,CN)
42.227.147.29	24	RR	None	2021-01-07 00:00:00	2021-04-07 00:00:00	None	Generic URI Injection wget Attempt - IPS Events (IP=29,CN)
42.227.163.52	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=52,CN)
42.227.43.177	24	BMP	None	2021-01-15 00:00:00	2021-04-15 00:00:00	None	Generic URI Injection wget Attempt - Fireye IPS (IP=177,CN)
42.227.50.201	32	srm	None	2021-05-05 00:00:00	2021-08-03 00:00:00	None	Firepower Suspicious Scan Activity (IP=201,CN)
42.228.196.99	24	GM	None	2021-03-03 00:00:00	2021-06-03 00:00:00	None	Generic URI Injection wget Attempt - FireEye CMS (IP=99,CN)
42.228.200.47	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=47,CN)
42.228.59.203	24	GM	None	2021-03-27 00:00:00	2021-06-25 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=203,CN)
42.228.60.114	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=114,CN)
42.228.70.201	24	GM	None	2020-10-25 00:00:00	2021-01-25 00:00:00	None	Generic URI Injection wget Attempt - FireEye CMS (IP=201,CN)
42.230.187.224	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=224,CN)
42.230.224.103	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=103,CN)
42.230.227.142	32	srm	None	2021-04-20 00:00:00	2021-07-19 00:00:00	None	Firepower Suspicious Scan Activity (IP=142,CN)
42.230.228.78	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=78,CN)
42.230.30.196	24	WR	None	2021-05-19 00:00:00	2021-08-17 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - 6hr web attacks (IP=196,CN)
42.230.42.216	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=216,CN)
42.230.87.198	32	NAB	None	2020-10-30 00:00:00	2021-01-28 00:00:00	None	HIVE Case #4238 COLS-NA-TIP-20-0344 (IP=198,CN)
42.231.106.104	24	KH	None	2021-08-17 00:00:00	2021-11-15 00:00:00	None	Generic URI Injection wget Attempt
42.231.66.94	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=94,CN)
42.231.67.64	24	KH	None	2021-08-17 00:00:00	2021-11-15 00:00:00	None	Generic URI Injection wget Attempt -
42.231.70.212	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=212,CN)
42.232.188.255	32	srm	None	2021-04-26 00:00:00	2021-07-25 00:00:00	None	Firepower Suspicious Scan Activity (IP=255,CN)
42.232.233.141	32	srm	None	2021-05-19 00:00:00	2021-08-17 00:00:00	None	Firepower Suspicious Scan Activity (IP=141,CN)
42.232.59.90	24	SW	None	2021-06-09 00:00:00	2021-09-07 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Web Attacks(IP=90, CN)
42.234.116.185	24	GM	None	2020-10-31 00:00:00	2021-01-31 00:00:00	None	Generic URI Injection wget Attempt - FireEye CMS (IP=185,CN)
42.234.248.162	32	srm	None	2021-04-23 00:00:00	2021-07-22 00:00:00	None	Firepower Suspicious Scan Activity (IP=162,CN)
42.234.255.42	32	srm	None	2021-04-26 00:00:00	2021-07-25 00:00:00	None	Firepower Suspicious Scan Activity (IP=42,CN)
42.234.74.20	24	GM	None	2020-12-25 00:00:00	2021-03-25 00:00:00	None	Generic URI Injection wget Attempt - Web Attacks (IP=20,CN)
42.235.109.93	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=93,CN)
42.235.136.130	24	GM	None	2020-11-01 00:00:00	2021-02-01 00:00:00	None	Generic URI Injection wget Attempt - FireEye CMS (IP=130,CN)
42.235.148.119	24	EE	None	2020-12-07 00:00:00	2021-03-07 00:00:00	None	POLICY-OTHER SAP NetWeaver AS LM - SourceFire (IP=119,CN)
42.235.178.101	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=101,CN)
42.235.68.31	24	GM	None	2020-12-08 00:00:00	2021-03-08 00:00:00	None	Generic URI Injection wget Attempt - FireEye CMS (IP=31,CN)
42.235.81.75	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=75,CN)
42.235.89.148	32	wmp	None	2021-04-20 00:00:00	2021-07-20 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=148,CN)
42.235.90.115	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=115,CN)
42.235.92.25	24	BB	None	2021-09-10 00:00:00	2021-12-09 00:00:00	None	Malicious.LIVE.DTI.URL - CMS (IP=25,CN)
42.235.94.194	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=194,CN)
42.236.213.178	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=178,CN)
42.237.16.104	24	GM	None	2020-11-01 00:00:00	2021-02-01 00:00:00	None	Generic URI Injection wget Attempt - FireEye CMS (IP=104,CN)
42.237.27.66	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=66,CN)
42.239.126.65	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=65,CN)
42.51.173.18	24	RR	None	2020-12-06 00:00:00	2021-03-06 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=18,CN)
42.51.222.53	24	RB	None	2021-03-02 00:00:00	2021-05-31 00:00:00	None	Nuclei Vulnerability Scanner - IPS Events (IP=53,CN)
42.56.76.93	32	NAB	None	2021-06-30 00:00:00	2021-09-28 00:00:00	None	HIVE Case #NA FP Security (IP=93,CN)
42.63.24.226	24	EE	None	2021-03-28 00:00:00	2021-06-26 00:00:00	None	Attempted Access Inbound Brute Force - TT # 21C00899 (IP=226,CN)
42.72.95.116	24	JKC	None	2020-04-13 00:00:00	2021-02-22 00:00:00	None	CTR-20-0628 MALWARE CAMPAIGN HIVE CASE #2510 (IP=116, TW)
42.82.224.68	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	KR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
42.82.237.142	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	KR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
42.98.8.73	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=73,HK)
42.99.116.0	22	dbc	None	2020-09-17 00:00:00	2021-09-17 00:00:00	None	HK TO-S-2020-0805 Malware Activity
43.128.1.113	24	KH	None	2021-08-06 00:00:00	2021-11-04 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire (IP=113,HK)
43.128.10.145	24	ZH	None	2021-07-03 00:00:00	2021-10-01 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire Rpt (IP=145,HK)
43.128.102.139	24	BMP	None	2021-07-15 00:00:00	2021-10-13 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire (IP=139,SG)
43.128.103.218	24	BMP	None	2021-06-26 00:00:00	2021-09-24 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire (IP=218,SG)
43.128.104.65	24	DT	None	2021-07-01 00:00:00	2021-09-29 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Source Fire (IP=65,SG)
43.128.105.78	24	DT	None	2021-06-25 00:00:00	2021-09-23 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Source Fire (IP=78,SG)
43.128.106.88	24	ZH	None	2021-06-28 00:00:00	2021-09-26 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire Rpt (IP=88,SG)
43.128.12.16	24	DT	None	2021-09-01 00:00:00	2021-11-30 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Source Fire (IP=16,SG)
43.128.13.233	24	RT	None	2021-07-10 00:00:00	2021-10-08 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire Report (IP=233,CN)
43.128.130.252	24	RT	None	2021-06-29 00:00:00	2021-09-27 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire Report (IP=252,KR)
43.128.131.127	24	DT	None	2021-06-25 00:00:00	2021-09-24 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Source Fire (IP=127,KR) | updated by AR Block expiration extended with reason INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceF
43.128.132.19	24	RW	None	2021-06-29 00:00:00	2021-09-27 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire (IP=19,KR)
43.128.133.225	24	RR	None	2021-07-02 00:00:00	2021-09-30 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - SourceFire (IP=225,SG)
43.128.134.138	24	ZH	None	2021-06-28 00:00:00	2021-09-26 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire Rpt (IP=138,KR)
43.128.135.81	24	DT	None	2021-09-11 00:00:00	2021-12-10 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Source Fire (IP=81,Korea)
43.128.136.157	24	DT	None	2021-07-01 00:00:00	2021-09-29 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Source Fire (IP=157,KR)
43.128.137.50	24	RT	None	2021-07-14 00:00:00	2021-10-12 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire Report (IP=50,KR)
43.128.14.242	24	KH	None	2021-08-16 00:00:00	2021-11-14 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire (IP=242,HK)
43.128.141.31	24	AR	None	2021-06-30 00:00:00	2021-09-28 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire (IP=31,SG)
43.128.201.41	24	RT	None	2021-07-09 00:00:00	2021-10-07 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire Report (IP=41,TH)
43.128.202.192	24	DT	None	2021-06-28 00:00:00	2021-09-26 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Source Fire (IP=192,TH)
43.128.203.205	24	BMP	None	2021-06-26 00:00:00	2021-09-24 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire (IP=205,SG)
43.128.204.67	24	RW	None	2021-06-25 00:00:00	2021-09-23 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire (IP=67,TH)
43.128.205.73	24	RW	None	2021-06-25 00:00:00	2021-09-23 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire (IP=73,TH)
43.128.251.9	24	RT	None	2021-06-29 00:00:00	2021-09-27 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire Report (IP=9,KR)
43.128.252.185	24	RR	None	2021-07-02 00:00:00	2021-09-30 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - SourceFire (IP=185,SG)
43.128.253.201	24	RW	None	2021-06-25 00:00:00	2021-09-23 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire (IP=201,JP)
43.128.58.139	24	KH	None	2021-08-06 00:00:00	2021-11-04 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire (IP=139,HK)
43.128.59.107	24	RT	None	2021-08-11 00:00:00	2021-11-09 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire Report (IP=107,HK)
43.128.60.160	24	ZH	None	2021-07-05 00:00:00	2021-10-03 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire Rpt (IP=160,HK)
43.128.61.144	24	RT	None	2021-09-03 00:00:00	2021-12-02 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SOURCEFIRE REPORT (IP=114,HK)
43.128.78.21	24	BMP	None	2021-07-19 00:00:00	2021-10-17 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire (IP=21,SG)
43.128.8.188	24	ZH	None	2021-07-04 00:00:00	2021-10-02 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire Rpt (IP=188,HK)
43.128.80.72	24	RT	None	2021-07-10 00:00:00	2021-10-08 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire Report (IP=72,SG)
43.128.81.208	24	ZH	None	2021-07-13 00:00:00	2021-10-11 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire Rpt (IP=208,SG)
43.128.84.244	24	ZH	None	2021-06-28 00:00:00	2021-09-26 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire Rpt (IP=244,SG)
43.128.85.151	24	DT	None	2021-07-01 00:00:00	2021-09-29 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Source Fire (IP=151,SG)
43.128.86.192	24	ZH	None	2021-06-28 00:00:00	2021-09-26 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire Rpt (IP=192,SG)
43.128.87.3	24	ZH	None	2021-07-13 00:00:00	2021-10-11 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire Rpt (IP=3,SG)
43.128.88.179	24	DT	None	2021-06-28 00:00:00	2021-09-26 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Source Fire (IP=179,SG)
43.128.89.161	24	DT	None	2021-06-24 00:00:00	2021-09-22 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Source Fire (IP=161,SG)
43.128.9.15	24	RR	None	2021-07-02 00:00:00	2021-09-30 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - SourceFire (IP=15,SG)
43.129.168.10	24	DT	None	2021-06-28 00:00:00	2021-09-26 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Source Fire (IP=10,HK)
43.129.17.42	24	SW	None	2021-06-28 00:00:00	2021-09-26 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Source Fire (IP=42,SG)
43.129.171.125	24	AR	None	2021-07-06 00:00:00	2021-10-04 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire (IP=125,SG)
43.129.173.36	24	BMP	None	2021-07-27 00:00:00	2021-10-25 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire (IP=36,HK)
43.129.177.96	24	AR	None	2021-06-30 00:00:00	2021-09-28 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire (IP=96,SG)
43.129.178.85	24	ZH	None	2021-07-04 00:00:00	2021-10-02 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire Rpt (IP=85,HK)
43.129.179.225	24	RR	None	2021-07-02 00:00:00	2021-09-30 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - SourceFire (IP=225,SG)
43.129.180.111	24	DT	None	2021-06-29 00:00:00	2021-09-27 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Source Fire (IP=111,HK)
43.129.182.46	24	RW	None	2021-09-16 00:00:00	2021-12-15 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire (IP=46,HK)
43.129.183.208	24	RR	None	2021-07-02 00:00:00	2021-09-30 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - SourceFire (IP=208,SG)
43.129.185.122	24	RT	None	2021-07-10 00:00:00	2021-10-08 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire Report (IP=122,CN)
43.129.186.143	24	RT	None	2021-07-10 00:00:00	2021-10-08 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire Report (IP=143,CN)
43.129.187.173	24	DT	None	2021-07-12 00:00:00	2021-10-10 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Source Fire (IP=173,HK)
43.129.198.190	24	ZH	None	2021-07-05 00:00:00	2021-10-03 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire Rpt (IP=190,HK)
43.129.199.23	24	DT	None	2021-07-01 00:00:00	2021-09-29 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Source Fire (IP=23,HK)
43.129.20.110	24	KH	None	2021-08-03 00:00:00	2021-11-01 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire (IP=110,HK)
43.129.201.193	24	BMP	None	2021-06-26 00:00:00	2021-09-24 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire (IP=193,SG)
43.129.203.47	24	RT	None	2021-07-14 00:00:00	2021-10-12 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire Report (IP=47,HK)
43.129.204.238	24	UA	None	2021-08-16 00:00:00	2021-11-14 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt (1:19559:13) - Sourcefire (IP=238,HK)
43.129.205.162	24	KH	None	2021-07-30 00:00:00	2021-10-28 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire (IP=162,HK)
43.129.207.46	24	DT	None	2021-06-29 00:00:00	2021-09-27 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Source Fire (IP=46,HK)
43.129.208.28	24	DT	None	2021-06-30 00:00:00	2021-09-28 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Source Fire (IP=28,HK)
43.129.213.88	24	RW	None	2021-06-29 00:00:00	2021-09-27 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire (IP=88,HK)
43.129.215.12	24	RT	None	2021-07-01 00:00:00	2021-09-29 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire Report (IP=12,CN)
43.129.216.38	24	ZH	None	2021-07-04 00:00:00	2021-10-02 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire Rpt (IP=38,HK)
43.129.22.181	24	UA	None	2021-07-08 00:00:00	2021-10-06 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire (IP=181,HK)
43.129.23.111	24	DT	None	2021-08-04 00:00:00	2021-11-02 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Source Fire (IP=111,HK)
43.129.230.159	24	RW	None	2021-09-16 00:00:00	2021-12-15 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire (IP=159,HK)
43.129.233.96	24	BMP	None	2021-07-19 00:00:00	2021-10-17 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire (IP=96,SG)
43.129.235.253	24	AR	None	2021-07-06 00:00:00	2021-10-04 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire (IP=253,SG)
43.129.236.204	24	DT	None	2021-06-25 00:00:00	2021-09-23 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Source Fire (IP=204,HK)
43.129.239.127	24	DT	None	2021-07-12 00:00:00	2021-10-10 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Source Fire (IP=127,HK)
43.129.240.95	24	RT	None	2021-07-10 00:00:00	2021-10-08 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire Report (IP=95,CN)
43.129.246.128	24	RT	None	2021-07-01 00:00:00	2021-09-29 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire Report (IP=128,CN)
43.129.248.224	24	RT	None	2021-09-03 00:00:00	2021-12-02 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SOURCEFIRE REPORT (IP=224,HK)
43.129.25.205	24	KH	None	2021-08-03 00:00:00	2021-11-01 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire (IP=205,HK)
43.129.250.35	24	DT	None	2021-06-25 00:00:00	2021-09-23 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Source Fire (IP=35,HK)
43.129.251.250	24	ZH	None	2021-07-13 00:00:00	2021-10-11 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire Rpt (IP=250,HK)
43.129.29.211	24	AR	None	2021-07-12 00:00:00	2021-10-10 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire (IP=211,HK)
43.129.33.123	24	DT	None	2021-07-01 00:00:00	2021-09-29 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Source Fire (IP=123,IN)
43.129.36.239	24	RR	None	2021-07-02 00:00:00	2021-09-30 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - SourceFire (IP=239,SG)
43.129.36.82	24	SW	None	2021-05-25 00:00:00	2021-08-25 00:00:00	None	INDICATOR-SCAN DNS version.bind | updated by SW Block expiration extended with reason INDICATOR-SCAN DNS version.bind string information disclosure attempt - SourceFire (IP=82,SG)
43.129.69.87	24	ZH	None	2021-07-05 00:00:00	2021-10-03 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire Rpt (IP=87,HK)
43.129.70.237	24	RT	None	2021-08-18 00:00:00	2021-11-16 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire Report( IP=237,HK)
43.129.72.204	24	UA	None	2021-08-09 00:00:00	2021-11-07 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire (IP=204,HK)
43.129.73.235	24	BMP	None	2021-08-08 00:00:00	2021-11-06 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire (IP=235,SG)
43.129.76.130	24	DT	None	2021-06-25 00:00:00	2021-09-23 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Source Fire (IP=130,HK)
43.129.77.40	24	BMP	None	2021-08-08 00:00:00	2021-11-06 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire (IP=40,SG)
43.129.92.6	32	AR	None	2021-08-29 00:00:00	2021-11-27 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 21C01668 (IP=6,US)
43.130.0.142	32	RT	None	2021-07-10 00:00:00	2021-10-08 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire Report (IP=142,US)
43.130.0.156	32	DT	None	2021-08-31 00:00:00	2021-11-29 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Source Fire (IP=156,US)
43.130.0.241	32	RT	None	2021-08-18 00:00:00	2021-11-16 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire Report( IP=241,US)
43.130.0.89	32	RT	None	2021-07-09 00:00:00	2021-10-07 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire Report (IP=89,US)
43.130.3.112	32	DT	None	2021-06-25 00:00:00	2021-09-23 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Source Fire (IP=112,US)
43.130.3.27	24	BMP	None	2021-06-25 00:00:00	2021-09-23 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire (IP=27,SG)
43.130.48.123	32	UA	None	2021-09-29 00:00:00	2021-12-28 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=123,US)
43.130.64.108	24	BMP	None	2021-06-26 00:00:00	2021-09-24 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire (IP=108,SG)
43.130.65.120	32	UA	None	2021-08-15 00:00:00	2021-11-13 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire (IP=120,US)
43.130.67.149	32	DT	None	2021-07-22 00:00:00	2021-10-20 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Source Fire (IP=149,US)
43.130.67.186	32	RT	None	2021-09-03 00:00:00	2021-12-02 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SOURCEFIRE REPORT (IP=186,US)
43.130.67.24	32	BMP	None	2021-07-27 00:00:00	2021-10-25 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire (IP=24,US)
43.130.67.37	32	UA	None	2021-09-15 00:00:00	2021-12-14 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=37,US)
43.130.69.118	32	RT	None	2021-08-05 00:00:00	2021-11-03 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire Report (IP=118,US)
43.130.69.240	24	BMP	None	2021-08-07 00:00:00	2021-11-05 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire (IP=240,SG)
43.130.70.176	32	RT	None	2021-07-10 00:00:00	2021-10-08 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire Report (IP=176,US)
43.130.70.235	32	DT	None	2021-06-30 00:00:00	2021-09-28 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Source Fire (IP=235,US)
43.130.70.65	32	RT	None	2021-07-10 00:00:00	2021-10-08 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire Report (IP=65,US)
43.130.71.117	24	RR	None	2021-07-02 00:00:00	2021-09-30 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - SourceFire (IP=117,SG)
43.130.72.177	24	RT	None	2021-06-29 00:00:00	2021-09-27 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire Report (IP=177,JP)
43.131.64.133	24	DT	None	2021-06-25 00:00:00	2021-09-23 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Source Fire (IP=133,RU)
43.131.65.25	24	AR	None	2021-07-04 00:00:00	2021-10-02 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire (IP=25,US)
43.131.66.234	24	DT	None	2021-06-25 00:00:00	2021-09-23 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Source Fire (IP=234,RU)
43.132.146.39	24	BMP	None	2021-06-26 00:00:00	2021-09-24 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire (IP=39,SG)
43.132.148.185	24	ZH	None	2021-07-04 00:00:00	2021-10-02 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire Rpt (IP=185,HK)
43.132.149.13	24	RT	None	2021-07-01 00:00:00	2021-09-29 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire Report (IP=13,CN)
43.132.150.63	24	BMP	None	2021-07-15 00:00:00	2021-10-13 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire (IP=63,HK)
43.132.153.232	24	RT	None	2021-08-05 00:00:00	2021-11-03 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire Report (IP=232,HK)
43.132.157.208	24	SW	None	2021-06-28 00:00:00	2021-09-26 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Source Fire (IP=208,SG)
43.132.158.118	24	BMP	None	2021-07-19 00:00:00	2021-10-17 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire (IP=118,SG)
43.132.169.233	24	RT	None	2021-06-29 00:00:00	2021-09-27 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire Report (IP=233,CN)
43.132.174.227	32	RB	None	2021-09-03 00:00:00	2021-12-02 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - IR# 21C01749 (IP=227,SG)
43.132.196.238	24	AR	None	2021-07-02 00:00:00	2021-09-30 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire (IP=238,SG)
43.132.199.204	24	BMP	None	2021-06-25 00:00:00	2021-09-23 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire (IP=204,SG)
43.133.0.114	24	RW	None	2021-06-29 00:00:00	2021-09-27 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire (IP=114,SG)
43.133.1.140	24	AR	None	2021-07-02 00:00:00	2021-09-30 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire (IP=140,SG)
43.133.10.213	24	DT	None	2021-06-24 00:00:00	2021-09-22 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Source Fire (IP=213,JP)
43.133.2.63	24	KH	None	2021-07-30 00:00:00	2021-10-28 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire (IP=63,JP)
43.133.3.145	24	ZH	None	2021-06-28 00:00:00	2021-09-26 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire Rpt (IP=145,JP)
43.133.32.19	24	BMP	None	2021-06-26 00:00:00	2021-09-24 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire (IP=19,SG)
43.133.8.189	24	UA	None	2021-09-29 00:00:00	2021-12-28 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=189,JP)
43.224.110.83	24	DT	None	2021-03-03 00:00:00	2021-06-02 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=83,BD)
43.224.152.73	24	EE	None	2020-11-20 00:00:00	2021-02-20 00:00:00	None	HTTP: Blind SQL Injection - Timing - Web Attacks (IP=73,SG)
43.225.110.106	24	RW	None	2021-03-25 00:00:00	2021-06-25 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=106,MY)
43.225.124.0	22	dbc	None	2020-07-29 00:00:00	2021-08-24 00:00:00	None	CN TO-S-2020-0698 Malicious Reconnaissance Activity | updated by dbc Block expiration extended with reason CN TO-S-2020-0750 Malicious Email Activity
43.225.156.0	22	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	HK TO-S-2020-0331 Malware Activity
43.225.168.0	22	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	IN TO-S-2020-0298 Malicious Email Activity
43.225.44.0	22	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	HK TO-S-2020-0303 Malicious Web Application Activity
43.225.52.0	22	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	US TO-S-2020-0303 Malicious Email Activity
43.225.64.0	24	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	ID TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
43.225.66.49	24	EE	None	2021-03-19 00:00:00	2021-06-17 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - Web Attacks (IP=49,ID)
43.225.99.0	24	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	PK Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
43.226.124.196	24	RR	None	2020-10-27 00:00:00	2021-01-25 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=196,HK)
43.226.124.196	24	RR	None	2020-10-27 00:00:00	2021-01-25 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt (1:37078:4) - SourceFire (IP=196,HK)
43.226.146.102	24	RR	None	2020-10-09 00:00:00	2021-01-07 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - SourceFire (IP=102,CN)
43.226.152.187	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	CN Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
43.226.33.22	24	RR	None	2020-12-13 00:00:00	2021-03-13 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=22,CN)
43.226.40.176	24	DT	None	2021-01-06 00:00:00	2021-04-06 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr Web Attacks (IP=176,CN)
43.226.40.176	24	CR	None	2021-01-06 00:00:00	2021-04-06 00:00:00	None	File Hello Peppa Scan - IPS Events (IP=176,CN)
43.226.51.31	24	GM	None	2020-01-02 00:00:00	2021-01-02 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Web Attacks (IP=31,CN)
43.226.54.0	24	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	CN TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
43.226.73.124	24	GM	None	2021-02-24 00:00:00	2021-06-24 00:00:00	None	HTTP: SQL Injection Attempt Detected - Web Attacks (IP=124,CN)
43.226.73.124	32	RB	None	2021-02-24 00:00:00	2021-05-25 00:00:00	None	Hello Peppa Scan - FireEye IPS Events (IP=119,CN)
43.227.231.96	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	SG Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
43.228.220.0	22	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	IN TO-S-2020-0303 Malicious Email Activity
43.229.152.0	24	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	HK Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
43.229.72.0	22	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	IN TO-S-2020-0331 Malicious Web Application Activity
43.229.88.0	22	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	IN TO-S-2020-0535 Malicious Email Activity
43.229.92.0	22	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	IN TO-S-2020-0298 Malicious Email Activity
43.230.196.242	24	BMP	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=242,ID)
43.230.207.204	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=204,HK)
43.230.40.0	24	jkc	None	2021-04-21 00:00:00	2021-10-21 00:00:00	None	Case # 5273 IOC_TO-S-2021-1233 Malicious callback IP
43.231.112.0	22	dbc	None	2020-09-17 00:00:00	2021-09-17 00:00:00	None	MN TO-S-2020-0805 Malicious Email Activity
43.231.127.0	24	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	IN TO-S-2020-0750 Malicious Email Activity
43.231.209.240	32	wmp	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=240,NP)
43.231.30.46	24	UA	None	2021-05-18 00:00:00	2021-08-16 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - Sourcefire (IP=46,MV)
43.231.56.0	22	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5629 TO-S-2021-1303 (IP=0,IN)
43.239.152.0	22	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	IN TO-S-2020-0298 Malicious Email Activity
43.239.81.80	24	EE	None	2021-04-13 00:00:00	2021-07-12 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt (1:19559:13) Sourcefire (IP=80,IN)
43.240.31.21	24	GM	None	2020-10-16 00:00:00	2021-01-16 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Sourcefire (IP=21,HK)
43.240.65.0	24	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	IN Hive Case 4237 TO-S-2021-0910 Malicious Reconnaissance Activity
43.240.80.0	22	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	ID TO-S-2020-0303 Malicious Email Activity
43.241.127.92	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=92,IN)
43.241.144.62	24	BMP	None	2021-04-02 00:00:00	2021-07-01 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6hr Failed Logons (IP=62,IN)
43.241.194.28	24	BMP	None	2020-12-31 00:00:00	2021-03-31 00:00:00	None	FTP Login Failed - 6hr Failed Logons (IP=28,IN)
43.241.37.0	24	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	IN Hive Case 4237 TO-S-2021-0910 Malicious Reconnaissance Activity
43.241.56.0	22	dbc	None	2020-09-17 00:00:00	2021-09-17 00:00:00	None	TH TO-S-2020-0805 Malicious Email Activity
43.242.131.0	24	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,HK)
43.242.32.0	22	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	HK TO-S-2020-0315 Malware Activity
43.242.36.0	22	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	IN TO-S-2020-0303 Malicious Email Activity
43.243.108.0	22	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	HK TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
43.243.222.194	24	FT	None	2021-04-19 00:00:00	2021-07-18 00:00:00	None	SERVER-WEBAPP vBulletin pre-authenticated command injection attempt - Web Attacks (IP=194,HK)
43.245.216.0	22	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	KH TO-S-2020-0303 Malicious Email Activity
43.245.222.163	32	srm	None	2021-05-11 00:00:00	2021-08-09 00:00:00	None	Firepower Suspicious Scan Activity (IP=163,HK)
43.245.84.0	22	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	US TO-S-2020-0303 Malicious Email Activity
43.246.217.39	32	srm	None	2021-08-16 00:00:00	2021-11-14 00:00:00	None	HIVE Case #NA Forcepoint NA Forcepoint (IP=39,TW)
43.247.190.99	24	EE INDICATOR-SCAN	None	2021-03-19 00:00:00	2021-06-17 00:00:00	None	PHP backdoor scan attempt (1:50182:1) - SourceFire (IP=99,CN)
43.249.24.0	22	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	HK Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
43.249.28.0	24	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	HK TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
43.249.29.0	24	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	HK Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
43.249.83.11	24	BMP	None	2021-01-25 00:00:00	2021-04-25 00:00:00	None	Hello Peppa Scan - FireEye IPS (IP=11,HK)
43.250.158.2	24	RW	None	2021-04-29 00:00:00	2021-07-29 00:00:00	None	Malicious external IP - Hive Case 5343 (IP=2,IN)
43.250.241.186	32	wmp	None	2021-05-03 00:00:00	2021-08-03 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=186,LK)
43.250.249.97	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=97,US)
43.251.116.249	24	RB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr failed logons (IP=249,CN)
43.251.220.0	24	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=0,IN)
43.252.239.39	24	CR	None	2021-05-13 00:00:00	2021-08-17 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability - Web Attacks (IP=39,ID) | updated by RR Block expiration extended with reason SERVER-WEBAPP PHPUnit PHP remote code execution attempt - SourceFire (IP=39,ID)
43.252.72.0	22	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	ID Hive Case 4187 TO-S-2021-0898 Malware Activity
43.252.8.212	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	ID Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
43.252.9.0	24	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	ID TO-S-2020-0331 Malicious Web Application Activity
43.254.148.0	22	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	CN Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
43.254.16.0	22	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,TW)
43.254.53.78	24	RB	None	2021-02-06 00:00:00	2021-05-07 00:00:00	None	FireEye IPS Hello Peppa Scan (IP=78,CN)
43.255.112.0	22	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	KH TO-S-2020-0303 Malicious Email Activity
43.255.164.0	22	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	IN Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
44.192.63.218	32	RW	None	2021-03-13 00:00:00	2021-06-13 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=218,US)
44.192.81.238	32	RT	None	2021-06-08 00:00:00	2021-09-06 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire Report (IP=238,US)
44.198.4.149	32	DT	None	2021-09-03 00:00:00	2021-12-02 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=149,US)
44.234.44.87	32	ZH	None	2021-09-28 00:00:00	2021-12-27 00:00:00	None	SQL injection - 6hr Web Attacks (IP=87,US)
44.238.47.66	32	GLM	None	2021-04-05 00:00:00	2021-07-04 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=66,US)
45.10.150.141	32	NAB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HIVE Case #5136 TO-S-21-1197 TO-S-21-1197.01 (IP=141,TR)
45.10.88.0	22	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	GB TO-S-2020-0303 Malicious Email Activity
45.11.181.0	24	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	RO TO-S-2020-0750 Malicious Email Activity
45.11.19.134	32	RW	None	2021-08-03 00:00:00	2021-11-01 00:00:00	None	Self-Report: URL manipulation incl. path traversal and BURP profiles - TT# 21C01507 (IP=134,DE)
45.112.204.0	24	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	HK Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
45.112.206.218	32	BMP	None	2021-06-02 00:00:00	2021-08-31 00:00:00	None	Attempted Access - Inbound Brute Force - TT# 21C01252 (IP=HK,218)
45.113.109.204	24	RR	None	2021-03-16 00:00:00	2021-06-14 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Sourcefire (IP=204,HK)
45.113.122.212	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=212,IN)
45.113.69.175	32	BMP	None	2021-06-18 00:00:00	2021-09-16 00:00:00	None	INDICATOR-OBFUSCATION select concat statement - possible sql injection (1:19437:6) - SourceFire (IP=175,US)
45.113.70.144	24	RT	None	2021-05-27 00:00:00	2021-08-25 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire Report (IP=144,CA)
45.113.71.219	24	CR	None	2021-05-13 00:00:00	2021-08-11 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=219,HK)
45.114.106.0	24	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	CN TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
45.114.144.29	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=29,IN)
45.114.68.0	22	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	IN TO-S-2020-0303 Malicious Email Activity
45.114.76.199	32	srm	None	2021-05-19 00:00:00	2021-08-17 00:00:00	None	Firepower Suspicious Scan Activity (IP=199,IN)
45.114.88.185	24	RB	None	2020-10-13 00:00:00	2021-01-11 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - 6hr web attacks (IP=185,BD)
45.115.89.186	24	WR	None	2021-06-23 00:00:00	2021-09-21 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt (1:19559:13) - Sourcefire Report (IP=186,CN)
45.116.112.0	22	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	IN TO-S-2020-0303 Malicious Email Activity
45.116.13.202	24	RB	None	2021-05-02 00:00:00	2021-08-02 00:00:00	None	HTTP: SQL Injection Attempt Detected - 6hr web attacks (IP=202,JP)
45.116.14.42	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	HK TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
45.116.79.139	24	RW	None	2021-01-16 00:00:00	2021-04-16 00:00:00	None	Hello Peppa Scan - Fireeye IPS (IP=139,HK)
45.117.101.127	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	JP TO-S-2020-0459 Malware Activity
45.117.102.64	32	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	JP TO-S-2020-0315 Malware Activity
45.118.132.253	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	JP Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
45.118.135.88	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	SG Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
45.118.204.0	22	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	IN TO-S-2020-0298 Malicious Email Activity
45.119.208.50	32	JKC	None	2020-06-11 00:00:00	2021-06-11 00:00:00	None	Malicious IP Hive Case 2987 COLS-NA TIP 20-0165 CTO 20-156 (ip=50, US)
45.119.96.4	32	FT	None	2021-01-24 00:00:00	2021-04-24 00:00:00	None	HTTP: php.cgi Buffer Overflow - Web Attacks (IP=4,HK)
45.12.110.135	32	EE	None	2021-02-07 00:00:00	2021-05-08 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt - SourceFire (IP=135,US)
45.12.221.34	24	BMP	None	2021-02-16 00:00:00	2021-05-16 00:00:00	None	SERVER-WEBAPP Cisco Ultra Services Framework command injection attempt (3:43456:1) - SourceFire (IP=34,DK) | updated by RW Block expiration extended with reason SERVER-WEBAPP Cisco Ultra Services Framework command injection attempt - Sourcefire (IP=34,D
45.12.32.0	23	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	RU TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
45.12.32.200	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	NL TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
45.12.4.0	22	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,RU)
45.120.139.0	24	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	IN Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
45.120.159.58	32	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	JP TO-S-2020-0315 Malware Activity
45.120.224.19	24	RB	None	2021-01-10 00:00:00	2021-04-10 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr web attack (IP=19,VN)
45.121.107.205	24	RB	None	2020-10-13 00:00:00	2021-01-11 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr web attacks (IP=205,CN)
45.121.218.66	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	ID TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
45.121.218.66	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	ID TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
45.121.218.66	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	ID TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
45.122.233.33	32	dbc	None	2020-05-22 00:00:00	2021-05-27 00:00:00	None	Unafilliated TO-S-2020-0559 Malicious Email Activity | updated by dbc Block expiration extended with reason Unafilliated TO-S-2020-0559.01 Malicious Email Activity
45.122.52.0	22	TLM	None	2021-06-14 00:00:00	2021-12-14 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=0,ID)
45.123.117.19	24	RR	None	2020-11-16 00:00:00	2021-02-14 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - SourceFire (IP=19,TR)
45.123.117.20	24	RW	None	2020-11-21 00:00:00	2021-02-21 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Sourcefire (IP=20,TR)
45.123.119.55	24	EE PROTOCOL-DNS	None	2021-03-19 00:00:00	2021-06-17 00:00:00	None	DNS query amplification attempt (1:28556:3) - SourceFire (IP=55,TR)
45.123.41.82	24	DT	None	2021-02-23 00:00:00	2021-05-24 00:00:00	None	SERVER-WEBAPP Pulse Secure SSL VPN arbitrary file read attempt - SourceFire (IP=82,BD)
45.123.41.82	32	RB	None	2021-02-24 00:00:00	2021-05-25 00:00:00	None	FireEye IPS Events (IP=82,BD)
45.124.168.0	22	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	BD TO-S-2020-0298 Malicious Email Activity
45.124.4.0	22	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	IN Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
45.124.64.0	22	TLM	None	2021-06-10 00:00:00	2021-12-10 00:00:00	None	HIVE CASE #5606 TO-S-2021-1338
45.124.84.0	22	dbc	None	2020-09-17 00:00:00	2021-09-17 00:00:00	None	VN TO-S-2020-0805 Malicious Email Activity
45.124.92.0	22	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	VN Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
45.125.46.74	32	FT	None	2020-10-18 00:00:00	2021-01-18 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 21C00145 (IP=74,US)
45.126.132.0	22	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	ID TO-S-2021-1007 Malicious Email Activity
45.126.186.160	24	BMP	None	2021-06-23 00:00:00	2021-09-21 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - SSH Scan Report (IP=160,ID)
45.126.21.0	24	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	IN TO-S-2020-0331 Malicious Web Application Activity
45.128.134.19	32	dbc	None	2020-06-10 00:00:00	2021-06-10 00:00:00	None	EE TO-S-2020-0601 Malicious Web Application Activity
45.128.150.41	32	dbc	None	2020-04-08 00:00:00	2021-04-08 00:00:00	None	NL TO-S-2020-0419 Malware Activity
45.129.137.249	32	wmp	None	2021-06-22 00:00:00	2021-09-22 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=249,LB)
45.129.33.189	24	DT	None	2020-11-24 00:00:00	2021-02-24 00:00:00	None	SERVER-OTHER OpenSSL TLSv1.1 heartbeat read overrun attempt - SourceFire (IP=189,NL)
45.13.255.127	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	SG TO-S-2020-0303 Malicious Email Activity
45.130.138.101	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=10,NL)
45.130.138.47	32	wmp	None	2021-02-10 00:00:00	2021-05-10 00:00:00	None	Firepower Suspicious Scan Activity (IP=47,NL)
45.130.230.155	32	NAB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HIVE Case #5136 TO-S-21-1197 TO-S-21-1197.01 (IP=155,DE)
45.131.174.205	24	GM	None	2020-12-25 00:00:00	2021-03-25 00:00:00	None	Generic URI Injection wget Attempt - FireEye CMS (IP=205,ES)
45.131.186.0	24	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	HK Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
45.131.194.84	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=84,NL)
45.132.143.28	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	BS Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
45.132.241.144	32	dbc	None	2020-06-10 00:00:00	2021-06-10 00:00:00	None	Unaffiliated TO-S-2020-0601 Malicious Email Activity
45.133.1.134	32	wmp	None	2021-05-14 00:00:00	2021-08-14 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=134,US)
45.133.1.167	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=167,US)
45.133.1.215	32	wmp	None	2021-03-16 00:00:00	2021-06-16 00:00:00	None	Firepower Suspicious Scan Activity (IP=215,US)
45.133.1.8	32	RR	None	2021-05-11 00:00:00	2021-08-09 00:00:00	None	Unauthorized Access-Probe/UDP: Host Sweep - TT# 21C01152 (IP=8,NL)
45.133.179.0	24	dbc	None	2020-09-17 00:00:00	2021-09-17 00:00:00	None	PK TO-S-2020-0805 Malicious Email Activity
45.133.180.10	32	DT	None	2020-10-05 00:00:00	2021-01-05 00:00:00	None	HTTP: Apache Struts 2 Remote Code Execution (CVE-2017-5638) - TT # 21C00036 (IP=10,MX)
45.133.180.130	24	EE	None	2021-02-15 00:00:00	2021-05-15 00:00:00	None	SERVER-WEBAPP Cisco Ultra Services Framework command injection attempt - 6 HR Web Attacks (IP=130,BR)
45.133.180.18	32	DT	None	2020-10-05 00:00:00	2021-01-05 00:00:00	None	HTTP: Apache Struts 2 Remote Code Execution (CVE-2017-5638) - TT # 21C00037 (IP=18,MX)
45.133.180.2	32	DT	None	2020-10-05 00:00:00	2021-01-05 00:00:00	None	HTTP: Apache Struts 2 Remote Code Execution (CVE-2017-5638) - TT # 21C00040 (IP=2,MX)
45.133.180.26	32	DT	None	2020-10-05 00:00:00	2021-01-05 00:00:00	None	HTTP: Apache Struts 2 Remote Code Execution (CVE-2017-5638) - TT # 21C00039 (IP=26,MX)
45.133.180.34	32	DT	None	2020-10-05 00:00:00	2021-01-05 00:00:00	None	HTTP: Apache Struts 2 Remote Code Execution (CVE-2017-5638) - TT # 21C00038 (IP=34,MX)
45.133.182.156	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	CA Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
45.133.192.218	32	BMP	None	2021-02-16 00:00:00	2021-05-15 00:00:00	None	SERVER-WEBAPP Cisco Ultra Services Framework command injection attempt - 6hr Web Attacks (IP=218,US)
45.133.239.14	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	GB Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
45.133.9.238	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	DE Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
45.133.9.253	32	RW	None	2020-10-20 00:00:00	2021-01-20 00:00:00	None	Unauthorized Access-Probe / UDP: Host Sweep - TT# 21C00166 (IP=253,DE)
45.133.96.0	22	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=0,RU)
45.134.0.253	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	GB TO-S-2020-0535 Malicious Email Activity
45.134.220.164	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=164,US)
45.134.82.253	24	RR	None	2020-12-04 00:00:00	2021-03-04 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=253,HK)
45.135.232.0	24	NAB	None	2021-04-05 00:00:00	2021-07-04 00:00:00	None	HIVE Case #5201 TO-S-21-1209 (IP=0,RU)
45.135.232.131	24	EE	None	2021-09-20 00:00:00	2021-12-19 00:00:00	None	CTA-FY21-0402-027 (IP=131,RU) CTO-21-016.01 | updated by EE Block was inactive. Reactivated on 20210920 with reason HIVE Case #6205 IOC_Solarmarker (IP=131,RU) HIVE Case #6205 IOC_Solarmarker (IP=131,RU)
45.135.232.131	24	CR	None	2021-04-02 00:00:00	2021-12-19 00:00:00	None	CTA-FY21-0402-027 (IP=131,RU) CTO-21-016.01 | updated by EE Block was inactive. Reactivated on 20210920 with reason HIVE Case #6205 IOC_Solarmarker (IP=131,RU) HIVE Case #6205 IOC_Solarmarker (IP=131,RU)
45.136.108.0	24	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	RU Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
45.136.108.0	24	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	RU Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
45.136.108.0	24	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	RU Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
45.136.108.0	24	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	RU Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
45.136.108.0	22	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	RU Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
45.136.108.25	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	DE TO-S-2020-0298 Malicious Email Activity
45.136.108.26	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	DE TO-S-2020-0303 Malicious Email Activity
45.136.160.2	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	DE Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
45.136.161.2	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	DE Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
45.136.162.2	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	DE Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
45.137.149.110	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	DE Hive Case 4237 TO-S-2021-0910 Malicious Reconnaissance Activity
45.137.151.140	32	dbc	None	2020-03-24 00:00:00	2021-03-24 00:00:00	None	US TO-S-2020-0369 Malicious Email Activity
45.137.20.14	24	BMP	None	2021-08-08 00:00:00	2021-11-06 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt (1:28556:3) - SourceFire (IP=14,BG)
45.138.209.137	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	KR TO-S-2020-0698 Malicious Email Activity
45.138.209.62	32	dbc	None	2020-08-26 00:00:00	2021-08-26 00:00:00	None	KR TO-S-2020-0758 Malicious Email Activity
45.139.239.5	24	WR	None	2021-06-27 00:00:00	2021-09-25 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt (1:28556:3) - SourceFire (IP=5, RU) | updated by WR Block was inactive. Reactivated on 20210627 with reason PROTOCOL-DNS DNS query amplification attempt (1:28556:3) - SourceFire (IP=5,RU) PROTOCOL-DNS DNS q
45.139.239.5	24	EE	None	2021-03-15 00:00:00	2021-09-25 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt (1:28556:3) - SourceFire (IP=5, RU) | updated by WR Block was inactive. Reactivated on 20210627 with reason PROTOCOL-DNS DNS query amplification attempt (1:28556:3) - SourceFire (IP=5,RU) PROTOCOL-DNS DNS q
45.14.224.112	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=112,NL)
45.14.224.185	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=185,NL)
45.14.224.222	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	NL Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
45.14.224.82	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	NL TO-S-2021-0949 Hive Case 4363 Malicious Email Activity
45.14.49.55	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	NL TO-S-2021-1007 Malware Activity
45.14.50.123	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	NL TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
45.140.17.50	24	RW	None	2021-04-09 00:00:00	2021-07-09 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt - Sourcefire (IP=50,RU)
45.140.204.0	22	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	RU Hive Case 4237 TO-S-2021-0910 Malware Activity
45.141.152.18	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=18,DE)
45.141.156.0	24	TLM	None	2021-06-10 00:00:00	2021-12-10 00:00:00	None	HIVE CASE #5606 TO-S-2021-1338
45.141.156.206	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	DE TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
45.141.157.101	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	DE TO-S-2020-0331 Malware Activity
45.141.157.104	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	BG TO-S-2020-0298 Malicious Email Activity
45.141.84.0	22	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	RU TO-S-2020-0303 Malicious Web Application Activity
45.141.84.10	32	NAB	None	2021-05-04 00:00:00	2021-11-04 00:00:00	None	HIVE Case #5344 TO-S-21-1245 (IP=10,RU)
45.141.84.126	24	BMP	None	2021-07-14 00:00:00	2021-10-12 00:00:00	None	SSH2 Failed Login Attempt - 6hr Failed Logons (IP=126,RU)
45.142.176.122	24	EE	None	2021-04-08 00:00:00	2021-07-07 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attack (IP=122,DE)
45.142.195.5	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	GB TO-S-2020-0298 Malicious Email Activity
45.142.212.0	22	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	RU Hive Case 4187 TO-S-2021-0898 Malicious Web Application Activity
45.143.136.0	22	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	RU Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
45.143.229.0	24	TLM	None	2021-06-10 00:00:00	2021-12-10 00:00:00	None	HIVE CASE #5606 TO-S-2021-1338
45.144.136.187	24	RB	None	2021-01-13 00:00:00	2021-04-13 00:00:00	None	HTTP: SQL Injection Attempt Detected - 6hr web attacks (IP=187,HK)
45.144.177.110	32	srm	None	2021-04-22 00:00:00	2021-07-21 00:00:00	None	Firepower Suspicious Scan Activity (IP=110,RU)
45.144.225.151	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=151,US)
45.144.225.96	32	wmp	None	2021-04-19 00:00:00	2021-07-18 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=96,US)
45.144.242.216	32	NAB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HIVE Case #5136 TO-S-21-1197 TO-S-21-1197.01 (IP=216,US)
45.144.30.16	24	BMP	None	2021-04-20 00:00:00	2021-07-19 00:00:00	None	TrojanDownloader.Qakbot - Hive Case 5267 (IP=16,RU)
45.144.64.0	24	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	RU Hive Case 4187 TO-S-2021-0898 Malicious Web Application Activity
45.145.128.0	22	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	RU TO-S-2020-0493 Malware Activity
45.145.185.100	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=100,NL)
45.146.122.234	32	dbc	None	2020-09-01 00:00:00	2021-09-01 00:00:00	None	US HIVE Case #3744 TO-S-2020-0772 Malicious Web Application Activity
45.146.164.0	23	NAB	None	2021-04-05 00:00:00	2021-07-04 00:00:00	None	HIVE Case #5201 TO-S-21-1209 (IP=0,RU)
45.146.164.110	24	RB	None	2021-09-29 00:00:00	2021-12-28 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr web attacks (IP=110,RU)
45.146.164.110	24	RB	None	2021-09-29 00:00:00	2021-12-28 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr web attacks (IP=110,RU)
45.146.164.110	24	RB	None	2021-09-29 00:00:00	2021-12-28 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr web attacks (IP=110,RU)
45.146.164.110	24	RB	None	2021-09-29 00:00:00	2021-12-28 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr web attacks (IP=110,RU)
45.146.164.110	24	RB	None	2021-09-29 00:00:00	2021-12-28 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr web attacks (IP=110,RU)
45.146.164.125	24	RR	None	2021-06-06 00:00:00	2021-09-07 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=125,RU) | updated by RR Block expiration extended with reason HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=125,RU) HTTP: PHPUnit Remote Code Executio
45.146.164.125	24	RB	None	2021-05-22 00:00:00	2021-09-07 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=125,RU) | updated by RR Block expiration extended with reason HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=125,RU) HTTP: PHPUnit Remote Code Executio
45.146.164.125	24	RB	None	2021-05-22 00:00:00	2021-09-07 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=125,RU) | updated by RR Block expiration extended with reason HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=125,RU) HTTP: PHPUnit Remote Code Executio
45.146.164.125	24	RR	None	2021-05-23 00:00:00	2021-09-07 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=125,RU) | updated by RR Block expiration extended with reason HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=125,RU) HTTP: PHPUnit Remote Code Executio
45.146.164.125	24	KD	None	2021-06-08 00:00:00	2021-09-07 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=125,RU) | updated by RR Block expiration extended with reason HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=125,RU) HTTP: PHPUnit Remote Code Executio
45.146.164.125	24	ZH	None	2021-06-01 00:00:00	2021-09-07 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=125,RU) | updated by RR Block expiration extended with reason HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=125,RU) HTTP: PHPUnit Remote Code Executio
45.146.164.125	24	RR	None	2021-06-05 00:00:00	2021-09-07 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=125,RU) | updated by RR Block expiration extended with reason HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=125,RU) HTTP: PHPUnit Remote Code Executio
45.146.165.123	24	SW	None	2021-06-09 00:00:00	2021-09-07 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=123,RU)
45.146.165.41	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=41,GB)
45.146.255.117	32	TLM	None	2021-06-17 00:00:00	2021-12-17 00:00:00	None	HIVE Case #5644 TO-S-2021-1352 (IP=117,DE)
45.146.55.152	32	RW	None	2021-03-10 00:00:00	2021-06-10 00:00:00	None	HTTP: Grandstream UCM6200 SQL Injection Vulnerability (CVE-2020-5722) - 6hr web attacks (IP=152,US)
45.147.229.181	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	DE TO-S-2020-0331 Malware Activity
45.148.10.179	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	AD Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
45.148.10.50	24	RR	None	2021-05-23 00:00:00	2021-08-21 00:00:00	None	SERVER-WEBAPP Axis Communications IP camera SSI command injection attempt - SourceFire (IP=50,GB)
45.148.10.50	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=50,NL)
45.148.10.54	32	RR	None	2021-03-09 00:00:00	2021-06-07 00:00:00	None	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00571 (IP=54,AD)
45.148.10.94	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=94,NL)
45.148.10.95	32	dbc	None	2020-09-17 00:00:00	2021-09-17 00:00:00	None	NL TO-S-2020-0805 Malicious Web Application Activity
45.148.120.13	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	US TO-S-2020-0750 Malicious Email Activity
45.148.165.233	32	TLM	None	2021-06-14 00:00:00	2021-12-14 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=233,US)
45.148.165.244	32	jkc	None	2021-04-21 00:00:00	2021-10-21 00:00:00	None	Case # 5273 IOC_TO-S-2021-1233 Malicious callback IP
45.148.232.0	22	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	RU Hive Case 4237 TO-S-2021-0910 Malware Activity
45.148.9.171	32	NAB	None	2021-04-05 00:00:00	2021-07-04 00:00:00	None	HIVE Case #5201 TO-S-21-1209 (IP=171,US)
45.149.79.0	24	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	IR TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
45.15.24.148	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	US TO-S-2020-0698 Malware Activity
45.150.67.23	32	NAB	None	2021-04-05 00:00:00	2021-07-04 00:00:00	None	HIVE Case #5201 TO-S-21-1209 (IP=23,MD)
45.151.249.83	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	TR Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
45.152.5.26	32	dbc	None	2020-09-17 00:00:00	2021-09-17 00:00:00	None	US TO-S-2020-0805 Malicious Email Activity
45.152.6.42	32	dbc	None	2020-09-17 00:00:00	2021-09-17 00:00:00	None	US TO-S-2020-0805 Malicious Email Activity
45.152.84.0	22	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	US TO-S-2020-0315 Malicious Email Activity
45.153.160.133	32	EE	None	2021-03-10 00:00:00	2021-06-08 00:00:00	None	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00666 (IP=133,NL)
45.153.160.135	32	EE	None	2021-03-10 00:00:00	2021-06-08 00:00:00	None	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00666 (IP=135,NL)
45.153.187.0	24	kmw	None	2020-01-02 00:00:00	2021-01-02 00:00:00	None	SE TO-S-2020-0228 Malicious Email Activity
45.153.203.147	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	US TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
45.153.203.171	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	NL TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
45.153.203.31	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=31,NL)
45.153.203.44	32	wmp	None	2021-02-17 00:00:00	2021-05-17 00:00:00	None	Firepower Suspicious Scan Activity (IP=44,NL)
45.153.240.165	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	DE TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
45.154.35.236	32	RW	None	2021-03-10 00:00:00	2021-06-10 00:00:00	None	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00663 (IP=236,GB)
45.155.172.28	32	wmp	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=28,DE)
45.155.205.109	24	RR	None	2021-05-19 00:00:00	2021-08-17 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=109,RU)
45.155.205.156	24	EE	None	2021-04-08 00:00:00	2021-07-07 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt (1:28556:3) - SourceFire (IP=156,DE)
45.155.205.165	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=165,RU)
45.155.205.181	24	RR	None	2021-05-14 00:00:00	2021-08-15 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=181,RU) | updated by RW Block expiration extended with reason HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - web attacks (IP=181,DE) | updated by RW Block expiration exte
45.155.205.90	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	HIVE Case #Firepower Firepower (IP=90,RU)
45.156.20.0	22	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	RU Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
45.156.24.0	22	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	RU TO-S-2021-1007 Malicious Email Activity
45.157.120.14	32	NAB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HIVE Case #5136 TO-S-21-1197 TO-S-21-1197.01 (IP=14,US)
45.157.178.183	24	RR	None	2021-03-29 00:00:00	2021-06-27 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt -SourceFire (IP=183,DE)
45.158.12.142	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	TR TO-S-2020-0331 Malicious Email Activity
45.158.12.77	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	TR TO-S-2020-0331 Malicious Email Activity
45.158.14.66	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=66,TR)
45.158.32.18	32	dbc	None	2020-08-26 00:00:00	2021-08-26 00:00:00	None	KR TO-S-2020-0758 Malicious Email Activity
45.158.32.62	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	KR TO-S-2020-0303 Malicious Email Activity
45.158.78.223	24	KH	None	2021-08-27 00:00:00	2021-11-25 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt (1:28556:3) - Sourcefire (IP=223,GB)
45.159.191.61	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	NL Hive Case 4187 TO-S-2021-0898 Malicious Web Application Activity
45.159.196.0	24	dbc	None	2020-09-23 00:00:00	2021-09-23 00:00:00	None	IR TO-S-2020-0826 Hive Case 3950 Malicious Email Activity
45.161.216.0	22	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	BR TO-S-2020-0303 Malicious Email Activity
45.161.240.0	22	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	BR TO-S-2021-0876 Hive Case 4166 Malware Activity
45.161.5.37	24	RR	None	2021-04-26 00:00:00	2021-07-25 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - Web Attacks (IP=37,BR)
45.162.60.0	22	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	AR TO-S-2020-0838 Malware Activity
45.162.80.157	24	RB	None	2021-02-11 00:00:00	2021-05-12 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6hr failed logons (IP=157,BR)
45.163.108.0	22	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	BR TO-S-2020-0303 Malicious Email Activity
45.163.134.0	24	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	BR TO-S-2020-0331 Malicious Web Application Activity
45.164.124.0	22	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	BR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
45.164.140.130	32	srm	None	2021-01-28 00:00:00	2021-04-28 00:00:00	None	Firepower Suspicious Scan Activity (IP=130,VE)
45.164.140.152	32	srm	None	2021-01-28 00:00:00	2021-04-28 00:00:00	None	Firepower Suspicious Scan Activity (IP=152,VE)
45.164.180.0	22	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	BR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
45.165.136.0	22	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	BR TO-S-2020-0298 Malicious Email Activity
45.165.215.19	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=19,BR)
45.166.32.0	23	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	BR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
45.166.66.0	23	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	BR TO-S-2020-0303 Malicious Email Activity
45.167.180.0	22	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	BR TO-S-2020-0303 Malicious Email Activity
45.167.244.0	22	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	BR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
45.168.136.0	22	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	BR TO-S-2020-0331 Malicious Web Application Activity
45.168.181.0	24	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	BR TO-S-2020-0331 Malicious Web Application Activity
45.170.22.89	24	RB	None	2021-06-06 00:00:00	2021-09-04 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6hr failed logons (IP=89,BR)
45.171.161.157	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	EC Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
45.172.168.222	32	srm	None	2021-01-28 00:00:00	2021-04-28 00:00:00	None	Firepower Suspicious Scan Activity (IP=222,BR)
45.172.59.0	24	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	BR TO-S-2020-0331 Malicious Web Application Activity
45.173.88.0	22	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	BR TO-S-2021-0876 Hive Case 4166 Malware Activity
45.174.160.0	22	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	BR TO-S-2020-0298 Malicious Email Activity
45.174.215.0	24	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	BR TO-S-2020-0303 Malicious Email Activity
45.175.180.0	22	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	BR TO-S-2020-0331 Malicious Web Application Activity
45.176.101.34	32	srm	None	2021-01-28 00:00:00	2021-04-28 00:00:00	None	Firepower Suspicious Scan Activity (IP=34,BR)
45.176.108.133	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=133,AR)
45.176.108.164	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=164,AR)
45.176.109.205	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=205,AR)
45.176.109.212	32	srm	None	2021-01-28 00:00:00	2021-04-28 00:00:00	None	Firepower Suspicious Scan Activity (IP=212,BR)
45.176.110.110	32	srm	None	2021-01-28 00:00:00	2021-04-28 00:00:00	None	Firepower Suspicious Scan Activity (IP=110,BR)
45.176.110.66	32	srm	None	2021-01-28 00:00:00	2021-04-28 00:00:00	None	Firepower Suspicious Scan Activity (IP=66,BR)
45.176.110.99	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=99,AR)
45.176.111.164	24	GM	None	2020-11-12 00:00:00	2021-02-12 00:00:00	None	Generic URI Injection wget Attempt - FireEye CMS (IP=164,AR)
45.176.60.0	22	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	BR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
45.177.139.119	24	BMP	None	2021-07-20 00:00:00	2021-10-18 00:00:00	None	MULTIPLE UNRECOGNIZED TECHNIQUES; FORWARD TO DEV TEAM (IP=119,BR)
45.178.16.0	22	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	BR TO-S-2020-0298 Malicious Email Activity
45.179.180.0	22	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	BR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
45.180.193.0	24	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	BR TO-S-2020-0303 Malicious Email Activity
45.182.104.0	22	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,BR)
45.182.136.0	22	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	BR TO-S-2020-0298 Malicious Email Activity
45.182.156.0	22	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	BR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
45.182.252.0	22	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	BR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
45.184.68.46	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	BR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
45.184.92.23	24	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=23,HN)
45.185.80.0	22	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	BR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
45.186.144.0	22	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	VE TO-S-2021-0876 Hive Case 4166 Malware Activity
45.189.204.26	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=26,BR)
45.190.168.0	23	TLM	None	2021-06-10 00:00:00	2021-12-10 00:00:00	None	HIVE CASE #5606 TO-S-2021-1338
45.192.160.0	20	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	SC Hive Case 4187 TO-S-2021-0898 Malicious Web Application Activity
45.192.160.214	32	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	ZA TO-S-2020-0315 Malware Activity
45.194.128.0	19	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,ZA)
45.194.140.116	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=116,ZA)
45.195.146.0	24	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	HK Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
45.195.25.0	24	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	HK Hive Case 4237 TO-S-2021-0910 Malicious Reconnaissance Activity
45.195.68.0	23	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,HK)
45.196.126.144	24	DT	None	2021-02-15 00:00:00	2021-05-15 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=144,HK)
45.201.144.0	20	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5637 TO-S-2021-1321 (IP=0,KH)
45.201.153.67	24	BMP	None	2021-03-18 00:00:00	2021-06-16 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6hr Failed Logons (IP=167,ZA)
45.201.206.80	24	SW	None	2021-07-24 00:00:00	2021-10-22 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - WebAttacks (IP=80, ZA)
45.205.152.19	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	ZA Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
45.207.21.0	24	dbc	None	2020-06-08 00:00:00	2021-06-08 00:00:00	None	RU TO-S-2020-0592 Malware Activity
45.220.83.21	32	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	DE TO-S-2020-0838 Malicious Email Activity
45.221.11.62	24	FT	None	2021-03-30 00:00:00	2021-06-28 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=62,UG)
45.221.216.0	21	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	US TO-S-2020-0303 Malicious Email Activity
45.225.240.0	23	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	BR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
45.225.3.0	24	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	BR TO-S-2020-0331 Malicious Web Application Activity
45.226.116.0	22	TLM	None	2021-06-14 00:00:00	2021-12-14 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=0,BR)
45.226.220.0	22	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	BR TO-S-2020-0298 Malicious Email Activity
45.226.88.0	22	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	BR TO-S-2020-0298 Malicious Email Activity
45.227.156.0	23	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	BR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
45.227.253.0	24	dbc	None	2020-03-24 00:00:00	2021-03-24 00:00:00	None	PA TO-S-2020-0369 Malicious Email Activity
45.228.212.0	22	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	BR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
45.228.35.20	24	BMP	None	2020-12-31 00:00:00	2021-03-31 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6hr Failed Logons (IP=20,BR)
45.230.240.0	22	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	EC TO-S-2020-0298 Malicious Email Activity
45.231.61.160	32	srm	None	2021-05-05 00:00:00	2021-08-03 00:00:00	None	Firepower Suspicious Scan Activity (IP=160,BR)
45.231.61.227	32	srm	None	2021-01-28 00:00:00	2021-04-28 00:00:00	None	Firepower Suspicious Scan Activity (IP=227,BR)
45.231.89.0	24	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	BR TO-S-2020-0331 Malicious Web Application Activity
45.232.140.0	22	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	BR TO-S-2020-0303 Malicious Email Activity
45.232.212.47	24	SW	None	2021-05-26 00:00:00	2021-08-24 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell
45.233.112.0	22	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	BR TO-S-2020-0303 Malicious Email Activity
45.233.169.0	24	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	CO Hive Case 4187 TO-S-2021-0898 Malware Activity
45.234.140.0	22	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	BR TO-S-2020-0750 Malicious Email Activity
45.234.172.0	24	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	AR TO-S-2020-0331 Malicious Web Application Activity
45.234.68.0	22	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	BR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
45.235.152.0	22	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	BR TO-S-2020-0303 Malicious Email Activity
45.235.248.0	22	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,BR)
45.236.128.245	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=245,CL)
45.236.131.185	24	RW	None	2021-03-13 00:00:00	2021-06-13 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=85,CH)
45.237.104.0	22	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	BR TO-S-2020-0298 Malicious Email Activity
45.237.112.0	22	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	BR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
45.237.252.0	22	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	BR TO-S-2020-0298 Malicious Email Activity
45.237.7.0	24	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,BR)
45.237.80.0	22	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,BR)
45.238.120.0	22	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,BR)
45.238.204.0	22	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	BR TO-S-2020-0303 Malicious Email Activity
45.238.204.5	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	BR TO-S-2020-0303 Malicious Email Activity
45.238.66.167	32	RW	None	2021-09-21 00:00:00	2021-12-20 00:00:00	None	FTKNOX_HRC_IPS - TT# 21C01913 (IP=167,US)
45.239.138.6	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	BR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
45.239.240.0	22	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	BR TO-S-2020-0838 Malicious Email Activity
45.239.92.0	22	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	AR TO-S-2020-0298 Malicious Email Activity
45.248.192.48	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepwer Suspicious Scan Activity (IP=48,IN)
45.248.192.48	32	wmp	None	2021-02-05 00:00:00	2021-05-05 00:00:00	None	Firepower Suspicious Scan Activty (IP=48,IN)
45.248.194.48	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=48,IN)
45.248.40.207	24	BMP	None	2020-12-12 00:00:00	2021-03-12 00:00:00	None	FTP Login Failed - 6 Hr Failed Logons (IP=207,IN)
45.248.68.0	24	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,HK)
45.249.78.165	32	srm	None	2021-05-19 00:00:00	2021-08-17 00:00:00	None	Firepower Suspicious Scan Activity (IP=165,IN)
45.250.231.30	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	BD Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
45.251.229.219	24	AR	None	2021-07-11 00:00:00	2021-10-09 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6 Hr Failed Logons (IP=219,BD)
45.251.34.0	23	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	IN TO-S-2021-0989 Hive Case # 4493 Malicious Web Application Activity
45.251.39.168	24	GM	None	2021-01-28 00:00:00	2021-04-28 00:00:00	None	Generic URI Injection wget Attempt - FireEye CMS (IP=168,IN)
45.252.190.148	24	BMP	None	2020-12-15 00:00:00	2021-03-15 00:00:00	None	BROWSER-PLUGINS Microsoft Windows Scripting Host Shell ActiveX function call access - SourceFire (IP=148,IN)
45.252.248.12	32	NAB	None	2020-10-30 00:00:00	2021-01-28 00:00:00	None	HIVE Case #4238 COLS-NA-TIP-20-0344 (IP=12,VN)
45.32.118.237	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	SG TO-S-2020-0459 Malware Activity
45.32.124.30	32	dbc	None	2020-09-23 00:00:00	2021-09-23 00:00:00	None	SG TO-S-2020-0826 Hive Case 3950 Malicious Email Activity
45.32.13.143	32	dbc	None	2020-06-10 00:00:00	2021-06-10 00:00:00	None	JP TO-S-2020-0601 Malicious Web Application Activity
45.32.136.161	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
45.32.220.163	32	NAB	None	2020-10-30 00:00:00	2021-11-03 00:00:00	None	HIVE Case #4238 COLS-NA-TIP-20-0344 (IP=163,US) | updated by dbc Block expiration extended with reason US Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
45.32.233.45	24	RB	None	2020-11-22 00:00:00	2021-02-22 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=45,NL)
45.32.236.151	24	UA	None	2021-08-26 00:00:00	2021-11-24 00:00:00	None	SERVER-WEBAPP PHPMailer command injection remote code execution attempt - 6hr Web Attacks (IP=151,NL)
45.32.244.254	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=254,AU)
45.32.249.91	24	EE	None	2021-01-31 00:00:00	2021-04-30 00:00:00	None	SQL injection - 6 HR Web Attack (IP=91,JP)
45.32.33.10	24	RR	None	2021-09-24 00:00:00	2021-12-23 00:00:00	None	SQL injection - Web Attacks (IP=10,JP)
45.32.42.144	24	BMP	None	2021-06-04 00:00:00	2021-09-02 00:00:00	None	POLICY-OTHER F5 iControl REST interface tm.util.bash invocation attempt (1:57336:1) - SourceFire (IP=144,JP)
45.32.42.203	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	JP TO-S-2020-0298 Malware Activity
45.32.54.115	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	JP TO-S-2020-0750 Malicious Email Activity
45.32.55.63	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	JP TO-S-2020-0298 Malware Activity
45.32.77.164	32	CR	None	2021-01-06 00:00:00	2021-04-06 00:00:00	None	File /etc/passwd Access Attempt Detect - IPS Events (IP=164,US)
45.32.91.109	32	kmw	None	2020-01-02 00:00:00	2021-01-02 00:00:00	None	US TO-S-2020-0228 Malicious Email Activity
45.32.93.193	32	wmp	None	2020-09-25 00:00:00	2021-11-03 00:00:00	None	HIVE Case #3980 COLS-NA-TIP-20-0305 (IP=193,US) | updated by dbc Block expiration extended with reason US Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
45.33.0.123	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	US TO-S-2020-0750 Malware Activity
45.33.0.176	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	US TO-S-2020-0750 Malware Activity
45.33.117.188	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	US TO-S-2020-0750 Malware Activity
45.33.119.111	32	JKC	None	2021-08-24 00:00:00	2021-11-24 00:00:00	None	HIVE CASE # NA ESM IDS EVENTS IMPERVA excessive CSS (IP=111)
45.33.119.129	32	RW	None	2021-08-24 00:00:00	2021-11-22 00:00:00	None	SQL injection - Web Attacks (IP=129,US)
45.33.119.162	32	RW	None	2021-08-24 00:00:00	2021-11-22 00:00:00	None	SQL injection - Web Attacks (IP=162,US)
45.33.119.178	32	JKC	None	2021-08-24 00:00:00	2021-11-22 00:00:00	None	HIVE Case #NA imperva (IP=178,US)
45.33.119.250	32	RW	None	2021-08-24 00:00:00	2021-11-22 00:00:00	None	SQL injection - Web Attacks (IP=250,US)
45.33.119.84	32	RW	None	2021-08-24 00:00:00	2021-11-22 00:00:00	None	SQL injection - Web Attacks (IP=84,US)
45.33.119.94	32	JKC	None	2021-08-24 00:00:00	2021-11-22 00:00:00	None	HIVE Case #NA imperva (IP=94,US)
45.33.120.75	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	US TO-S-2020-0750 Malware Activity
45.33.18.27	32	BMP	None	2020-02-16 00:00:00	2021-05-07 00:00:00	None	OS-WINDOWS Microsoft Windows Terminal server RDP over non-standard port attempt - SourceFire (IP=27,US) | updated by dbc Block expiration extended with reason US TO-S-2020-0493 Malware Activity
45.33.205.22	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=22,US)
45.33.23.183	32	NAB	None	2021-03-03 00:00:00	2021-06-01 00:00:00	None	HIVE Case #NA FP Security (IP=183,US)
45.33.30.197	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=197,US)
45.33.50.106	32	RT	None	2021-05-27 00:00:00	2021-08-25 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire Report (IP=106,US)
45.33.51.202	32	RW	None	2021-01-26 00:00:00	2021-04-26 00:00:00	None	File /etc/passwd Access Attempt Detect - Fireeye IPS (IP=202,US)
45.33.56.182	32	RB	None	2021-01-09 00:00:00	2021-04-11 00:00:00	None	Suspicious Scan Activity - Hive Case #4744 (IP=182,US) | updated by BMP Block expiration extended with reason Backdoor.TROCHILUS - Hive Case 4744 (IP=182,US)
45.33.64.197	32	SW	None	2021-09-17 00:00:00	2021-12-16 00:00:00	None	SQL injection - WebAttacks (IP=197, US)
45.33.65.249	32	CR	None	2021-05-19 00:00:00	2021-08-26 00:00:00	None	SQL injection - Web Attacks (IP=249,US) | updated by RR Block expiration extended with reason SQL injection - Web Attacks (IP=249,US)
45.33.65.38	32	RW	None	2020-08-01 00:00:00	2021-08-25 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=38,US) | updated by RT Block was inactive. Reactivated on 20210527 with reason INDICATOR-SCAN DNS version.bind string information disclosure attempt
45.33.66.128	32	GM	None	2020-11-27 00:00:00	2021-02-27 00:00:00	None	SQL use of sleep function with select - likely SQL injection - Sourcefire (IP=128,US)
45.33.66.36	32	BMP	None	2021-02-13 00:00:00	2021-05-13 00:00:00	None	Adobe ColdFusion Administrator Access Restriction - 6hr Web Attacks (IP=36,US)
45.33.70.11	32	RW	None	2021-03-06 00:00:00	2021-06-06 00:00:00	None	SERVER-WEBAPP WordPress Yuzo Related Posts plugin cross site scripting attempt - Sourcefire (IP=11,US)
45.33.70.25	32	AR	None	2021-08-29 00:00:00	2021-11-27 00:00:00	None	SERVER-WEBAPP WordPress get_post authentication bypass attempt (1:41495:2) – SourceFire Report (IP=25,US)
45.33.70.252	32	AR	None	2021-08-28 00:00:00	2021-11-26 00:00:00	None	UDS-ColdFusion_logintowizard_RC7261 TT# 21C01635 (IP=252,US)
45.33.70.38	32	AR	None	2021-08-29 00:00:00	2021-11-27 00:00:00	None	UDS-ColdFusion_logintowizard_RC7261 TT# 21C01643 (IP=38,US)
45.33.70.47	32	AR	None	2021-08-29 00:00:00	2021-11-27 00:00:00	None	UDS-ColdFusion_logintowizard_RC7261 TT# 21C01654 (IP=47,US)
45.33.71.134	32	BMP	None	2020-02-16 00:00:00	2021-05-07 00:00:00	None	OS-WINDOWS Microsoft Windows Terminal server RDP over non-standard port attempt - SourceFire (IP=134,US) | updated by dbc Block expiration extended with reason US TO-S-2020-0493 Malware Activity
45.33.71.198	32	CR	None	2021-05-19 00:00:00	2021-08-18 00:00:00	None	SQL injection - Web Attacks (IP=198,US)
45.33.75.100	32	DT	None	2021-09-09 00:00:00	2021-12-08 00:00:00	None	HTTP: Apache Struts2 XML Deserialization Remote Code Execution (CVE-2017-9805) - TT# 21C01804 (IP=100,US)
45.33.75.164	32	RW	None	2021-09-27 00:00:00	2021-12-26 00:00:00	None	SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1081 attack attempt (3:54268:1) - Sourcefire (IP=164,US)
45.33.75.62	32	BMP	None	2021-09-09 00:00:00	2021-12-08 00:00:00	None	SERVER-WEBAPP Atlassian Confluence OGNL injection remote code execution attempt (1:58094:1) - SourceFire (IP=62, US)
45.33.77.42	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malware Activity
45.33.82.101	32	BMP	None	2021-06-04 00:00:00	2021-09-04 00:00:00	None	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - TT# 21C01263 (IP=101,US) | updated by RR Block expiration extended with reason SQL generic sql with comments injection attempt - GET parameter - Web Attacks (IP=101,US) | updated b
45.33.83.104	32	AR	None	2021-07-08 00:00:00	2021-10-06 00:00:00	None	SQL injection- 6 HR WEB ATTACK (IP=104,US)
45.33.83.194	32	RW	None	2021-07-08 00:00:00	2021-10-06 00:00:00	None	SERVER-WEBAPP Ruby on Rails render file directory traversal attempt - Web Attacks (IP=194,US)
45.33.83.218	32	AR	None	2021-07-08 00:00:00	2021-10-06 00:00:00	None	SERVER-WEBAPP generic SQL select statement possible sql injection - 6 HR WEB ATTACK (IP=218,US)
45.33.83.241	32	KH	None	2021-07-08 00:00:00	2021-10-06 00:00:00	None	HTTP: Apache Struts2 Remote Command Execution Vulnerability - TT# 21C01414 (IP=241,US)
45.33.83.241	24	RW	None	2021-07-08 00:00:00	2021-07-08 00:00:00	None	SQL injection - Web Attacks (IP=241,US) | block removed - duplicate to 45.33.83.241/32
45.33.84.129	32	BMP	None	2021-09-09 00:00:00	2021-12-08 00:00:00	None	SERVER-WEBAPP Atlassian Confluence OGNL injection remote code execution attempt (1:58094:1) - SourceFire (IP=129, US)
45.33.84.33	32	RR	None	2021-09-09 00:00:00	2021-12-09 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - TT# 21C01797 (IP=33,US) | updated by BB Block expiration extended with reason HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=33,US)
45.33.84.7	32	ZH	None	2021-07-19 00:00:00	2021-10-17 00:00:00	None	HTTP Request Brute Force Attack - 6hr Failed Logons (IP=7,US)
45.33.88.47	32	UA	None	2021-07-08 00:00:00	2021-10-06 00:00:00	None	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script - TT# 21C01410 (IP=47,US)
45.33.88.52	32	AR	None	2021-07-08 00:00:00	2021-10-06 00:00:00	None	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script - IR# 21C01411 (IP=52,US)
45.33.88.59	32	BB	None	2021-08-07 00:00:00	2021-11-05 00:00:00	None	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - TT# 21C01525 (IP=59,US)
45.33.88.68	32	BMP	None	2021-08-23 00:00:00	2021-11-21 00:00:00	None	SERVER-WEBAPP Apache Tomcat FileStore directory traversal attempt - 6hr Web Attacks (IP=68,US)
45.33.88.75	32	KH	None	2021-07-08 00:00:00	2021-10-06 00:00:00	None	HTTP: Apache Struts2 XML Deserialization Remote Code Execution (CVE-2017-9805) - IR# 21C01415 (IP=75,US)
45.33.89.177	32	BMP	None	2021-05-25 00:00:00	2021-08-23 00:00:00	None	SERVER-WEBAPP Netgear passwordrecovered.cgi insecure admin password disclosure attempt (1:41504:3) - SourceFire (IP=177,US)
45.33.9.178	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	US TO-S-2020-0750 Malware Activity
45.33.91.150	32	BMP	None	2021-02-02 00:00:00	2021-05-02 00:00:00	None	SQL injection - 6hr Web Attacks (IP=150,US)
45.33.92.155	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	US TO-S-2020-0298 Malware Activity
45.33.93.120	32	BMP	None	2021-08-23 00:00:00	2021-11-21 00:00:00	None	HTTP: PHP File Upload Vulnerability Detected - = (IP=120,US)
45.33.94.192	32	BMP	None	2021-09-09 00:00:00	2021-12-08 00:00:00	None	SERVER-WEBAPP Atlassian Confluence OGNL injection remote code execution attempt (1:58094:1) - SourceFire (IP=192, US)
45.33.94.203	32	BMP	None	2021-08-23 00:00:00	2021-11-21 00:00:00	None	SERVER-WEBAPP WordPress Yuzo Related Posts plugin cross site scripting attempt - 6hr Web Attacks (IP=203,US)
45.33.94.206	32	AR	None	2021-08-23 00:00:00	2021-11-21 00:00:00	None	SERVER-WEBAPP Cisco ASA cross site scripting attempt (1:57857:1) - SourceFire Report (IP=206,US)
45.33.95.242	32	SW	None	2021-06-04 00:00:00	2021-09-04 00:00:00	None	HTTP: Apache Struts2 Remote Command Execution Vulnerability - TT# 21C01264 (IP=242,US) | updated by RR Block expiration extended with reason SERVER-WEBAPP Microsoft Exchange Server server side request forgery attempt - Web Attacks (IP=242,US)
45.36.166.127	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=127,US)
45.4.252.3	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	AR TO-S-2020-0298 Malicious Email Activity
45.40.137.238	32	TLM	None	2021-06-17 00:00:00	2021-12-17 00:00:00	None	HIVE Case #5644 TO-S-2021-1352 (IP=238,US)
45.40.145.151	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	US TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
45.40.146.28	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	US TO-S-2020-0750 Malicious Email Activity
45.40.146.38	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=38,US)
45.40.165.16	32	dbc	None	2020-09-17 00:00:00	2021-09-17 00:00:00	None	US TO-S-2020-0805 Malicious Email Activity
45.40.166.136	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
45.40.166.18	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	US TO-S-2020-0493 Malware Activity
45.40.166.21	32	RW	None	2020-02-10 00:00:00	2021-05-07 00:00:00	None	SQL 1 = 1 - possible sql injection attempt - 6hr web attacks (IP=21,US) | updated by dbc Block expiration extended with reason US TO-S-2020-0493 Malware Activity
45.40.166.33	32	BMP	None	2020-01-31 00:00:00	2021-04-23 00:00:00	None	SQL use of sleep function with and - likely SQL injection - SourceFire (IP=33,US) | updated by dbc Block expiration extended with reason US TO-S-2020-0459 Malware Activity
45.40.182.1	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=1,US)
45.5.145.0	24	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	BR TO-S-2020-0331 Malicious Web Application Activity
45.5.208.0	22	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	BR TO-S-2020-0303 Malicious Email Activity
45.5.36.0	23	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	BR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
45.5.36.18	24	JKC	None	2021-08-30 00:00:00	2021-11-28 00:00:00	None	HIVE Case #NA AC HUNTER Malicious websites (IP=18,BR)
45.5.36.18	24	JKC	None	2021-08-30 00:00:00	2021-11-28 00:00:00	None	HIVE Case #NA AC HUNTER Malicious websites (IP=18,BR) HIVE Case #NA AC HUNTER Malicious websites (IP=18,BR)
45.5.66.117	32	GM	None	2020-11-28 00:00:00	2021-02-28 00:00:00	None	SSLv2 Client Hello Request Detected - FireEye CMS (IP=117,US)
45.50.17.37	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	US TO-S-2020-0298 Malicious Email Activity
45.50.32.66	32	RW	None	2020-11-09 00:00:00	2021-02-09 00:00:00	None	Authentication Failed - 6hr Failed Logon (IP=66,US)
45.51.218.136	32	BMP	None	2021-01-14 00:00:00	2021-04-14 00:00:00	None	SSH User Authentication Brute Force Attempt - 6hr Failed Logons (IP=136,US)
45.55.148.61	32	DT	None	2021-04-16 00:00:00	2021-07-15 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr web attacks (IP=61,US)
45.55.155.237	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	US TO-S-2020-0493 Malware Activity
45.55.224.230	32	RW	None	2021-04-10 00:00:00	2021-09-19 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Sourcefire (IP=230,US) | updated by RR Block expiration extended with reason SERVER-WEBAPP PHPUnit PHP remote code execution attempt - SourceFire (IP=230,US)
45.55.36.203	32	BMP	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=203,US)
45.55.42.73	32	BMP	None	2021-04-30 00:00:00	2021-07-29 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=73,US)
45.55.47.128	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
45.55.48.30	32	KH	None	2021-06-28 00:00:00	2021-09-26 00:00:00	None	SQL injection - 6hr Web Attacks (IP=30,US)
45.55.50.22	32	RB	None	2021-05-09 00:00:00	2021-08-07 00:00:00	None	SQL injection - 6hr web attacks (IP=22,US)
45.55.53.80	32	RW	None	2021-06-17 00:00:00	2021-09-15 00:00:00	None	SERVER-ORACLE Oracle WebLogic Server remote code execution attempt (A-type) - SourceFire (IP=80,US)
45.55.54.211	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
45.55.60.213	32	BMP	None	2021-06-10 00:00:00	2021-09-08 00:00:00	None	SQL injection - 6hr Web Attacks (IP=213,US)
45.55.61.55	32	EE	None	2021-01-10 00:00:00	2021-04-11 00:00:00	None	Hive Case #4745 (IP=55,US) | updated by BMP Block expiration extended with reason Backdoor.TROCHILUS - Hive Case 4744 (IP=55,US)
45.55.82.2	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malware Activity
45.55.84.71	32	RT	None	2021-07-01 00:00:00	2021-09-29 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6 HR Web Attacks (IP=71,US)
45.55.91.247	32	CR	None	2021-05-05 00:00:00	2021-08-20 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6 hr Web Attacks (IP=247,US) | updated by RB Block expiration extended with reason HTTP: PHPUnit Remote Code Execution Vulnerability - 6hr web attacks (IP=247,US)
45.55.93.245	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	US TO-S-2020-0493 Malware Activity
45.56.101.233	32	BMP	None	2021-02-02 00:00:00	2021-05-02 00:00:00	None	SQL injection - 6hr Web Attacks (IP=233,US)
45.56.104.116	32	RT	None	2021-09-01 00:00:00	2021-11-30 00:00:00	None	Multiple IP Block/HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - TT# 21C01731 (IP=116,US)
45.56.104.71	32	RT	None	2021-09-01 00:00:00	2021-11-30 00:00:00	None	Multiple IP Block/HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - TT# 21C01731 (IP=71,US)
45.56.105.53	32	BMP	None	2021-02-02 00:00:00	2021-05-02 00:00:00	None	SQL injection - 6hr Web Attacks (IP=53,US)
45.56.109.182	32	CR	None	2021-05-19 00:00:00	2021-08-18 00:00:00	None	SQL injection - Web Attacks (IP=182,US)
45.56.109.203	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	US TO-S-2020-0493 Malware Activity
45.56.111.47	32	RR	None	2021-09-09 00:00:00	2021-12-08 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - TT# 21C01796 (IP=47,US)
45.56.119.228	32	DT	None	2021-01-07 00:00:00	2021-04-07 00:00:00	None	File /etc/passwd Access Attempt Detect - IPS Events (IP=72,US)
45.56.223.75	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	CA Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
45.56.79.23	32	NAB	None	2021-03-03 00:00:00	2021-06-01 00:00:00	None	HIVE Case #NA FP Security (IP=23,US)
45.56.84.93	32	WR	None	2021-05-27 00:00:00	2021-08-25 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4)- SourceFire (IP=93,US)
45.56.90.41	32	CR	None	2021-05-12 00:00:00	2021-08-10 00:00:00	None	SQL injection - Web Attacks (IP=41,US)
45.56.93.115	32	RT	None	2021-05-27 00:00:00	2021-08-25 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire Report (IP=115,US)
45.57.50.73	32	dbc	None	2020-05-22 00:00:00	2021-05-27 00:00:00	None	Unafilliated TO-S-2020-0559 Malicious Email Activity | updated by dbc Block expiration extended with reason Unafilliated TO-S-2020-0559.01 Malicious Email Activity
45.58.125.194	32	RR	None	2021-02-27 00:00:00	2021-05-28 00:00:00	None	Unauthorized Access-Probe / UDP: Host Sweep - TT# 21C00532 (IP=194,US)
45.58.142.2	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=2,US)
45.58.142.39	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	US TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
45.58.143.12	32	kmw	None	2020-01-02 00:00:00	2021-01-02 00:00:00	None	NL TO-S-2020-0228 Malicious Email Activity
45.58.143.20	32	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	NL TO-S-2020-0315 Malicious Email Activity
45.58.143.33	32	wmp	None	2020-09-22 00:00:00	2021-10-29 00:00:00	None	HIVE Case #3941 TO-S-2020-0821 COLS-NA-TIP-20-0298 (IP=33,US) | updated by dbc Block expiration extended with reason NL Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
45.58.44.55	32	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	US TO-S-2020-0315 Malware Activity
45.6.228.0	22	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	BR TO-S-2020-0303 Malicious Email Activity
45.6.24.251	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=251,BR)
45.6.25.187	32	wmp	None	2021-04-30 00:00:00	2021-07-30 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=187,BR)
45.60.22.20	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
45.60.33.183	32	wmp	None	2020-07-13 00:00:00	2021-10-27 00:00:00	None	HIVE Case #3289 COLS-NA-TIP-20-0211.(IP=183,US) | updated by TLM Block was inactive. Reactivated on 20210729 with reason HIVE Case #5884 TO-S-2021-1435 (IP=183,US)
45.61.136.13	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	US Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
45.61.136.32	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	US TO-S-2020-0331 Malware Activity
45.61.138.170	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	GB Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
45.61.138.171	32	NAB	None	2021-05-11 00:00:00	2021-11-11 00:00:00	None	HIVE Case #5422 DARKSIDE Ransomware (IP=171,GB)
45.61.146.240	24	FT	None	2021-02-18 00:00:00	2021-05-18 00:00:00	None	Self Report/Vulnerability Scan - TT# 21C00517 (IP=240,US)
45.61.146.240	32	CR	None	2021-01-06 00:00:00	2021-04-06 00:00:00	None	Nuclei Vulnerability Scanner - IPS Events (IP=240,US)
45.61.184.166	32	SW	None	2021-06-28 00:00:00	2021-09-26 00:00:00	None	ZmEu phpMyAdmin Vulnerability Scanner - IPS Events (IP=166,US)
45.61.185.207	32	RW	None	2021-08-17 00:00:00	2021-11-15 00:00:00	None	PROTOCOL-DNS DNS query amplification
45.61.185.253	32	TLM	None	2021-07-29 00:00:00	2021-10-27 00:00:00	None	HIVE Case #5884 TO-S-2021-1435 (IP=253,US)
45.61.186.22	32	BMP	None	2021-06-23 00:00:00	2021-09-21 00:00:00	None	Unauthorized Access-Probe - TT# 21C01357 (IP=22,US)
45.61.49.212	32	RB	None	2021-03-29 00:00:00	2021-06-27 00:00:00	None	Unauthorized Access-Probe - TT# 21C00901 (IP=212,DE)
45.61.51.147	32	GM	None	2021-03-09 00:00:00	2021-06-07 00:00:00	None	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00614 (IP=147,US)
45.62.216.18	24	FT	None	2020-10-18 00:00:00	2021-01-18 00:00:00	None	OS-OTHER Bash CGI environment variable injection attempt (1:31978:5) - SourceFire (IP=98,EG) - SourceFire (IP=18,CA)
45.63.41.113	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	NL TO-S-2020-0459 Malware Activity
45.64.185.0	24	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,TH)
45.64.8.2	24	SW	None	2021-06-17 00:00:00	2021-09-15 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - Failed Logons (IP=2,IN)
45.65.156.0	22	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	BR TO-S-2021-0941 Hive Case 4361 Malicious Web Application Activity
45.66.137.209	32	EE	None	2021-02-27 00:00:00	2021-05-27 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt - SourceFire (IP=209,US)
45.66.164.28	32	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	US TO-S-2020-0838 Malicious Email Activity
45.66.209.73	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	US TO-S-2020-0493 Malware Activity
45.67.14.22	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	GB Hive Case 4187 TO-S-2021-0898 Malicious Web Application Activity
45.67.15.141	32	dbc	None	2020-03-24 00:00:00	2021-03-24 00:00:00	None	US TO-S-2020-0369 Malicious Email Activity
45.67.228.199	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	NL Hive Case 4187 TO-S-2021-0898 Malicious Web Application Activity
45.67.228.39	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	NL Hive Case 4187 TO-S-2021-0898 Malicious Web Application Activity
45.67.229.220	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	MD Hive Case 4187 TO-S-2021-0898 Malicious Web Application Activity
45.67.231.128	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=128,NL)
45.67.231.175	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	NL Hive Case 4187 TO-S-2021-0898 Malicious Web Application Activity
45.7.156.0	22	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	BR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
45.7.228.0	22	NAB	None	2021-04-05 00:00:00	2021-07-04 00:00:00	None	HIVE Case #5201 TO-S-21-1209 (IP=0,CL)
45.70.112.0	22	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	BR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
45.70.136.0	22	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	BR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
45.70.176.0	22	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	BR TO-S-2020-0331 Malicious Web Application Activity
45.70.4.0	22	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	BR TO-S-2020-0303 Malicious Email Activity
45.71.141.40	24	BB	None	2021-07-31 00:00:00	2021-10-29 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt (1:19559:13) - SourceFire (IP=40,BR)
45.72.31.233	32	KH	None	2021-07-27 00:00:00	2021-10-25 00:00:00	None	Nmap Scanner Traffic Detected - FE IPS (IP=233,US)
45.72.81.142	32	KH	None	2021-07-27 00:00:00	2021-10-25 00:00:00	None	Nmap Scanner Traffic Detected - FE IPS (IP=142,US)
45.74.1.0	24	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	SA TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
45.74.14.19	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	AU Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
45.74.14.43	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	AU Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
45.74.14.9	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	GB TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
45.74.18.160	32	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	NI TO-S-2020-0838 Malicious Email Activity
45.74.22.10	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	DM TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
45.74.23.139	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	DO TO-S-2020-0303 Malicious Email Activity
45.76.138.182	32	TLM	None	2021-06-17 00:00:00	2021-12-17 00:00:00	None	HIVE Case #5644 TO-S-2021-1352 (IP=182,GB)
45.76.152.95	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	SG TO-S-2020-0459 Malware Activity
45.76.156.48	32	NAB	None	2020-10-30 00:00:00	2021-01-28 00:00:00	None	HIVE Case #4238 COLS-NA-TIP-20-0344 (IP=48,SG)
45.76.163.249	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=249,SG)
45.76.176.161	24	RW	None	2021-03-25 00:00:00	2021-06-25 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr web attacks (IP=161,SG)
45.76.187.56	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	SG TO-S-2020-0459 Malware Activity
45.76.188.118	32	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	SG TO-S-2020-0838 Malicious Email Activity
45.76.222.11	32	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	JP TO-S-2020-0838 Malicious Email Activity
45.76.43.38	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=38,NL)
45.76.84.36	32	NAB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HIVE Case #5136 TO-S-21-1197 TO-S-21-1197.01 (IP=36,DE)
45.76.98.218	32	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	JP TO-S-2020-0315 Malware Activity
45.77.106.218	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
45.77.138.197	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	NL TO-S-2020-0459 Malware Activity
45.77.138.221	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	NL TO-S-2020-0303 Malware Activity
45.77.160.249	32	dbc	None	2020-09-17 00:00:00	2021-09-17 00:00:00	None	US TO-S-2020-0805 Malicious Email Activity
45.77.161.227	32	RT	None	2021-07-10 00:00:00	2021-10-08 00:00:00	None	SERVER-WEBAPP Oracle-BI convert servlet XML external entity injection attempt (1:50773:1) - Sourcefire Report (IP=227,US)
45.77.170.85	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	SG TO-S-2020-0303 Malicious Web Application Activity
45.77.178.94	32	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	JP TO-S-2020-0838 Malicious Email Activity
45.77.183.104	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	JP TO-S-2020-0298 Malware Activity
45.77.198.159	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=159,US)
45.77.201.48	32	GLM	None	2021-04-05 00:00:00	2021-07-04 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=48,US)
45.77.207.166	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	US TO-S-2020-0303 Malicious Web Application Activity
45.77.229.125	32	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	GB TO-S-2020-0315 Malware Activity
45.77.242.25	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	SG TO-S-2020-0459 Malware Activity
45.77.243.69	32	dbc	None	2020-06-10 00:00:00	2021-06-10 00:00:00	None	SG TO-S-2020-0601 Malicious Reconnaissance Activity
45.77.246.234	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	SG TO-S-2020-0298 Malicious Email Activity
45.77.250.197	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	SG TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
45.77.254.181	32	wmp	None	2020-09-16 00:00:00	2021-10-29 00:00:00	None	HIVE Case #3909 COLS-NA-TIP-20-0296 (IP=181,SG) | updated by dbc Block expiration extended with reason SG Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
45.77.28.233	24	UA	None	2021-08-08 00:00:00	2021-11-06 00:00:00	None	rConfig SQL Injection Vulnerability - 6hr Web Attacks (IP=233,JP)
45.77.32.150	32	dbc	None	2020-08-26 00:00:00	2021-08-26 00:00:00	None	SG TO-S-2020-0758 Malicious Email Activity
45.77.35.9	32	wmp	None	2020-08-25 00:00:00	2021-10-08 00:00:00	None	HIVE Case #3649 COLS-NA-TIP-20-0268 (IP=9,SG) | updated by dbc Block expiration extended with reason HIVE Case #4064 TO-S-2020-0859 (IP=9,SG)
45.77.39.70	32	dbc	None	2020-01-08 00:00:00	2021-01-08 00:00:00	None	SG TO-S-2020-0236 Malicious Web Application Activity
45.77.40.25	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	SG Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
45.77.61.160	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	FR TO-S-2020-0493 Malware Activity
45.77.64.111	32	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5629 TO-S-2021-1303 (IP=111,DE)
45.77.65.12	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=12,DE)
45.77.77.222	32	KD	None	2021-08-10 00:00:00	2021-11-08 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2)- SourceFire (IP=222,US)
45.78.162.123	32	RB	None	2021-02-11 00:00:00	2021-05-12 00:00:00	None	BOT: Gumblar bot traffic detected - TT# 21C00489 (IP=123,CA)
45.79.101.221	32	UA	None	2021-09-29 00:00:00	2021-12-28 00:00:00	None	SQL injection - 6hr web attacks (IP=221,US)
45.79.109.33	32	RT	None	2021-05-27 00:00:00	2021-08-25 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire Report (IP=33,US)
45.79.110.191	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	US TO-S-2020-0750 Malware Activity
45.79.120.0	21	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	IN Hive Case 4237 TO-S-2021-0910 Malware Activity
45.79.122.40	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	IN Hive Case 4237 TO-S-2021-0910 Malware Activity
45.79.129.215	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	US TO-S-2020-0298 Malware Activity
45.79.129.226	32	RW	None	2021-03-06 00:00:00	2021-06-21 00:00:00	None	SERVER-WEBAPP TRUFFLEHUNTER TALOS-2019-0917 attack attempt - 6hr web attacks (IP=226,US) | updated by RR Block expiration extended with reason SERVER-WEBAPP vBulletin template rendering arbitrary PHP code execution attempt - Web Attacks (IP=226,US)
45.79.129.50	32	BMP	None	2021-05-25 00:00:00	2021-08-26 00:00:00	None	SQL injection - 6hr Web Attacks (IP=50,US) | updated by RR Block expiration extended with reason SQL injection - Web Attacks (IP=50,US)
45.79.133.56	32	RT	None	2021-05-27 00:00:00	2021-08-25 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire Report (IP=56,US)
45.79.135.114	32	RT	None	2021-09-01 00:00:00	2021-11-30 00:00:00	None	Multiple IP Block/HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - TT# 21C01731 (IP=114,US)
45.79.135.121	32	RT	None	2021-09-01 00:00:00	2021-11-30 00:00:00	None	Multiple IP Block/HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - TT# 21C01731 (IP=121,US)
45.79.135.127	32	RT	None	2021-09-01 00:00:00	2021-12-09 00:00:00	None	Multiple IP Block/HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - TT# 21C01731 (IP=127,US) | updated by BB Block expiration extended with reason HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=127,US)
45.79.135.146	32	RT	None	2021-09-01 00:00:00	2021-11-30 00:00:00	None	Multiple IP Block/HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - TT# 21C01731 (IP=146,US)
45.79.135.148	32	RT	None	2021-09-01 00:00:00	2021-11-30 00:00:00	None	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - TT# 21C01729 (IP=148,US)
45.79.135.149	32	RT	None	2021-09-01 00:00:00	2021-11-30 00:00:00	None	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - TT# 21C01723 (IP=149,US)
45.79.135.157	32	RR	None	2021-09-09 00:00:00	2021-12-09 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - TT# 21C01794 (IP=157,US) | updated by BB Block expiration extended with reason SQL injection - Web Attacks (IP=157,US)
45.79.135.191	32	BMP	None	2021-04-27 00:00:00	2021-07-26 00:00:00	None	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt (1:41420:2) - SourceFire (IP=191,US)
45.79.135.46	32	RT	None	2021-09-01 00:00:00	2021-11-30 00:00:00	None	Multiple IP Block/HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - TT# 21C01731 (IP=46,US)
45.79.135.50	32	RT	None	2021-09-01 00:00:00	2021-11-30 00:00:00	None	Multiple IP Block/HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - TT# 21C01731 (IP=50,US)
45.79.135.63	32	RT	None	2021-09-01 00:00:00	2021-12-08 00:00:00	None	Multiple IP Block/HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - TT# 21C01731 (IP=63,US) | updated by BMP Block expiration extended with reason SERVER-WEBAPP Atlassian Confluence OGNL injection remote code execution attempt (1:58094:1) - SourceFire (IP=63, US)
45.79.135.64	32	RT	None	2021-09-01 00:00:00	2021-11-30 00:00:00	None	Multiple IP Block/HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - TT# 21C01731 (IP=64,US)
45.79.135.70	32	RT	None	2021-09-01 00:00:00	2021-11-30 00:00:00	None	Multiple IP Block/HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - TT# 21C01731 (IP=70,US)
45.79.135.75	32	RT	None	2021-09-01 00:00:00	2021-11-30 00:00:00	None	Multiple IP Block/HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - TT# 21C01731 (IP=75,US)
45.79.141.67	32	CR	None	2021-05-19 00:00:00	2021-08-26 00:00:00	None	SQL injection - Web Attacks (IP=67,US) | updated by BMP Block expiration extended with reason SQL injection - 6hr Web Attacks (IP=67,US) | updated by RR Block expiration extended with reason SERVER-WEBAPP VMware vRealize Operations Manager SSRF attem
45.79.144.96	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	US TO-S-2020-0493 Malware Activity
45.79.145.102	32	KH	None	2021-08-17 00:00:00	2021-11-15 00:00:00	None	HTTP: Apache Struts2 XML Deserialization Remote Code Execution (CVE-2017-9805) - IR# 21C01567 (IP=102,US)
45.79.145.126	32	KH	None	2021-08-17 00:00:00	2021-11-15 00:00:00	None	HTTP: Apache Struts2 XML Deserialization Remote Code Execution (CVE-2017-9805) - IR# 21C01567 (IP=126,US)
45.79.145.175	32	KH	None	2021-08-17 00:00:00	2021-11-15 00:00:00	None	HTTP: Apache Struts2 XML Deserialization Remote Code Execution (CVE-2017-9805) - IR# 21C01567 (IP=175,US)
45.79.145.193	32	KH	None	2021-08-17 00:00:00	2021-11-15 00:00:00	None	HTTP: Apache Struts2 XML Deserialization Remote Code Execution (CVE-2017-9805) - IR# 21C01567 (IP=193,US)
45.79.145.196	32	KH	None	2021-08-17 00:00:00	2021-11-15 00:00:00	None	HTTP: Apache Struts2 XML Deserialization Remote Code Execution (CVE-2017-9805) - IR# 21C01567 (IP=196,US)
45.79.145.248	32	DT	None	2021-08-16 00:00:00	2021-11-14 00:00:00	None	HTTP: Apache Struts2 Remote Command Execution Vulnerability - TT# 21C01562 (IP=248,US)
45.79.145.4	32	KH	None	2021-08-17 00:00:00	2021-11-15 00:00:00	None	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - IR# 21C01565 (IP=4,US)
45.79.146.48	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	US TO-S-2020-0750 Malware Activity
45.79.151.101	32	KH	None	2021-08-17 00:00:00	2021-11-15 00:00:00	None	HTTP: Apache Struts2 XML Deserialization Remote Code Execution (CVE-2017-9805) - IR# 21C01567 (IP=101,US)
45.79.151.241	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	US TO-S-2020-0750 Malware Activity
45.79.151.57	32	DT	None	2021-08-16 00:00:00	2021-11-14 00:00:00	None	HTTP: Apache Struts2 XML Deserialization Remote Code Execution - TT# 21C01564 (IP=57,US)
45.79.151.62	32	KH	None	2021-08-17 00:00:00	2021-11-15 00:00:00	None	HTTP: Apache Struts2 XML Deserialization Remote Code Execution (CVE-2017-9805) - IR# 21C01567 (IP=62,US)
45.79.155.22	32	BMP	None	2021-02-02 00:00:00	2021-05-02 00:00:00	None	SQL injection - 6hr Web Attacks (IP=22,US)
45.79.155.234	32	AR	None	2021-08-23 00:00:00	2021-11-21 00:00:00	None	SERVER-WEBAPP Apache Struts remote code execution attempt (1:47649:1) - SourceFire Report (IP=234,US)
45.79.155.29	32	BMP	None	2021-08-23 00:00:00	2021-11-21 00:00:00	None	SERVER-WEBAPP WP plugin Localize My Post directory traversal attempt – 6hr Web Attacks (IP=29,US)
45.79.156.51	32	CR	None	2021-05-19 00:00:00	2021-08-18 00:00:00	None	SQL injection - Web Attacks (IP=51,US)
45.79.157.155	32	BMP	None	2021-02-02 00:00:00	2021-05-02 00:00:00	None	SQL injection - 6hr Web Attacks (IP=155,US)
45.79.16.27	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	US TO-S-2020-0298 Malware Activity
45.79.161.215	32	BMP	None	2020-11-04 00:00:00	2021-12-18 00:00:00	None	SERVER-WEBAPP Cisco ASA directory traversal attempt - SourceFire (IP=215,US) | updated by dbc Block was inactive. Reactivated on 20201218 with reason US TO-S-2021-1007 Malicious Reconnaissance Activity
45.79.163.130	32	AR	None	2021-08-29 00:00:00	2021-11-27 00:00:00	None	UDS-ColdFusion_logintowizard_RC7261 TT# 21C01642 (IP=130,US)
45.79.163.157	32	AR	None	2021-08-29 00:00:00	2021-11-27 00:00:00	None	UDS-ColdFusion_logintowizard_RC7261 TT# 21C01647 (IP=157,US)
45.79.163.204	32	AR	None	2021-08-29 00:00:00	2021-11-27 00:00:00	None	SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1272 attack attempt - 6hr Web Attack (IP=204,US)
45.79.163.98	32	AR	None	2021-08-29 00:00:00	2021-11-27 00:00:00	None	SERVER-WEBAPP Cisco ASA cross site scripting attempt - 6hr Web Attack (IP=98,US)
45.79.170.59	32	ZH	None	2021-07-24 00:00:00	2021-10-22 00:00:00	None	POLICY-OTHER Adobe ColdFusion admin interface access attempt - 6hr Web Attacks (IP=59,US)
45.79.171.160	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	US TO-S-2020-0750 Malware Activity
45.79.171.202	32	RT	None	2021-09-01 00:00:00	2021-11-30 00:00:00	None	Multiple IP Block/HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - TT# 21C01731 (IP=202,US)
45.79.171.239	32	RT	None	2021-09-01 00:00:00	2021-11-30 00:00:00	None	Multiple IP Block/HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - TT# 21C01731 (IP=239,US)
45.79.171.27	32	RW	None	2021-09-01 00:00:00	2021-11-30 00:00:00	None	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - TT# 21C01718 (IP=27,US)
45.79.172.5	32	RW	None	2021-04-19 00:00:00	2021-07-19 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=5,US)
45.79.173.247	32	AR	None	2021-08-29 00:00:00	2021-11-27 00:00:00	None	SERVER-WEBAPP Cisco ASA cross site scripting attempt (1:57857:1) - SourceFire Report (IP=247,US)
45.79.173.251	32	AR	None	2021-08-29 00:00:00	2021-11-27 00:00:00	None	UDS-ColdFusion_logintowizard_RC7261 TT# 21C01648 (IP=251,US)
45.79.177.160	32	BMP	None	2021-06-04 00:00:00	2021-09-02 00:00:00	None	HTTP: SQL Injection - Exploit - 6hr Web Attacks (IP=160,US)
45.79.177.230	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	US TO-S-2020-0750 Malware Activity
45.79.177.44	32	BMP	None	2021-08-23 00:00:00	2021-11-21 00:00:00	None	SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1272 attack attempt - 6hr Web Attacks (IP=44,US)
45.79.181.97	32	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	US TO-S-2020-0838 Malicious Email Activity
45.79.182.113	32	ZH	None	2021-07-05 00:00:00	2021-10-03 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire Rpt (IP=113,US)
45.79.185.172	32	AR	None	2021-08-28 00:00:00	2021-11-26 00:00:00	None	UDS-ColdFusion_logintowizard_RC7261 TT# 21C01637 (IP=172,US)
45.79.185.211	32	ZH	None	2021-08-29 00:00:00	2021-11-27 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - TT# 21C01664 (IP=211,US)
45.79.185.212	32	ZH	None	2021-08-29 00:00:00	2021-11-27 00:00:00	None	UDS-ColdFusion_logintowizard_RC7261 - TT# 21C01657 (IP=212,US)
45.79.185.22	32	ZH	None	2021-08-28 00:00:00	2021-11-26 00:00:00	None	UDS-ColdFusion_logintowizard_RC7261 TT# 21C01630 (IP=22,US)
45.79.185.88	32	AR	None	2021-08-29 00:00:00	2021-11-27 00:00:00	None	UDS-ColdFusion_logintowizard_RC7261 TT# 21C016451 (IP=88,US)
45.79.187.193	32	BMP	None	2021-02-02 00:00:00	2021-05-02 00:00:00	None	SQL injection - 6hr Web Attacks (IP=193,US)
45.79.189.15	32	GM	None	2020-11-20 00:00:00	2021-02-20 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=15,US)
45.79.189.173	32	BMP	None	2021-02-02 00:00:00	2021-05-02 00:00:00	None	SQL injection - 6hr Web Attacks (IP=173,US)
45.79.19.34	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	US TO-S-2020-0298 Malicious Email Activity
45.79.190.199	32	DT	None	2021-09-01 00:00:00	2021-11-30 00:00:00	None	SQL injection - Web Attacks (IP=199,US)
45.79.190.229	32	DT	None	2021-09-01 00:00:00	2021-11-30 00:00:00	None	SQL injection - Web Attacks (IP=229,US)
45.79.190.238	32	DT	None	2021-09-01 00:00:00	2021-11-30 00:00:00	None	SQL injection - Web Attacks (IP=238,US)
45.79.190.253	32	DT	None	2021-09-01 00:00:00	2021-11-30 00:00:00	None	SQL injection - Web Attacks (IP=253,US)
45.79.194.96	32	KD	None	2021-07-13 00:00:00	2021-10-11 00:00:00	None	SERVER-WEBAPP vBulletin template rendering arbitrary PHP code execution attempt- Web Attacks (IP=96,US)
45.79.216.227	32	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	US TO-S-2020-0315 Malicious Email Activity
45.79.219.198	32	NAB	None	2020-10-30 00:00:00	2021-01-28 00:00:00	None	HIVE Case #4238 COLS-NA-TIP-20-0344 (IP=198,US)
45.79.228.135	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=135,US)
45.79.249.93	32	NAB	None	2020-10-30 00:00:00	2021-01-28 00:00:00	None	HIVE Case #4238 COLS-NA-TIP-20-0344 (IP=93,US)
45.79.26.207	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	US TO-S-2020-0493 Malware Activity
45.79.29.24	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	US TO-S-2020-0298 Malware Activity
45.79.37.197	32	ZH	None	2021-06-01 00:00:00	2021-08-30 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire Report (IP=197,US)
45.79.51.51	32	dbc	None	2020-09-23 00:00:00	2021-09-23 00:00:00	None	US TO-S-2020-0826 Hive Case 3950 Malicious Email Activity
45.79.75.81	32	RT	None	2021-05-27 00:00:00	2021-08-25 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire Report (IP=81,US)
45.79.76.236	32	RW	None	2020-12-27 00:00:00	2021-08-25 00:00:00	None	FTP Login Failed - 6 hr failed logons (IP=32,US) | updated by RT Block was inactive. Reactivated on 20210527 with reason INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire Report (IP=236,US)
45.79.77.161	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	US TO-S-2020-0750 Malware Activity
45.79.77.20	32	NAB	None	2021-05-11 00:00:00	2021-11-11 00:00:00	None	HIVE Case #NA FP Security (IP=20,US)
45.79.77.87	32	RT	None	2021-05-27 00:00:00	2021-08-25 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire Report (IP=87,US)
45.79.80.153	32	RT	None	2021-05-27 00:00:00	2021-08-25 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire Report (IP=153,US)
45.79.82.183	32	RR	None	2018-03-27 05:00:00	2021-08-16 00:00:00	None	ET POLICY Suspicious inbound to PostgreSQL port 5432 (IP=183,US) | updated by RR Block was inactive. Reactivated on 20200410 with reason TCP: SYN Host Sweep- ARCSight Sauron (IP=183,US) | updated by CR Block was inactive. Reactivated on 20210518 with
45.8.102.13	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	GB TO-S-2020-0331 Malicious Web Application Activity
45.80.104.0	22	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	RU Hive Case 4237 TO-S-2021-0910 Malware Activity
45.80.149.192	24	EE	None	2021-01-10 00:00:00	2021-04-10 00:00:00	None	HTTP: Firefuzzer SQL Injection Scanning II - 6 HR Web Attack (IP=192,RO)
45.81.16.0	22	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	IR TO-S-2020-0298 Malicious Email Activity
45.81.233.87	32	wmp	None	2021-05-10 00:00:00	2021-08-10 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=87,DE)
45.81.235.167	32	wmp	None	2021-05-13 00:00:00	2021-08-13 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=167,DE)
45.82.166.72	32	NAB	None	2020-10-30 00:00:00	2021-01-28 00:00:00	None	HIVE Case #4238 COLS-NA-TIP-20-0344 (IP=72,US)
45.82.179.28	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	Unaffiliated TO-S-2020-0535 Malicious Email Activity
45.82.88.0	22	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	BA TO-S-2020-0331 Malicious Web Application Activity
45.83.64.110	24	RT	None	2021-06-18 00:00:00	2021-09-16 00:00:00	None	Malicious Activity - TT# 21C01336 (IP=110,DE)
45.83.64.131	24	RT	None	2021-06-18 00:00:00	2021-09-16 00:00:00	None	Malicious Activity - TT# 21C01336 (IP=131,DE)
45.83.64.197	24	RT	None	2021-06-18 00:00:00	2021-09-16 00:00:00	None	Malicious Activity - TT# 21C01336 (IP=197,DE)
45.83.64.215	24	RT	None	2021-06-18 00:00:00	2021-09-16 00:00:00	None	Malicious Activity - TT# 21C01336 (IP=215,DE)
45.83.64.254	24	RT	None	2021-06-18 00:00:00	2021-09-16 00:00:00	None	Malicious Activity - TT# 21C01336 (IP=254,DE)
45.83.64.56	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	DE Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
45.83.65.217	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	DE Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
45.83.65.221	24	RT	None	2021-06-18 00:00:00	2021-09-16 00:00:00	None	Malicious Activity - TT# 21C01336 (IP=221,DE)
45.83.65.249	24	RT	None	2021-06-18 00:00:00	2021-09-16 00:00:00	None	Malicious Activity - TT# 21C01336 (IP=249,DE)
45.83.65.26	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	DE Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
45.83.65.39	24	RT	None	2021-06-18 00:00:00	2021-09-16 00:00:00	None	Malicious Activity - TT# 21C01336 (IP=39,DE)
45.83.65.60	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	DE Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
45.83.66.115	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	DE Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
45.83.66.137	24	RT	None	2021-06-18 00:00:00	2021-09-16 00:00:00	None	Malicious Activity - TT# 21C01336 (IP=137,DE)
45.83.66.186	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	DE Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
45.83.66.187	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	DE Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
45.83.66.198	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	DE Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
45.83.66.252	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	DE Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
45.83.66.50	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	DE Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
45.83.66.88	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	DE Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
45.83.66.97	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	DE Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
45.83.67.142	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	DE Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
45.83.67.225	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	DE Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
45.83.67.81	24	RT	None	2021-06-18 00:00:00	2021-09-16 00:00:00	None	Malicious Activity - TT# 21C01336 (IP=81,DE)
45.83.90.148	24	BMP	None	2021-02-11 00:00:00	2021-05-11 00:00:00	None	SQL injection - 6 HR Web Attacks (IP=148,FR)
45.84.0.0	24	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5629 TO-S-2021-1303 (IP=0,MD)
45.84.0.127	32	NAB	None	2021-05-11 00:00:00	2021-11-11 00:00:00	None	HIVE Case #5422 DARKSIDE Ransomware (IP=127,MD)
45.84.204.115	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	LT Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
45.85.216.124	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	DE Hive Case 4237 TO-S-2021-0910 Malware Activity
45.85.90.185	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=185,SG)
45.85.90.252	24	RW	None	2021-04-17 00:00:00	2021-07-17 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt - Sourcefire (IP=252,NL)
45.85.90.96	32	BMP	None	2021-02-28 00:00:00	2021-05-28 00:00:00	None	Unauthorized Access-Probe - TT# 21C00533 (IP=96,NL)
45.86.203.56	24	SW	None	2021-06-28 00:00:00	2021-09-26 00:00:00	None	SQL injection - Web Attacks (IP=56,NL)
45.86.70.31	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=31,US)
45.88.105.142	32	wmp	None	2020-09-03 00:00:00	2021-10-21 00:00:00	None	HIVE Case #3770 TO-S-2020-0779 COLS-NA-TIP-20-0280 (IP=142,US) | updated by dbc Block expiration extended with reason NL TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
45.88.13.0	24	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	HK TO-S-2020-0750 Malicious Email Activity
45.88.3.65	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	NL Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
45.88.52.0	22	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	RU Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
45.88.72.9	24	BMP	None	2021-03-30 00:00:00	2021-06-28 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=9,IL)
45.89.106.108	32	kmw	None	2020-01-02 00:00:00	2021-01-02 00:00:00	None	US TO-S-2020-0228 Malware Activity
45.89.124.118	32	wmp	None	2021-04-16 00:00:00	2021-07-16 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=118,DE)
45.89.124.122	32	wmp	None	2021-02-11 00:00:00	2021-05-11 00:00:00	None	Firepower Suspicious Scan Activity (IP=122,GB)
45.89.137.67	24	EE	None	2021-03-28 00:00:00	2021-06-26 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=67,IR)
45.89.173.197	32	RW	None	2020-10-21 00:00:00	2021-01-21 00:00:00	None	SERVER-WEBAPP Fortigate SSL VPN cross site scripting attempt - Sourcefire (IP=197,US)
45.89.191.16	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	NL TO-S-2020-0331 Malicious Email Activity
45.89.26.246	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=246,US)
45.9.251.182	24	BMP	None	2021-02-16 00:00:00	2021-05-15 00:00:00	None	SERVER-WEBAPP Cisco Ultra Services Framework command injection attempt - 6hr Web Attacks (IP=182,IT)
45.9.253.0	24	dbc	None	2020-09-17 00:00:00	2021-09-17 00:00:00	None	IR TO-S-2020-0805 Malware Activity
45.9.44.0	22	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=0,GE)
45.90.160.107	24	WR	None	2021-06-26 00:00:00	2021-09-24 00:00:00	None	SERVER-WEBAPP Wireless IP Camera WIFICAM information leak attempt - 6HR Web Attack (IP=107,BE)
45.90.216.113	24	FT	None	2021-01-29 00:00:00	2021-04-29 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=113,RU)
45.90.222.235	24	RR	None	2021-07-16 00:00:00	2021-10-14 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (IP=235,GB)
45.90.222.235	32	RT	None	2021-07-14 00:00:00	2021-10-12 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - Sourcefire Report (IP=235,US)
45.90.72.0	22	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	US TO-S-2020-0303 Malicious Email Activity
45.91.101.18	32	GM	None	2021-03-09 00:00:00	2021-06-07 00:00:00	None	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00655 (IP=18,DE)
45.91.21.13	24	SW	None	2021-07-09 00:00:00	2021-10-07 00:00:00	None	SQL injection - Web Attacks (IP=13,NL)
45.91.225.234	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	KR TO-S-2021-1007 Malicious Email Activity
45.92.228.29	24	WR	None	2021-05-24 00:00:00	2021-08-22 00:00:00	None	Self Report / ColdFusion (1) - TT# 21C01202 (IP=29,NO)
45.92.228.37	32	RB	None	2021-05-17 00:00:00	2021-08-15 00:00:00	None	Self Report / ColdFusion Error - TT# 21C01180 (IP=37,NO)
45.92.33.2	24	EE	None	2021-01-09 00:00:00	2021-04-09 00:00:00	None	SERVER-WEBAPP WordPress Yuzo Related Posts plugin cross site scripting attempt (1:49796:1) - SourceFire (IP=2,GR)
45.92.9.74	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	US TO-S-2020-0535 Malware Activity
45.93.16.0	22	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	HK TO-S-2020-0331 Malicious Web Application Activity
45.93.201.109	32	wmp	None	2021-02-12 00:00:00	2021-05-12 00:00:00	None	ArcSight High Attacker (IP=109,RU)
45.93.201.121	32	wmp	None	2021-03-09 00:00:00	2021-06-09 00:00:00	None	ArcSight ESM High Attacker (IP=121,RU)
45.93.201.175	32	wmp	None	2021-06-10 00:00:00	2021-09-10 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=175,RU)
45.93.248.113	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	DE TO-S-2020-0493 Malware Activity
45.94.157.0	24	dbc	None	2020-09-23 00:00:00	2021-09-23 00:00:00	None	GB TO-S-2020-0826 Hive Case 3950 Malicious Email Activity
45.94.158.0	24	NAB	None	2021-04-05 00:00:00	2021-07-04 00:00:00	None	HIVE Case #5201 TO-S-21-1209 (IP=0,UA)
45.94.213.0	24	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	IR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
45.95.147.6	24	DT	None	2021-08-26 00:00:00	2021-11-24 00:00:00	None	Unauthorized Access-Probe/UDP: Host Sweep - IR# 21C01615
45.95.168.105	32	dbc	None	2020-09-17 00:00:00	2021-09-17 00:00:00	None	HR TO-S-2020-0805 Malicious Email Activity
45.95.168.106	32	dbc	None	2020-03-24 00:00:00	2021-03-24 00:00:00	None	HR TO-S-2020-0369 Malicious Email Activity
45.95.168.116	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	HR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
45.95.168.120	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	HR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
45.95.168.156	32	kmw	None	2020-01-02 00:00:00	2021-01-02 00:00:00	None	HR TO-S-2020-0228 Malicious Email Activity
45.95.168.70	32	dbc	None	2020-06-08 00:00:00	2021-06-08 00:00:00	None	Unafiliated TO-S-2020-0592 Malicious Email Activity
45.95.169.210	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepwer Suspicious Scan Activity (IP=210,HR)
45.95.171.154	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	HR TO-S-2020-0331 Malicious Email Activity
45.95.171.88	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	HR TO-S-2020-0331 Malicious Email Activity
45.95.228.0	22	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	OM Hive Case 4237 TO-S-2021-0910 Malware Activity
45.95.235.99	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=99,RU)
4556-f0b6d625107of03441c2cf7c5e1ac77e.webflow.io	---	TLM	None	2021-06-15 00:00:00	2021-09-13 00:00:00	2023-01-19 22:57:28	HIVE Case #5605 TO-S-2021-1338
46.1.1.100	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	TR TO-S-2020-0331 Malicious Web Application Activity
46.1.131.143	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	TR TO-S-2020-0303 Malicious Email Activity
46.1.14.38	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	TR TO-S-2020-0303 Malicious Email Activity
46.1.184.149	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	TR TO-S-2020-0331 Malicious Web Application Activity
46.1.190.198	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	TR TO-S-2020-0303 Malicious Email Activity
46.1.9.31	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	TR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
46.101.120.173	32	NAB	None	2020-11-09 00:00:00	2021-11-19 00:00:00	None	HIVE Case #4283 COLS-NA-TIP-20-0346 (IP=173,DE) | updated by dbc Block expiration extended with reason DE TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
46.101.126.61	32	NAB	None	2020-10-30 00:00:00	2021-11-19 00:00:00	None	HIVE Case #4238 COLS-NA-TIP-20-0344 (IP=61,DE) | updated by dbc Block expiration extended with reason DE TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
46.101.13.216	24	EE	None	2021-04-04 00:00:00	2021-07-03 00:00:00	None	HTTP: Apache Struts2 Remote Command Execution Vulnerability TT# 21C00960 (IP=216,GB)
46.101.159.120	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	DE TO-S-2020-0303 Malicious Email Activity
46.101.182.14	32	RW	None	2021-03-10 00:00:00	2021-06-10 00:00:00	None	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00663 (IP=14,DE)
46.101.184.105	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	DE Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
46.101.50.159	24	EE	None	2021-04-04 00:00:00	2021-07-03 00:00:00	None	HTTP: Apache Struts2 Remote Command Execution Vulnerability TT# 21C00961 (IP=159,GB)
46.101.84.165	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	GB TO-S-2020-0493 Malware Activity
46.102.152.102	24	EE	None	2021-09-20 00:00:00	2021-12-19 00:00:00	None	HIVE Case #6205 IOC_Solarmarker (IP=102,CH)
46.105.121.86	32	NAB	None	2021-02-16 00:00:00	2021-10-17 00:00:00	None	HIVE Case #NA FP Security (IP=86,FR) | updated by NAB Block was inactive. Reactivated on 20210719 with reason HIVE Case #NA FP Security (IP=86,FR) HIVE Case #NA FP Security (IP=86,FR)
46.105.121.86	32	NAB	None	2021-07-19 00:00:00	2021-10-17 00:00:00	None	HIVE Case #NA FP Security (IP=86,FR) | updated by NAB Block was inactive. Reactivated on 20210719 with reason HIVE Case #NA FP Security (IP=86,FR) HIVE Case #NA FP Security (IP=86,FR)
46.105.46.162	24	RR	None	2020-12-07 00:00:00	2021-03-07 00:00:00	None	SSH2 Failed Login Attempt - Failed Logons (IP=162,FR)
46.117.179.203	32	dbc	None	2020-09-17 00:00:00	2021-09-17 00:00:00	None	IL TO-S-2020-0805 Malicious activity
46.117.248.245	24	AR	None	2021-08-23 00:00:00	2021-11-21 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6hr Failed Logins (IP=245,IL)
46.121.22.11	24	RW	None	2021-05-14 00:00:00	2021-08-14 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - Failed Logons (IP=11,IL)
46.126.81.186	32	kmw	None	2020-01-02 00:00:00	2021-01-02 00:00:00	None	CH TO-S-2020-0228 Malicious Email Activity
46.136.183.179	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	ES TO-S-2020-0298 Malware Activity
46.137.172.5	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	Unaffiliated TO-S-2020-0535 Malicious Email Activity
46.137.254.88	24	GM	None	2021-03-09 00:00:00	2021-06-07 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=88,SG)
46.141.113.53	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	IT TO-S-2020-0535 Malware Activity
46.147.125.86	24	BMP	None	2021-04-11 00:00:00	2021-07-10 00:00:00	None	FTP Login Failed - 6hr Failed Logons (IP=86,RU)
46.150.0.0	19	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	UA Hive Case 4187 TO-S-2021-0898 Malicious Web Application Activity
46.150.94.186	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	GB TO-S-2020-0303 Malicious Email Activity
46.153.128.0	20	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=0,SA)
46.153.47.221	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	SA TO-S-2020-0535 Malware Activity
46.159.171.183	32	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	RU TO-S-2020-0838 Malware Activity
46.161.226.30	24	DT	None	2021-08-31 00:00:00	2021-11-29 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - Failed Logons (IP=30,SY)
46.163.168.26	24	WR	None	2021-06-27 00:00:00	2021-09-25 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (1:42857:3) - SourceFire (IP=26,RU)
46.164.198.48	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	RU TO-S-2020-0750 Malicious Email Activity
46.165.246.167	32	NAB	None	2021-01-22 00:00:00	2021-04-22 00:00:00	None	HIVE Case #NA FP Security (IP=167,DE)
46.166.128.144	32	NAB	None	2021-05-11 00:00:00	2021-11-11 00:00:00	None	HIVE Case #5422 DARKSIDE Ransomware (IP=144,NL)
46.166.128.159	32	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	NL TO-S-2020-0315 Malware Activity
46.166.128.224	32	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	NL TO-S-2020-0315 Malware Activity
46.166.129.213	24	FT	None	2021-03-01 00:00:00	2021-06-01 00:00:00	None	Unauthorized Access-Probe / UDP: Host Sweep - TT# 21C00538 (IP=213,NL)
46.166.129.235	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	NL TO-S-2020-0459 Malware Activity
46.166.129.241	32	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	NL TO-S-2020-0315 Malware Activity
46.166.139.111	24	RB	None	2021-05-15 00:00:00	2021-08-13 00:00:00	None	SQL injection - 6hr web attacks (IP=111,NL)
46.166.160.0	21	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,LT)
46.166.176.138	24	CR	None	2020-12-29 00:00:00	2021-03-29 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt - Sourcefire (IP=138,NL)
46.166.179.209	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	NL Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
46.166.182.70	32	wmp	None	2021-04-19 00:00:00	2021-07-19 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=70,NL)
46.17.107.154	32	wmp	None	2020-08-20 00:00:00	2021-09-17 00:00:00	None	HIVE Case #3601 COLS-NA-TIP-20-0260 (IP=154,US) | updated by dbc Block expiration extended with reason US TO-S-2020-0805 Malicious Email Activity
46.17.7.175	32	NAB	None	2021-04-05 00:00:00	2021-07-04 00:00:00	None	HIVE Case #5201 TO-S-21-1209 (IP=175,NL)
46.170.248.138	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	PL Hive Case 4237 TO-S-2021-0910 Malware Activity
46.170.92.188	32	dbc	None	2020-05-22 00:00:00	2021-05-27 00:00:00	None	Unafilliated TO-S-2020-0559 Malicious Email Activity | updated by dbc Block expiration extended with reason Unafilliated TO-S-2020-0559.01 Malicious Email Activity
46.172.234.208	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	AD TO-S-2020-0331 Malicious Web Application Activity
46.174.22.23	24	GM	None	2021-03-27 00:00:00	2021-06-25 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=23,CZ)
46.174.239.98	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	PL TO-S-2020-0331 Malicious Web Application Activity
46.176.104.158	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	GR TO-S-2020-0298 Malicious Email Activity
46.177.59.219	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	GR TO-S-2020-0303 Malicious Email Activity
46.182.21.248	24	RB	None	2021-05-01 00:00:00	2021-08-13 00:00:00	None	WordPress Slider Revolution Plugin Local File Inclusion - FireEye IPS Events (IP=248,DE) | updated by RB Block expiration extended with reason SQL injection - 6hr web attacks (IP=248,DE)
46.182.7.90	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	FR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
46.182.80.0	21	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	UA TO-S-2021-1007 Unknown Malicious Activity
46.183.10.79	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	GB Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
46.184.61.0	24	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	SA Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
46.185.199.38	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	JO TO-S-2020-0535 Malware Activity
46.186.224.0	19	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	KW TO-S-2020-0838 Malware Activity
46.19.141.86	32	RW	None	2021-03-10 00:00:00	2021-06-10 00:00:00	None	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00663 (IP=86,CH)
46.19.38.63	32	TLM	None	2021-06-17 00:00:00	2021-12-17 00:00:00	None	HIVE Case #5644 TO-S-2021-1352 (IP=63,NL)
46.19.40.0	21	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	KZ TO-S-2020-0298 Malicious Email Activity
46.191.138.168	32	jkc	None	2020-06-26 00:00:00	2021-06-26 00:00:00	None	Case # 3146 - IOC_ CTO 20-172 malicious callback IP (ip=168,RU)
46.193.6.95	24	FT	None	2021-04-10 00:00:00	2021-07-09 00:00:00	None	SQL union select - possible sql injection attempt - GET parameter (1:13990:26) - SourceFire (IP=95,FR)
46.198.204.16	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	GR TO-S-2020-0331 Malicious Web Application Activity
46.2.226.222	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	TR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
46.20.146.37	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	TR Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
46.201.112.50	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=50,UA)
46.21.192.21	32	dbc	None	2020-05-13 00:00:00	2021-05-13 00:00:00	None	ES TO-S-2020-0503 Malicious Email Activity
46.21.209.83	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	ID Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
46.21.68.0	23	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	RU Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
46.212.101.194	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=194,NO)
46.22.112.0	20	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,SE)
46.221.47.194	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	TR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
46.229.174.40	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
46.229.177.183	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	TR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
46.23.184.111	32	srm	None	2021-01-29 00:00:00	2021-04-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=111,RU)
46.231.57.70	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	PL Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
46.232.251.191	32	DT	None	2021-03-14 00:00:00	2021-06-14 00:00:00	None	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00693 (IP=191,DE)
46.233.245.167	24	RR	None	2021-04-01 00:00:00	2021-07-01 00:00:00	None	FTP Login Failed (IP=167,RU)
46.236.86.115	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=115,SE)
46.243.179.115	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=115,NL)
46.243.254.0	24	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	RU TO-S-2020-0315 Malware Activity
46.246.164.126	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	GR TO-S-2020-0298 Malicious Email Activity
46.246.164.213	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	GR TO-S-2020-0331 Malicious Web Application Activity
46.246.3.253	32	RW	None	2020-10-11 00:00:00	2021-01-11 00:00:00	None	Known Attack Tool User Agent V2 / UDS-OpenVAS_RC8766 - TT# 21C00097 (IP=253,SE)
46.246.38.34	24	AR	None	2021-09-18 00:00:00	2021-12-21 00:00:00	None	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - TT#21C01882 (IP=34,SE)
46.248.182.185	32	jkc	None	2021-04-21 00:00:00	2021-10-21 00:00:00	None	Case # 5273 IOC_TO-S-2021-1233 Malicious callback IP
46.248.182.204	32	NAB	None	2021-04-05 00:00:00	2021-07-04 00:00:00	None	HIVE Case #5201 TO-S-21-1209 (IP=204,PL)
46.248.189.223	32	dbc	None	2020-01-08 00:00:00	2021-01-08 00:00:00	None	PL TO-S-2020-0236 Malicious Email Activity
46.249.32.208	32	wmp	None	2021-05-10 00:00:00	2021-08-10 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=208,NL)
46.249.38.241	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	NL TO-S-2020-0750 Malicious Email Activity
46.252.148.91	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	IT TO-S-2020-0459 Malware Activity
46.252.149.96	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	IT TO-S-2020-0459 Malware Activity
46.252.205.131	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	NL TO-S-2020-0459 Malware Activity
46.252.205.137	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	NL TO-S-2020-0459 Malware Activity
46.254.34.224	32	dbc	None	2020-09-17 00:00:00	2021-09-17 00:00:00	None	IT TO-S-2020-0805 Malicious Email Activity
46.27.17.80	24	EE	None	2021-01-15 00:00:00	2021-04-15 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6 HR Web Attack (IP=80,ES)
46.27.21.202	24	KH	None	2021-09-05 00:00:00	2021-12-04 00:00:00	None	Drupal Core CVE-2018-7600 Form Rendering Post_render RCE - FE IPS (IP=202,ES)
46.28.111.142	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	CZ TO-S-2021-0876 Hive Case 4166 Malware Activity
46.28.145.179	32	dbc	None	2020-06-10 00:00:00	2021-06-10 00:00:00	None	Unaffiliated TO-S-2020-0601 Malicious Email Activity
46.28.239.190	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	TR TO-S-2020-0331 Malicious Email Activity
46.28.239.205	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	TR TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
46.29.30.120	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	ES Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
46.30.213.241	32	NAB	None	2021-01-08 00:00:00	2021-04-08 00:00:00	None	HIVE Case #NA FP Security (IP=241,DK)
46.30.213.253	32	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	DK TO-S-2020-0315 Malware Activity
46.30.213.70	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	DK TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
46.30.215.186	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	DK TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
46.30.215.187	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	DK TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
46.30.215.4	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	DK TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
46.30.245.55	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	IT TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
46.31.101.33	32	BB	None	2021-09-19 00:00:00	2021-12-18 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 21C01895 (IP=33, US)
46.31.101.33	24	RT	None	2021-09-19 00:00:00	2021-12-18 00:00:00	None	Artica Web Proxy SQL Injection Vulnerability - 6HR WebAttack (IP=33,IL)
46.31.116.71	32	dbc	None	2020-09-23 00:00:00	2021-09-23 00:00:00	None	TR TO-S-2020-0826 Hive Case 3950 Malicious Service Distruption Activity
46.32.229.152	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	GB TO-S-2021-0876 Hive Case 4166 Malware Activity
46.32.240.43	32	NAB	None	2020-10-30 00:00:00	2021-01-28 00:00:00	None	HIVE Case #4238 COLS-NA-TIP-20-0344 (IP=43,GB)
46.32.240.47	32	NAB	None	2020-10-30 00:00:00	2021-01-28 00:00:00	None	HIVE Case #4238 COLS-NA-TIP-20-0344 (IP=47,GB)
46.32.73.78	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	RU TO-S-2020-0298 Malicious Email Activity
46.32.96.0	19	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	JO TO-S-2020-0750 Malicious Email Activity
46.33.201.228	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	ME Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
46.33.235.155	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	GB TO-S-2020-0303 Malicious Email Activity
46.34.128.0	23	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,RU)
46.35.118.250	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	ES Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
46.37.122.57	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	ES TO-S-2020-0303 Malicious Email Activity
46.37.172.159	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	GB TO-S-2020-0493 Malware Activity
46.37.24.88	24	EE	None	2021-01-15 00:00:00	2021-04-15 00:00:00	None	SERVER-WEBAPP LifeRay arbitrary Java object deserialization attempt - 6 HR Web Attack (IP=88,IT)
46.38.86.201	24	EE	None	2021-02-15 00:00:00	2021-05-15 00:00:00	None	SERVER-WEBAPP Atvise denial of service attempt - 6 HR Web Attacks (IP=201,SA)
46.39.157.81	24	RW	None	2021-05-20 00:00:00	2021-08-19 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - failed logons (IP=81,EE)
46.39.84.240	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	GB TO-S-2020-0303 Malicious Email Activity
46.4.105.230	24	RW	None	2021-03-06 00:00:00	2021-06-06 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt - Sourcefire (IP=230,DE)
46.4.68.58	24	BMP	None	2020-12-23 00:00:00	2021-03-23 00:00:00	None	HTTP: rConfig ajaxServerSettingsChk.php Command Injection Vulnerability - 6hr Web Attacks (IP=58,DE)
46.41.131.56	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	PL TO-S-2020-0331 Malicious Email Activity
46.41.138.124	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	PL TO-S-2020-0331 Malicious Email Activity
46.41.141.64	24	EE	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attack (IP=64,PL)
46.42.40.0	21	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	RU Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
46.44.248.97	24	BMP	None	2021-02-16 00:00:00	2021-05-16 00:00:00	None	SERVER-WEBAPP JBoss web console access attempt (1:24342:4) - SourceFire (IP=97,IT) | updated by RW Block expiration extended with reason SERVER-WEBAPP JBoss web console access attempt - Sourcefire (IP=97,IT)
46.45.15.0	24	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	RU Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
46.46.78.187	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	UA TO-S-2020-0298 Malicious Email Activity
46.53.184.0	21	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	BY TO-S-2021-0941 Hive Case 4361 Malicious Web Application Activity
46.53.248.0	21	TLM	None	2021-06-17 00:00:00	2021-12-17 00:00:00	None	HIVE Case #5644 TO-S-2021-1352 (IP=0,BY)
46.59.38.7	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	SE TO-S-2020-0535 Malware Activity
46.60.42.151	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	PS TO-S-2020-0331 Malicious Web Application Activity
46.63.112.229	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	UA TO-S-2020-0298 Malicious Email Activity
46.71.56.0	21	TLM	None	2021-07-29 00:00:00	2021-10-27 00:00:00	None	HIVE Case #5884 TO-S-2021-1435 (IP=0,AM)
46.99.158.137	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	AL TO-S-2020-0331 Malicious Web Application Activity
47.100.15.94	24	DT	None	2021-04-24 00:00:00	2021-07-24 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - 6hr web attacks (IP=94,CN)
47.100.186.192	24	EE	None	2020-11-19 00:00:00	2021-02-19 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vul - 6HR Web Attack (IP=192,CN)
47.100.187.95	24	GLM	None	2021-04-05 00:00:00	2021-07-04 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=95,CN)
47.100.199.165	24	RB	None	2020-11-16 00:00:00	2021-02-14 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Sourcefire (IP=165,CN)
47.100.218.113	24	RW	None	2021-03-25 00:00:00	2021-06-25 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=113,CN)
47.100.27.67	24	SW	None	2021-07-25 00:00:00	2021-10-23 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt (1:51395:1) - SourceFire (IP=67, CN)
47.100.32.89	32	srm	None	2021-04-07 00:00:00	2021-07-07 00:00:00	None	Firepower Suspicious Scan Activity (IP=89,CN)
47.100.61.47	24	EE	None	2021-03-27 00:00:00	2021-06-25 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=47,CN)
47.100.88.162	24	ZH	None	2021-08-21 00:00:00	2021-11-19 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=162,CN)
47.101.159.109	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=109,CN)
47.101.163.2	24	AR	None	2021-06-22 00:00:00	2021-09-20 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - 6 HR WEB ATTACK (IP=2,CN)
47.101.172.97	24	RR	None	2021-04-01 00:00:00	2021-06-30 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=97,CN)
47.101.197.7	24	RB	None	2021-07-01 00:00:00	2021-09-29 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Sourcefire (IP=7,CN)
47.101.199.28	32	RW	None	2021-09-28 00:00:00	2021-12-27 00:00:00	None	HTTP: Apache Struts 2 Remote Code Execution (CVE-2017-5638) - TT# 21C01979 (IP=28,CN)
47.101.220.233	24	RW	None	2021-04-18 00:00:00	2021-07-18 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web attacks (IP=233,CN)
47.102.128.98	24	BB	None	2021-08-02 00:00:00	2021-10-31 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attack (IP=98,CN)
47.102.143.46	24	RR	None	2021-05-30 00:00:00	2021-08-28 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - SourceFire (IP=46,CN)
47.102.195.202	24	GLM	None	2021-04-05 00:00:00	2021-07-04 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=202,CN)
47.102.196.35	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=35,CN)
47.102.223.198	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	CN TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
47.102.44.188	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=188,CN)
47.102.99.19	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	CN TO-S-2020-0331 Malicious Web Application Activity
47.103.113.8	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=8,CN)
47.103.114.176	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	CN TO-S-2020-0298 Malicious Email Activity
47.103.144.78	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	CN Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
47.103.158.240	32	wmp	None	2021-02-18 00:00:00	2021-05-18 00:00:00	None	Firepower Suspicious Scan Activity (IP=240,CN)
47.103.19.223	24	EE	None	2021-04-02 00:00:00	2021-07-01 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=223,CN)
47.103.195.34	24	RR	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=34,CN)
47.103.203.189	24	AR	None	2021-06-09 00:00:00	2021-09-07 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6 HR Web Attack (IP=189,CN)
47.103.203.189	32	srm	None	2021-02-05 00:00:00	2021-08-11 00:00:00	None	Firepower Suspicious Scan Activity (IP=189,CN) | updated by wmp Block was inactive. Reactivated on 20210511 with reason Palo Alto Suspicious Scan Activity (IP=189,CN)
47.103.54.80	32	srm	None	2021-05-19 00:00:00	2021-08-17 00:00:00	None	Firepower Suspicious Scan Activity (IP=80,CN)
47.103.60.147	32	srm	None	2021-04-07 00:00:00	2021-07-07 00:00:00	None	Firepower Suspicious Scan Activity (IP=147,CN)
47.103.94.253	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	CN TO-S-2020-0298 Malicious Email Activity
47.103.94.74	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	CN Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
47.104.170.76	24	KH	None	2021-07-12 00:00:00	2021-10-10 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - 6 hr Web Attacks (IP=76,CN)
47.104.184.125	24	AR	None	2021-09-30 00:00:00	2021-12-29 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - 6Hr Web Attacks (IP=125,CN)
47.104.199.100	24	AR	None	2021-09-18 00:00:00	2021-12-21 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 21C01881 (IP=100,CN)
47.104.252.193	24	RW	None	2021-09-30 00:00:00	2021-12-29 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - Sourcefire (IP=193,CN)
47.104.81.57	32	BB	None	2021-09-07 00:00:00	2021-12-06 00:00:00	None	HTTP: Apache Struts 2 Remote Code Execution (CVE-2017-5638) - TT# 21C01770 (IP=57,US)
47.105.32.167	24	BMP	None	2021-08-15 00:00:00	2021-11-13 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=167,CN)
47.106.235.21	24	KH	None	2021-07-21 00:00:00	2021-10-19 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6 hr Web Attacks (IP=21,CN)
47.106.249.22	32	NAB	None	2020-10-30 00:00:00	2021-01-28 00:00:00	None	HIVE Case #4238 COLS-NA-TIP-20-0344 (IP=22,CN)
47.106.88.122	24	RR	None	2021-06-20 00:00:00	2021-09-18 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=122,CN)
47.107.42.24	24	KD	None	2021-09-01 00:00:00	2021-12-01 00:00:00	None	PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841)- TT# 21C01710(IP=24,CN)
47.108.72.16	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	CN Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
47.108.92.68	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=68,CN)
47.110.125.71	24	RB	None	2021-03-24 00:00:00	2021-06-22 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - 6hr web attacks (IP=71 CN)
47.110.142.86	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=86,CN)
47.110.145.97	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	CN Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
47.110.156.88	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=88,CN)
47.110.156.88	24	RW	None	2021-05-17 00:00:00	2021-08-15 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=88,CN)
47.110.160.198	24	BMP	None	2021-04-02 00:00:00	2021-07-01 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=198,CN)
47.110.237.181	24	RB	None	2021-05-23 00:00:00	2021-08-21 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=181,CN)
47.110.239.250	24	RR	None	2021-05-13 00:00:00	2021-08-11 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=250,CN)
47.110.243.116	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	CN TO-S-2020-0298 Malicious Email Activity
47.110.254.132	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	CN Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
47.110.44.168	24	RB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr failed logons (IP=168,CN)
47.110.69.48	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=48,CN)
47.111.104.146	24	SW	None	2021-07-24 00:00:00	2021-10-22 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=146,CN)
47.111.12.216	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=216,CN)
47.111.184.246	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	CN TO-S-2020-0303 Malicious Email Activity
47.111.188.241	24	RT	None	2021-09-27 00:00:00	2021-12-26 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - Sourcefire Report (IP=241,CN)
47.111.190.221	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	CN TO-S-2020-0298 Malicious Email Activity
47.111.21.53	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=53,CN)
47.111.22.106	24	BMP	None	2021-06-16 00:00:00	2021-09-14 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=106,CN)
47.111.232.255	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	CN Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
47.111.31.61	24	KD	None	2021-06-07 00:00:00	2021-09-06 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=61,CN)
47.111.69.221	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=221,CN)
47.111.80.221	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	CN TO-S-2020-0331 Malicious Web Application Activity
47.111.9.229	32	wmp	None	2021-02-11 00:00:00	2021-05-11 00:00:00	None	Firepower Suspicious Scan Activity (IP=229,CN)
47.111.91.131	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=131,CN)
47.112.153.240	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	HIVE Case #Firepower Firepower (IP=240,CN)
47.112.156.198	24	CR	None	2021-05-11 00:00:00	2021-08-11 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks Report (IP=198,CN)
47.112.156.198	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=198,CN)
47.113.106.81	32	dbc	None	2020-03-24 00:00:00	2021-03-24 00:00:00	None	CN TO-S-2020-0369 Malicious Email Activity
47.113.108.45	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	HIVE Case #Firepower Firepower (IP=45,CN)
47.113.88.242	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	CN Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
47.114.106.102	24	FT	None	2021-03-27 00:00:00	2021-06-25 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=102,CN)
47.114.112.121	24	RW	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=121,CN)
47.114.113.18	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=18,CN)
47.114.114.56	24	RW	None	2021-04-18 00:00:00	2021-07-18 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web attacks (IP=56,CN)
47.114.115.147	32	wmp	None	2021-02-19 00:00:00	2021-05-19 00:00:00	None	Firepower Suspicious Scan Activity (IP=147,CN)
47.114.121.183	24	EE	None	2021-04-15 00:00:00	2021-07-14 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attack (IP=183,CN)
47.114.128.135	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=135,CN)
47.114.128.135	24	RR	None	2021-05-18 00:00:00	2021-08-16 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=135,CN)
47.114.129.89	24	EE	None	2021-04-06 00:00:00	2021-07-05 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attack (IP=89,CN)
47.114.158.190	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=190,CN)
47.114.184.146	24	KH	None	2021-08-06 00:00:00	2021-11-04 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=146,CN)
47.114.185.232	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	HIVE Case #Firepower Firepower (IP=232,CN)
47.114.87.110	24	UA	None	2021-07-10 00:00:00	2021-10-08 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=110,CN)
47.115.146.19	24	BMP	None	2021-08-07 00:00:00	2021-11-05 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=19,CN)
47.115.166.172	32	wmp	None	2021-03-01 00:00:00	2021-06-01 00:00:00	None	Firepower Suspicious Scan Activity (IP=172,CN)
47.115.168.129	24	GLM	None	2021-04-05 00:00:00	2021-07-04 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=129,CN)
47.115.31.125	24	BMP	None	2021-06-25 00:00:00	2021-09-23 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=125,CN)
47.115.33.199	24	DT	None	2021-03-25 00:00:00	2021-06-23 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=199,CN)
47.116.27.178	24	ZH	None	2021-09-21 00:00:00	2021-12-20 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - 6hr web attacks (IP=178,CN)
47.116.6.10	32	wmp	None	2021-04-23 00:00:00	2021-07-23 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=10,CN)
47.116.78.190	32	NAB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HIVE Case #5136 TO-S-21-1197 TO-S-21-1197.01 (IP=190,CN)
47.117.179.252	32	RR	None	2021-09-02 00:00:00	2021-12-01 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 21C01698 (IP=252,CN)
47.118.27.220	24	WR	None	2021-06-23 00:00:00	2021-09-22 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt (1:51395:1) - Sourcefire Report (IP=220,CN) | updated by ZH Block expiration extended with reason SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt (1:51395:1) - Sourcefire Rpt
47.118.48.140	24	FT	None	2021-04-14 00:00:00	2021-07-13 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=140,CN)
47.118.50.48	24	FT	None	2021-04-25 00:00:00	2021-07-25 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - 6hr web attacks (IP=48,CN)
47.119.135.79	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=79,CN)
47.119.158.96	24	RB	None	2021-05-15 00:00:00	2021-08-13 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - 6hr web attacks (IP=96,CN)
47.144.21.12	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malware Activity
47.145.220.114	32	AR	None	2021-09-28 00:00:00	2021-12-27 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6Hr Failed Logons (IP=114,US)
47.146.117.214	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malware Activity
47.15.1.58	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=58,IN)
47.180.189.177	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	US TO-S-2020-0298 Malicious Email Activity
47.180.61.91	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=91,US)
47.190.141.139	32	KD	None	2021-06-07 00:00:00	2021-09-06 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt- Web Attacks (IP=139,US)
47.195.1.77	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	US TO-S-2020-0493 Malware Activity
47.205.162.158	32	KF	None	2020-04-01 00:00:00	2021-05-21 00:00:00	None	BOT: Mirai Echobot Activity Detected - TT# 010420-00014 (IP=158,US) | updated by dbc Block expiration extended with reason US TO-S-2020-0535 Malware Activity
47.206.149.33	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=33,US)
47.214.172.52	32	DT	None	2020-10-08 00:00:00	2021-01-06 00:00:00	None	Known Attack Tool User Agent V2 / UDS-WhatWeb_RC8766 - TT# 21C00055 (IP=52,US)
47.24.17.0	24	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	HK TO-S-2020-0838 Malicious Email Activity
47.240.13.35	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	CN TO-S-2020-0750 Malicious Email Activity
47.241.10.178	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	CN Hive Case 4187 TO-S-2021-0898 Malicious Web Application Activity
47.241.106.243	32	wmp	None	2021-04-26 00:00:00	2021-07-26 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=243,SG)
47.241.145.0	32	wmp	None	2020-08-20 00:00:00	2021-10-08 00:00:00	None	HIVE Case #3601 COLS-NA-TIP-20-0260 (IP=0,US) | updated by dbc Block expiration extended with reason HIVE Case #4064 TO-S-2020-0859 (IP=0,US)
47.241.15.221	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	US TO-S-2020-0331 Malicious Email Activity
47.241.2.236	32	RKM	None	2020-06-29 00:00:00	2021-09-29 00:00:00	None	Hive 3176 APT infrastructure | updated by RKM Block expiration extended with reason APT Infrastructure - Hive 3176 (IP=236,US)
47.241.23.16	24	RR	None	2020-12-22 00:00:00	2021-03-22 00:00:00	None	SERVER-WEBAPP JBoss web console access attempt - Web Attacks (IP=16,CN)
47.241.6.215	32	dbc	None	2020-03-24 00:00:00	2021-03-24 00:00:00	None	HK TO-S-2020-0369 Malicious Email Activity
47.241.67.94	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=94,SG)
47.241.75.214	32	wmp	None	2020-08-13 00:00:00	2021-09-29 00:00:00	None	HIVE Case #3555 COLS-NA-TIP-20-0254 (IP=214,US) | updated by dbc Block expiration extended with reason CN TO-S-2020-0838 Malicious Email Activity
47.241.8.147	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	CN Hive Case 4187 TO-S-2021-0898 Malicious Web Application Activity
47.242.139.4	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	HK Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
47.242.218.143	24	RT	None	2021-06-16 00:00:00	2021-09-14 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6 HR WebAttack (IP=143,CN)
47.243.140.4	32	BB	None	2021-10-02 00:00:00	2021-12-31 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) TT# 22C00028 (IP=4,NL)
47.243.55.35	24	RB	None	2021-05-09 00:00:00	2021-08-14 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=35,HK) | updated by RW Block expiration extended with reason HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - web attacks (IP=35,HK)
47.244.9.128	32	jkc	None	2020-06-26 00:00:00	2021-06-26 00:00:00	None	Case # 3146 - IOC_ CTO 20-172 malicious callback IP (ip=128,US)
47.245.33.13	32	ZH	None	2021-08-28 00:00:00	2021-11-26 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) TT# 21C01628 (IP=13,US)
47.245.33.13	24	RW	None	2021-05-14 00:00:00	2021-08-14 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - web attacks (IP=13,JP)
47.246.17.182	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=182,US)
47.247.183.93	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	IR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
47.25.80.142	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	US TO-S-2020-0298 Malicious Email Activity
47.252.15.91	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	US TO-S-2020-0331 Malicious Email Activity
47.254.156.1	24	EE	None	2021-03-27 00:00:00	2021-06-25 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=1,DE)
47.254.195.54	24	RW	None	2021-09-27 00:00:00	2021-12-26 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - Web Attacks (IP=54,MY)
47.254.195.54	24	RW	None	2021-09-27 00:00:00	2021-12-26 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - Web Attacks (IP=54,MY)
47.254.251.58	24	BMP	None	2021-08-05 00:00:00	2021-11-03 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6hr Failed Logons (IP=58,MY)
47.29.151.236	32	wmp	None	2021-01-08 00:00:00	2021-04-08 00:00:00	None	Suspicious Scan Activity (IP=236,IN)
47.29.151.236	24	EE	None	2021-01-08 00:00:00	2021-04-08 00:00:00	None	Artica Web Proxy SQL Injection Vulnerability - 6 HR Web Attacks (IP=236,IN)
47.29.178.121	32	wmp	None	2021-01-08 00:00:00	2021-04-08 00:00:00	None	Suspicious Scan Activity (IP=121,IN)
47.29.240.100	32	TLM	None	2021-07-29 00:00:00	2021-10-27 00:00:00	None	HIVE Case #5884 TO-S-2021-1435 (IP=100,IN)
47.29.43.16	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	IN TO-S-2020-0750 Malicious Email Activity
47.29.85.209	24	GM	None	2021-02-12 00:00:00	2021-05-12 00:00:00	None	Nuclei Vulnerability Scanner - FireEyeCMS (IP=209,IN)
47.32.58.132	32	FT	None	2020-10-04 00:00:00	2021-01-04 00:00:00	None	Known Attack Tool User Agent V2 / UDS-WhatWeb_RC8766 - TT# 21C00026 (IP=132,US)
47.44.71.130	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=130,US)
47.47.76.226	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=226,US)
47.48.201.230	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	MULTIPLE UNRECOGNIZED TECHNIQUES; FORWARD TO DEV TEAM (IP=230,US)
47.56.114.152	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	HK Hive Case 4187 TO-S-2021-0898 Malicious Web Application Activity
47.56.226.232	32	dbc	None	2020-09-17 00:00:00	2021-09-17 00:00:00	None	HK TO-S-2020-0805 Malicious Email Activity
47.74.189.133	24	KD	None	2021-06-14 00:00:00	2021-09-13 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability- Web Attacks (IP=133,SG)
47.8.18.19	32	TLM	None	2021-07-29 00:00:00	2021-10-27 00:00:00	None	HIVE Case #5884 TO-S-2021-1435 (IP=19,IN)
47.8.59.211	24	EE	None	2021-03-17 00:00:00	2021-06-17 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt (1:19559:13) - SourceFire (IP=211,IN)
47.88.103.25	32	EE	None	2021-01-20 00:00:00	2021-04-20 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt (1:28556:3) - SourceFire (IP=25,US)
47.88.168.75	32	jkc	None	2020-06-26 00:00:00	2021-06-26 00:00:00	None	Case # 3146 - IOC_ CTO 20-172 malicious callback IP (ip=75,SG)
47.89.250.243	32	NAB	None	2020-10-30 00:00:00	2021-01-28 00:00:00	None	HIVE Case #4238 COLS-NA-TIP-20-0344 (IP=243,US)
47.9.103.36	24	FT	None	2020-10-18 00:00:00	2021-01-18 00:00:00	None	SERVER-WEBAPP QNAP NAS userConfig.cgi command injection attempt - Web Attacks (IP=36,IN)
47.9.116.37	24	BMP	None	2020-10-15 00:00:00	2021-01-13 00:00:00	None	SERVER-WEBAPP F5 BIG-IP Traffic Management User Interface remote code execution attempt - SourceFire (IP=37,IN)
47.9.139.28	24	RB	None	2020-10-15 00:00:00	2021-01-15 00:00:00	None	FTP Login Failed - 6hr failed logon (IP=28,IN)
47.9.183.218	32	FT	None	2020-10-14 00:00:00	2021-01-12 00:00:00	None	HTTP: Apache Tomcat PUT JSP File Upload (CVE-2017-12615 and CVE-2017-12617) - TT# 21C00120 (IP=218,IN)
47.9.183.218	24	RR	None	2020-10-14 00:00:00	2021-01-12 00:00:00	None	SERVER-WEBAPP F5 BIG-IP Traffic Management User Interface remote code execution attempt (1:54484:2) - SourceFire (IP=218,IN)
47.9.205.107	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=107,IN)
47.90.139.117	32	KH	None	2021-07-26 00:00:00	2021-10-24 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=117,US)
47.90.49.231	32	NAB	None	2020-10-28 00:00:00	2021-01-26 00:00:00	None	HIVE Case #4192 COLS-NA-TIP-20-0322 (IP=231,HK)
47.91.170.222	32	NAB	None	2020-10-28 00:00:00	2021-01-26 00:00:00	None	HIVE Case #4192 COLS-NA-TIP-20-0322 (IP=222,HK)
47.91.25.31	24	BMP	None	2021-03-25 00:00:00	2021-06-23 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - SourceFire (IP=31,JP)
47.92.128.111	24	DT	None	2020-11-07 00:00:00	2021-02-07 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - 6hr Web Attacks (IP=111,CN)
47.92.162.199	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=199,CN)
47.92.235.114	32	srm	None	2021-04-07 00:00:00	2021-07-07 00:00:00	None	Firepower Suspicious Scan Activity (IP=114,CN)
47.93.13.16	24	RB	None	2021-04-01 00:00:00	2021-06-30 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability - 6hr web attacks (IP=16,CN)
47.93.14.89	32	srm	None	2021-04-07 00:00:00	2021-07-07 00:00:00	None	Firepower Suspicious Scan Activity (IP=89,CN)
47.93.22.124	24	RB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr web attacks (IP=124,CN)
47.93.23.61	32	srm	None	2021-04-07 00:00:00	2021-07-07 00:00:00	None	Firepower Suspicious Scan Activity (IP=61,CN)
47.93.23.61	24	RB	None	2021-07-01 00:00:00	2021-09-29 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=61,CN)
47.93.53.64	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=64,CN)
47.93.6.226	24	RW	None	2021-03-25 00:00:00	2021-06-25 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Sourcefire (IP=226,CN)
47.93.9.221	24	RB	None	2021-05-15 00:00:00	2021-08-13 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - 6hr web attacks (IP=221,CN)
47.94.108.191	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=191,CN)
47.94.146.10	24	RW	None	2021-03-31 00:00:00	2021-06-30 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=10,CN)
47.94.146.113	32	AR	None	2021-09-30 00:00:00	2021-12-29 00:00:00	None	HTTP: Apache Struts 2 Remote Code Execution (CVE-2017-5638) - TT# 21C02010 (IP=113,CN)
47.94.147.125	24	RB	None	2021-04-01 00:00:00	2021-06-30 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=125,CN)
47.94.158.170	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=170,CN)
47.94.6.21	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=21,CN)
47.94.89.73	24	DT	None	2021-04-16 00:00:00	2021-07-15 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=73,CN)
47.94.91.183	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	HIVE Case #Firepower Firepower (IP=183,CN)
47.94.99.53	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	HIVE Case #Firepower Firepower (IP=53,CN)
47.95.124.101	24	FT	None	2021-03-30 00:00:00	2021-06-28 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=44,CN)
47.95.212.162	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=162,CN)
47.95.213.129	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=129,CN)
47.95.248.11	24	RT	None	2021-06-18 00:00:00	2021-09-17 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6HR Web Attacks (IP=11,CN) | updated by RR Block expiration extended with reason SERVER-WEBAPP PHPUnit PHP remote code execution attempt - SourceFire (IP=11,CN) SERVER-WEBAPP PHPUnit P
47.95.248.11	24	RR	None	2021-06-19 00:00:00	2021-09-17 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6HR Web Attacks (IP=11,CN) | updated by RR Block expiration extended with reason SERVER-WEBAPP PHPUnit PHP remote code execution attempt - SourceFire (IP=11,CN) SERVER-WEBAPP PHPUnit P
47.95.3.62	32	srm	None	2021-04-07 00:00:00	2021-07-07 00:00:00	None	Firepower Suspicious Scan Activity (IP=62,CN)
47.96.104.113	24	RB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr web attacks (IP=113,CN)
47.96.127.184	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=184,CN)
47.96.159.50	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=50,CN)
47.96.185.141	24	RR	None	2021-05-02 00:00:00	2021-07-31 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=141,CN)
47.96.233.138	24	BB	None	2021-08-06 00:00:00	2021-11-04 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - (IP=138,CN)
47.96.235.201	24	RT	None	2021-05-25 00:00:00	2021-08-23 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks(IP=201,CN)
47.96.66.110	32	wmp	None	2021-04-27 00:00:00	2021-07-27 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=110,CN)
47.97.159.47	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=47,CN)
47.97.20.205	24	RW	None	2021-05-02 00:00:00	2021-08-02 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web attacks (IP=205,CN)
47.97.212.172	24	BB	None	2021-08-01 00:00:00	2021-10-30 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=172,CN)
47.97.228.41	24	RB	None	2021-03-30 00:00:00	2021-06-28 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Sourcefire (IP=41,CN)
47.97.228.41	24	RB	None	2021-03-30 00:00:00	2021-06-28 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Sourcefire (IP=41,CN)
47.97.250.251	24	RT	None	2021-09-14 00:00:00	2021-12-13 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6HR WebAttack (IP=251,CN)
47.98.102.8	24	RB	None	2021-01-09 00:00:00	2021-04-09 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - 6hr web attack (IP=8,CN)
47.98.114.60	24	RR	None	2021-03-23 00:00:00	2021-06-21 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt (1:51395:1) -SourceFire (IP=60,CN)
47.98.118.202	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=202,CN)
47.98.183.147	24	KD	None	2021-09-04 00:00:00	2021-12-03 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt- Web Attacks (IP=147,CN)
47.98.201.221	24	GM	None	2020-12-27 00:00:00	2021-03-27 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Web Attacks (IP=221,CN)
47.98.41.124	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=124,CN)
47.99.107.43	32	srm	None	2021-04-07 00:00:00	2021-07-07 00:00:00	None	Firepower Suspicious Scan Activity (IP=43,CN)
47.99.108.220	24	RB	None	2021-03-29 00:00:00	2021-06-27 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - 6hr web attacks (IP=220,CN)
47.99.134.42	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=42,CN)
47.99.177.165	24	BB	None	2021-07-24 00:00:00	2021-10-22 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=165,CN)
47.99.46.121	24	CR	None	2021-04-30 00:00:00	2021-07-30 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - 6 hr failed logons (IP=121,CN)
49.0.123.11	24	RB	None	2021-04-05 00:00:00	2021-07-04 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr web attacks (IP=11,TH)
49.118.225.70	24	BMP	None	2021-03-23 00:00:00	2021-06-21 00:00:00	None	FTP Login Failed - 6hr Failed Logons (IP=70,CN)
49.12.15.189	24	SW	None	2021-05-19 00:00:00	2021-08-17 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=189,DE)
49.12.5.245	24	GM	None	2021-04-16 00:00:00	2021-07-16 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=245,DE)
49.130.121.235	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=235,HK)
49.142.208.138	24	RB	None	2021-05-10 00:00:00	2021-08-10 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=138,KR)
49.142.208.191	24	UA	None	2021-08-30 00:00:00	2021-11-28 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - TT# 21C01680 (IP=191,KR)
49.142.36.147	32	srm	None	2021-04-23 00:00:00	2021-07-22 00:00:00	None	Firepower Suspicious Scan Activity (IP=147,KR)
49.144.174.21	32	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5637 TO-S-2021-1321 (IP=21,PH)
49.144.206.193	24	RR	None	2021-06-05 00:00:00	2021-09-03 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - Failed Logons (IP=193,PH)
49.145.105.188	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	PH Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
49.145.105.191	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	PH Hive Case 4237 TO-S-2021-0910 Malware Activity
49.145.172.13	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=13,PH)
49.145.199.81	32	TLM	None	2021-06-17 00:00:00	2021-12-17 00:00:00	None	HIVE Case #5644 TO-S-2021-1352 (IP=81,PH)
49.145.5.220	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	PH Hive Case 4237 TO-S-2021-0910 Malware Activity
49.147.84.3	24	ZH	None	2021-06-28 00:00:00	2021-09-26 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6hr Failed Logons (IP=3,PH)
49.148.206.173	24	SW	None	2021-07-31 00:00:00	2021-10-29 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt (1:19559:13) - SourceFire (IP=173, PH)
49.148.249.108	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	PH TO-S-2021-1007 Unknown Malicious Activity
49.149.103.20	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	PH TO-S-2021-1007 Malware Activity
49.149.104.109	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	PH TO-S-2020-0331 Malware Activity
49.149.107.185	32	dbc	None	2020-06-10 00:00:00	2021-06-10 00:00:00	None	PH TO-S-2020-0601 Malicious Reconnaissance Activity
49.149.110.240	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=240,PH)
49.149.71.45	24	BMP	None	2021-01-08 00:00:00	2021-04-08 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6hr Failed Logons (IP=45,PH)
49.149.98.7	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	PH Hive Case 4237 TO-S-2021-0910 Malware Activity
49.15.88.243	24	RW	None	2020-12-05 00:00:00	2021-03-05 00:00:00	None	SERVER-WEBAPP Fortigate SSL VPN cross site scripting attempt - 6hr Failed Logon (IP=243,IN)
49.150.102.146	24	RR	None	2021-05-05 00:00:00	2021-08-03 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - SourceFire (IP=146,PH)
49.156.154.0	24	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	IN TO-S-2020-0315 Malicious Web Application Activity
49.156.32.0	20	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	KH TO-S-2020-0298 Malicious Email Activity
49.157.54.38	24	BB	None	2021-07-05 00:00:00	2021-10-03 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=38,PH)
49.158.200.43	24	RT	None	2021-07-14 00:00:00	2021-10-12 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - 6hr Web Attack (IP=43,TW)
49.172.105.220	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	KR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
49.204.226.157	24	RW	None	2021-02-03 00:00:00	2021-05-03 00:00:00	None	POLICY-OTHER SAP NetWeaver AS LM Configuration Wizard access detected - Sourcefire (IP=157,IN)
49.204.229.168	24	ZH	None	2021-07-20 00:00:00	2021-10-18 00:00:00	None	POLICY-OTHER Adobe ColdFusion component browser access attempt (1:25977:3) - Sourcefire Rpt (IP=168,IN)
49.204.230.142	24	RW	None	2021-07-05 00:00:00	2021-10-03 00:00:00	None	SQL injection - Web Attacks (IP=142,IN)
49.205.248.76	24	KH	None	2021-07-12 00:00:00	2021-10-10 00:00:00	None	SQL injection - 6 hr Web Attacks (IP=76,IN)
49.205.253.79	24	RR	None	2021-03-22 00:00:00	2021-06-20 00:00:00	None	SQL injection - Web Attacks (IP=79,IN)
49.206.41.56	24	EE	None	2021-02-07 00:00:00	2021-05-08 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6 HR Failed Logons (IP=56,IN)
49.206.50.242	24	DT	None	2021-09-06 00:00:00	2021-12-05 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt (1:19559:13) - Source Fire (IP=135,IN)
49.207.206.55	24	EE	None	2021-01-20 00:00:00	2021-04-21 00:00:00	None	Nuclei Vulnerability Scanner- CMS IP Events (IP=55,IN)
49.207.207.113	24	BMP	None	2021-01-20 00:00:00	2021-04-21 00:00:00	None	Scanning Activity - Shellshock, webserver Probing - FireEye (IP=113,IN)
49.207.211.61	24	RW	None	2021-01-21 00:00:00	2021-04-21 00:00:00	None	OS-OTHER Bash CGI environment variable injection attempt - Sourcefire (IP=61,IN)
49.207.221.131	24	EE	None	2021-01-20 00:00:00	2021-04-21 00:00:00	None	Nuclei Vulnerability Scanner- CMS IP Events (IP=131,IN)
49.212.130.18	24	RR	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=18,JP)
49.212.134.165	24	GM	None	2021-04-02 00:00:00	2021-07-02 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=165,JP)
49.212.139.201	24	FT	None	2021-03-14 00:00:00	2021-06-14 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=201,JP)
49.212.235.227	32	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5629 TO-S-2021-1303 (IP=227,JP)
49.212.235.227	32	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5629 TO-S-2021-1303 (IP=227,JP)
49.212.88.121	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	JP TO-S-2020-0750 Malicious Email Activity
49.228.48.0	22	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	TH Hive Case 4187 TO-S-2021-0898 Malware Activity
49.228.96.13	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=13,TH)
49.229.22.10	24	RW	None	2021-04-23 00:00:00	2021-07-23 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Sourcefire (IP=10,TH)
49.230.60.0	22	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	TH TO-S-2021-1007 Malware Activity
49.231.239.210	24	DT	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr web attacks (IP=210,TH)
49.232.130.129	24	RR	None	2020-07-11 00:00:00	2021-08-30 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attack (IP=129,CN) | updated by RW Block was inactive. Reactivated on 20210601 with reason SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Web Attacks (IP=129,CN)
49.232.137.106	24	EE	None	2021-04-02 00:00:00	2021-07-01 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attack (IP=106,CN)
49.232.141.222	24	EE	None	2020-12-07 00:00:00	2021-03-07 00:00:00	None	HTTP: SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Web Attacks (IP=222,CN)
49.232.145.205	24	EE	None	2020-11-20 00:00:00	2021-02-20 00:00:00	None	HTTP: Blind SQL Injection - Timing - Web Attacks (IP=205,CN)
49.232.147.220	24	RB	None	2021-04-01 00:00:00	2021-06-30 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr web attacks (IP=220,CN)
49.232.165.159	24	BMP	None	2020-10-30 00:00:00	2021-01-30 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - SourceFire (IP=159,CN)
49.232.17.254	24	FT	None	2020-12-10 00:00:00	2021-03-10 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - 6hr web attacks (IP=254,CN)
49.232.170.162	24	UA	None	2021-05-27 00:00:00	2021-08-25 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=162,CN)
49.232.173.112	24	BMP	None	2021-03-07 00:00:00	2021-06-21 00:00:00	None	ThinkPHP 5.0.23/5.1.31 command injection attempt (1:48837:6) - SourceFire (IP=112,CN) | updated by RR Block expiration extended with reason SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Web Attacks (IP=112,CN)
49.232.200.171	24	RR	None	2020-12-01 00:00:00	2021-03-01 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=171,CN)
49.232.203.102	24	FT	None	2020-11-04 00:00:00	2021-02-04 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr Web Attacks (IP=102,CN)
49.232.208.126	24	RR	None	2020-12-18 00:00:00	2021-03-18 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - SourceFire (IP=126,CN)
49.232.211.19	24	RW	None	2021-09-20 00:00:00	2021-12-19 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - Sourcefire (IP=19,CN)
49.232.27.19	24	RR	None	2020-08-17 00:00:00	2021-09-24 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - SourceFire D13 (IP=19,CN) | updated by ZH Block was inactive. Reactivated on 20210626 with reason SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - 6hr Web Attacks (IP=19,CN
49.232.40.196	32	DT	None	2020-10-16 00:00:00	2021-01-16 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 21C00135 (IP=196,CN)
49.232.42.224	24	FT	None	2021-03-30 00:00:00	2021-06-28 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=224,CN)
49.232.55.209	24	EE	None	2021-04-12 00:00:00	2021-07-11 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=209,CN)
49.232.56.143	24	FT	None	2021-04-16 00:00:00	2021-07-15 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - 6hr web attacks (IP=143,CN)
49.232.63.241	24	FT	None	2021-03-27 00:00:00	2021-06-25 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=241,CN)
49.232.70.206	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=206,CN)
49.232.84.204	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=204,CN)
49.232.89.155	24	RR	None	2020-11-25 00:00:00	2021-02-23 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt (IP=155,CN)
49.232.93.168	24	RB	None	2021-03-29 00:00:00	2021-06-27 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=168,CN)
49.233.117.194	24	BMP	None	2021-04-27 00:00:00	2021-07-26 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt (1:48837:6) - SourceFire (IP=194,CN)
49.233.119.72	24	RR	None	2021-03-22 00:00:00	2021-06-20 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=72,CN)
49.233.148.122	24	FT	None	2020-10-18 00:00:00	2021-01-18 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Web Attacks (IP=122,CN)
49.233.162.222	24	BMP	None	2020-10-19 00:00:00	2021-01-18 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=222,CN) | updated by RR Block expiration extended with reason SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - SourceFire (IP=222,CN)
49.233.173.111	24	RR	None	2020-10-28 00:00:00	2021-01-26 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=111,CN)
49.233.178.247	24	EE	None	2020-11-27 00:00:00	2021-02-27 00:00:00	None	HTTP: SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Web Attacks (IP=247,CN)
49.233.209.205	24	GM	None	2021-03-09 00:00:00	2021-11-30 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=205,CN) | updated by DT Block expiration extended with reason HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=205,CN) | updated by KD Block was inactive. Reactivated on 20210831 with reason HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841)- TT# 21C01707(IP=205,CN)
49.233.3.209	24	RR	None	2020-12-23 00:00:00	2021-03-23 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Web Attacks (IP=209,CN)
49.233.56.16	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=16,CN)
49.233.7.113	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=113,CN)
49.233.7.113	24	BMP	None	2021-06-09 00:00:00	2021-09-07 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - Sourcefire (IP=113,CN)
49.233.88.185	24	FT	None	2020-10-17 00:00:00	2021-01-17 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Web Attacks (IP=185,CN)
49.234.12.63	24	RR	None	2020-12-22 00:00:00	2021-03-22 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - SourceFire (IP=63,CN)
49.234.124.196	24	RB	None	2020-11-25 00:00:00	2021-02-25 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - Sourcefire (IP=196,CN)
49.234.13.129	24	RW	None	2021-03-13 00:00:00	2021-06-13 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=129,CN)
49.234.145.59	24	EE	None	2020-12-26 00:00:00	2021-03-26 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - 6 HR Web Attack (IP=59,CN)
49.234.15.91	24	RB	None	2021-03-29 00:00:00	2021-06-27 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - 6hr web attacks (IP=91,CN)
49.234.214.72	24	RR	None	2020-12-04 00:00:00	2021-03-04 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - SourceFire (IP=72,CN)
49.234.217.71	24	RB	None	2020-11-18 00:00:00	2021-02-16 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Sourcefire (IP=71,CN)
49.234.218.225	24	BMP	None	2021-06-16 00:00:00	2021-09-14 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=225,CN)
49.234.223.177	24	RW	None	2020-12-11 00:00:00	2021-03-11 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Sourcefire (IP=177,CN)
49.234.226.38	24	RR	None	2021-01-19 00:00:00	2021-04-19 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt Web Attacks (IP=38,CN)
49.234.26.99	24	RW	None	2021-01-26 00:00:00	2021-04-26 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Sourcefire (IP=99,CN)
49.234.47.214	24	RR	None	2021-05-23 00:00:00	2021-08-21 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=214,CN)
49.234.48.25	32	wmp	None	2021-02-11 00:00:00	2021-05-11 00:00:00	None	Firepower Suspicious Scan Activity (IP=25,CN)
49.234.51.104	24	RB	None	2020-11-11 00:00:00	2021-02-09 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - 6hr web attacks (IP=104,CN)
49.234.7.37	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=37,CN)
49.234.98.131	24	RB	None	2021-03-30 00:00:00	2021-06-28 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Sourcefire (IP=131,CN)
49.235.156.160	32	DT	None	2020-10-05 00:00:00	2021-01-05 00:00:00	None	HTTP: Apache Struts 2 Remote Code Execution (CVE-2017-5638) - TT # 21C00041 (IP=160,CN)
49.235.24.207	24	BMP	None	2020-10-30 00:00:00	2021-01-30 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - SourceFire (IP=207,CN)
49.235.27.102	24	DT	None	2021-01-18 00:00:00	2021-04-18 00:00:00	None	FTP Login Failed - 6hr failed logons (IP=102,CN)
49.235.41.195	24	FT	None	2020-10-14 00:00:00	2021-01-12 00:00:00	None	SERVER-WEBAPP vBulletin pre-authenticated command injection attempt - Web Attacks (IP=195,CN)
49.235.41.195	32	GM	None	2020-10-14 00:00:00	2021-01-14 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT 21C00121 (IP=195,CN)
49.235.47.66	24	RB	None	2021-05-10 00:00:00	2021-08-08 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - Sourcefire (IP=66,CN)
49.235.47.66	32	RW	None	2020-06-24 00:00:00	2021-08-10 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 20C03274 (IP=66,CN) | updated by wmp Block was inactive. Reactivated on 20210510 with reason ArcSight ESM High Attacker Suspicious Scan Activity (IP=66,CN)
49.235.68.183	24	BMP	None	2020-10-01 00:00:00	2021-01-01 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=183,CN)
49.235.70.38	24	EE	None	2021-03-27 00:00:00	2021-06-25 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=38,CN)
49.235.87.70	24	BMP	None	2021-06-02 00:00:00	2021-08-31 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt (1:48837:6) - SourceFire (IP=70,CN)
49.247.200.176	32	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	KR TO-S-2020-0315 Malicious Web Application Activity
49.248.165.18	32	dbc	None	2020-01-08 00:00:00	2021-01-08 00:00:00	None	IN TO-S-2020-0236 Malicious Reconnaissance Activity
49.248.249.0	24	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	IN TO-S-2021-0989 Hive Case # 4493 Malware Activity
49.248.250.0	24	jkc	None	2021-04-21 00:00:00	2021-10-21 00:00:00	None	Case # 5273 IOC_TO-S-2021-1233 Malicious callback IP
49.248.32.0	22	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,IN)
49.249.236.82	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	IN TO-S-2020-0535 Malicious Email Activity
49.249.246.146	32	dbc	None	2020-01-08 00:00:00	2021-01-08 00:00:00	None	IN TO-S-2020-0236 Malicious Reconnaissance Activity
49.36.113.70	24	EE	None	2020-12-15 00:00:00	2021-03-15 00:00:00	None	SERVER-WEBAPP Atlassian Jira makeRequest server - 6 Hr Web Attacks (IP=70,IN)
49.36.129.134	24	GM	None	2020-11-29 00:00:00	2021-03-01 00:00:00	None	SERVER-WEBAPP JBoss JMX console access attempt - Web Attacks (IP=134,IN)
49.36.167.218	24	EE	None	2021-03-22 00:00:00	2021-06-20 00:00:00	None	FTP Login Failed - Failed Logon (IP=218,IN)
49.36.171.235	24	EE	None	2021-04-02 00:00:00	2021-07-01 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt (1:19559:13) - SourceFire (IP=235,IN)
49.36.176.125	24	KH	None	2021-08-30 00:00:00	2021-11-28 00:00:00	None	SQL injection - 6hr Web Attacks (IP=125,IN)
49.36.19.142	24	RW	None	2020-11-18 00:00:00	2021-02-18 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=142,IN)
49.36.47.224	24	ZH	None	2021-05-26 00:00:00	2021-08-24 00:00:00	None	HTTP SQL Injection Attempt - 6hr web attacks (IP=224,IN) | updated by ZH Block expiration extended with reason FIREEYE-Web-INFECTION-MATCH - Case FIREEYE-Web-INFECTION-MATCH - Case
49.36.47.224	24	ZH	None	2021-05-26 00:00:00	2021-08-24 00:00:00	None	FIREEYE-Web-INFECTION-MATCH - Case 5509 (IP=224,IN)
49.36.47.224	24	RB	None	2021-05-14 00:00:00	2021-08-24 00:00:00	None	HTTP SQL Injection Attempt - 6hr web attacks (IP=224,IN) | updated by ZH Block expiration extended with reason FIREEYE-Web-INFECTION-MATCH - Case FIREEYE-Web-INFECTION-MATCH - Case
49.36.66.88	24	BMP	None	2021-02-20 00:00:00	2021-05-20 00:00:00	None	FTP Login Failed - 6hr Failed Logons (IP=88,IN)
49.37.157.146	24	RT	None	2021-07-07 00:00:00	2021-10-05 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6HR Failed Logons (IP=146,IN)
49.37.213.1	24	DT	None	2021-08-26 00:00:00	2021-11-24 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt (1:19559:13) - Source Fire (IP=,IN)
49.37.213.228	24	RR	None	2021-02-03 00:00:00	2021-05-04 00:00:00	None	FTP Login Failed - Failed Logon (IP=228,IN)
49.37.37.23	24	RB	None	2021-07-13 00:00:00	2021-10-11 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6hr failed logons (IP=23,IN)
49.4.4.156	24	BMP	None	2021-03-27 00:00:00	2021-06-25 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=156,CN)
49.4.70.162	24	RR	None	2021-03-06 00:00:00	2021-06-04 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=162,CN)
49.4.85.22	24	CR	None	2021-05-30 00:00:00	2021-08-28 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability - Web Attacks (IP=22,CN)
49.4.93.211	24	AR	None	2021-05-29 00:00:00	2021-08-27 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire Report (IP=211,CN)
49.44.86.196	24	RW	None	2020-10-02 00:00:00	2021-01-02 00:00:00	None	Malicious IP - Hive Case 4037 (IP=196,IN)
49.49.185.32	24	SW	None	2021-08-01 00:00:00	2021-10-30 00:00:00	None	SSH: SSH Login Bruteforce Detected - Failed Logons (IP=32, TH)
49.50.166.76	24	RR	None	2020-12-12 00:00:00	2021-03-12 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Web Attacks (IP=76,KR)
49.50.236.0	24	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	MY TO-S-2021-1007 Malware Activity
49.50.250.67	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	NZ TO-S-2020-0459 Malware Activity
49.51.10.125	32	SW	None	2021-05-24 00:00:00	2021-08-23 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - SourceFire Report (IP=125,US)
49.51.10.34	24	PS	None	2021-06-03 00:00:00	2021-09-01 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - SourceFire (1:42785:4) (IP=34,CA)
49.51.10.34	24	PS	None	2021-06-03 00:00:00	2021-09-01 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - SourceFire (1:42785:4) (IP=34,CA)
49.51.10.61	32	UA	None	2021-05-18 00:00:00	2021-08-16 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=61,US)
49.51.101.157	24	ZH	None	2021-06-28 00:00:00	2021-09-26 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire Rpt (IP=157,CA)
49.51.101.215	32	BMP	None	2021-06-26 00:00:00	2021-09-24 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire (IP=215,US)
49.51.11.133	32	srm	None	2021-05-11 00:00:00	2021-08-09 00:00:00	None	Firepower Suspicious Scan Activity (IP=133,CA)
49.51.11.210	24	RT	None	2021-06-18 00:00:00	2021-09-16 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire Report (IP=210,CA)
49.51.12.230	24	BMP	None	2021-06-01 00:00:00	2021-08-30 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire (IP=230,CA)
49.51.12.230	24	BMP	None	2021-06-01 00:00:00	2021-08-30 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire (IP=230,CA)
49.51.12.241	32	SW	None	2021-05-19 00:00:00	2021-08-17 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (IP=241,US)
49.51.134.254	24	ZH	None	2021-07-05 00:00:00	2021-10-03 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire Rpt (IP=254,DE)
49.51.150.122	32	BMP	None	2021-06-18 00:00:00	2021-09-16 00:00:00	None	INDICATOR-OBFUSCATION select concat statement - possible sql injection (1:19437:6) - SourceFire (IP=122,US)
49.51.153.23	24	RT	None	2021-06-08 00:00:00	2021-09-06 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire Report (IP=23,DE)
49.51.155.120	32	UA	None	2021-06-22 00:00:00	2021-09-22 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (IP=120,US)
49.51.155.120	32	UA	None	2021-06-22 00:00:00	2021-09-22 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Source Fire (IP=120,US)
49.51.155.205	32	UA	None	2021-06-22 00:00:00	2021-09-22 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (IP=205,US)
49.51.155.205	32	UA	None	2021-06-22 00:00:00	2021-09-22 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Source Fire (IP=205,US)
49.51.159.98	24	RR	None	2019-09-21 00:00:00	2021-09-02 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - SourceFire (IP=98,CN) | updated by BMP Block was inactive. Reactivated on 20210604 with reason INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - S
49.51.160.240	24	RT	None	2021-07-09 00:00:00	2021-10-07 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire Report (IP=240,DE)
49.51.160.240	24	RT	None	2021-07-09 00:00:00	2021-10-07 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire Report (IP=240,DE) INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire Report (IP=240,DE)
49.51.160.47	32	srm	None	2021-05-17 00:00:00	2021-08-15 00:00:00	None	Firepower Suspicious Scan Activity (IP=47,DE)
49.51.160.77	32	PS	None	2021-05-27 00:00:00	2021-08-25 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - SourceFire (1:42785:4) (IP=77,US)
49.51.160.91	24	BMP	None	2021-05-29 00:00:00	2021-08-27 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire (IP=91,CN)
49.51.161.141	32	AR	None	2021-06-22 00:00:00	2021-09-20 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire Report (IP=141,US)
49.51.161.145	32	SW	None	2021-05-25 00:00:00	2021-08-24 00:00:00	None	INDICATOR-SCAN DNS version.bind
49.51.161.186	32	BMP	None	2021-06-24 00:00:00	2021-09-22 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire (IP=186,US)
49.51.161.209	32	SW	None	2021-05-26 00:00:00	2021-08-24 00:00:00	None	INDICATOR-SCAN DNS version.bind
49.51.161.209	32	SW	None	2021-05-26 00:00:00	2021-08-24 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - SourceFire (IP=209,US)
49.51.161.95	24	DT	None	2021-06-24 00:00:00	2021-09-22 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Source Fire (IP=95,DE)
49.51.162.151	24	RR	None	2019-09-20 00:00:00	2021-08-11 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire (IP=151,CN) | updated by CR Block was inactive. Reactivated on 20210513 with reason INDICATOR-SCAN DNS version.bind string information disclosure attempt - So
49.51.172.33	32	UA	None	2021-05-18 00:00:00	2021-08-16 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=33,US)
49.51.230.78	24	CR	None	2019-10-14 00:00:00	2021-09-06 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt_Sourcefire (IP=78,CN) | updated by RT Block was inactive. Reactivated on 20210608 with reason INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Source
49.51.232.34	32	ZH	None	2021-09-08 00:00:00	2021-12-07 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire Rpt (IP=34,US)
49.51.232.64	32	DT	None	2021-07-01 00:00:00	2021-09-29 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Source Fire (IP=64,US)
49.51.232.68	32	AR	None	2021-07-06 00:00:00	2021-10-04 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire (IP=68,US)
49.51.232.87	32	GM	None	2019-10-17 00:00:00	2021-08-23 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=87,US) | updated by BMP Block was inactive. Reactivated on 20210525 with reason INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - S
49.51.233.126	32	RT	None	2021-07-14 00:00:00	2021-10-12 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire Report (IP=126,US)
49.51.233.130	32	DT	None	2021-07-12 00:00:00	2021-10-10 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Source Fire (IP=130,US)
49.51.241.239	32	RW	None	2021-06-25 00:00:00	2021-09-23 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire (IP=239,US)
49.51.241.57	24	KH	None	2021-08-03 00:00:00	2021-11-01 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire (IP=57,HK)
49.51.242.151	32	DT	None	2021-09-12 00:00:00	2021-12-11 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Source Fire (IP=151,US)
49.51.242.196	32	AR	None	2021-06-30 00:00:00	2021-09-28 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire (IP=196,US)
49.51.243.157	32	BMP	None	2021-07-19 00:00:00	2021-10-17 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire (IP=157,US)
49.51.243.251	32	RB	None	2019-06-15 00:00:00	2021-09-02 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt_Sourcefire (IP=251,US) | updated by AR Block was inactive. Reactivated on 20210604 with reason INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sou
49.51.244.105	32	DT	None	2021-09-11 00:00:00	2021-12-10 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Source Fire (IP=105,US)
49.51.244.189	32	RB	None	2019-06-15 00:00:00	2021-09-13 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt_Sourcefire (IP=189,US) | updated by RB with reason INDICATOR-SCAN DNS version.bind string information disclosure attempt_Sourcefire (IP=189,US) | 2020-01-07 | 2019-09-13 | updated
49.51.247.41	32	DT	None	2021-06-25 00:00:00	2021-09-23 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Source Fire (IP=41,US)
49.51.249.105	32	KH	None	2021-07-30 00:00:00	2021-10-28 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire (IP=105,US)
49.51.249.19	32	KH	None	2021-08-16 00:00:00	2021-11-14 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire (IP=19,US)
49.51.249.216	32	DT	None	2021-06-30 00:00:00	2021-09-28 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Source Fire (IP=216,US)
49.51.249.218	32	BMP	None	2021-06-25 00:00:00	2021-09-23 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire (IP=218,US)
49.51.249.229	32	BMP	None	2021-07-15 00:00:00	2021-10-13 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire (IP=229,US)
49.51.249.248	32	AR	None	2021-06-26 00:00:00	2021-09-24 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire (IP=248,US)
49.51.249.5	32	UA	None	2021-08-14 00:00:00	2021-11-11 00:00:00	None	SERVER-WEBAPP Sonatype Nexus Repository Manager remote code execution attempt (1:50533:1) - SourceFire Report (IP=5,US)
49.51.249.83	32	BMP	None	2021-08-08 00:00:00	2021-11-06 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire (IP=83,US)
49.51.252.116	32	ZH	None	2021-06-01 00:00:00	2021-08-30 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire Report (IP=116,US)
49.51.252.142	32	RW	None	2021-06-25 00:00:00	2021-09-23 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire (IP=142,US)
49.51.253.158	32	RB	None	2019-06-22 00:00:00	2021-10-11 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt_Sourcefire (IP=158 US) | updated by RB with reason INDICATOR-SCAN DNS version.bind string information disclosure attempt_Sourcefire (IP=158 US) | 2020-01-04 | 2019-09-20 | updated by ZH Block was inactive. Reactivated on 20210713 with reason INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire Rpt (IP=158,US)
49.51.253.249	32	RB	None	2019-06-16 00:00:00	2021-09-21 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt_Sourcefire (IP=249 US) | updated by RB with reason INDICATOR-SCAN DNS version.bind string information disclosure attempt_Sourcefire (IP=249 US) | 2020-01-04 | 2019-09-14 | updated
49.51.34.227	32	AR	None	2021-07-06 00:00:00	2021-10-04 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire (IP=227,US)
49.51.35.202	32	ZH	None	2021-07-13 00:00:00	2021-10-11 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire Rpt (IP=202,US)
49.51.37.143	32	BMP	None	2021-08-08 00:00:00	2021-11-06 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire (IP=143,US)
49.51.37.174	32	UA	None	2021-09-07 00:00:00	2021-12-06 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire (IP=174,US)
49.51.41.174	32	BMP	None	2021-07-27 00:00:00	2021-10-25 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire (IP=174,US)
49.51.47.153	32	DT	None	2021-09-06 00:00:00	2021-12-05 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Source Fire (IP=153,US)
49.51.49.198	32	RR	None	2021-08-18 00:00:00	2021-11-16 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - SourceFire (IP=198,US)
49.51.50.204	32	WR	None	2021-06-26 00:00:00	2021-09-24 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire (IP=204,US)
49.51.51.11	32	KH	None	2021-08-03 00:00:00	2021-11-01 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire (IP=11,US)
49.51.51.110	32	UA	None	2021-08-26 00:00:00	2021-11-24 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire (IP=110,US)
49.51.51.127	32	RB	None	2019-10-13 00:00:00	2021-09-20 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt_Sourcefire (IP=127 US) | updated by BMP Block was inactive. Reactivated on 20210622 with reason INDICATOR-OBFUSCATION select concat statement - possible sql injection (1:19437:6) - Sou
49.51.51.24	32	RW	None	2019-11-24 00:00:00	2021-08-20 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt - Sourcefire (IP=24,US) | updated by SW Block was inactive. Reactivated on 20210521 with reason INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sou
49.51.51.53	32	CW	None	2019-10-23 00:00:00	2021-08-23 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt_SourceFire (IP=53,US) | updated by RW Block expiration extended with reason INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=53,US) | updated by
49.51.51.75	32	DT	None	2021-07-22 00:00:00	2021-10-20 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Source Fire (IP=75,US)
49.51.52.89	32	AR	None	2021-05-29 00:00:00	2021-08-27 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire Report (IP=89,US)
49.51.8.17	24	BMP	None	2021-06-04 00:00:00	2021-09-02 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire (IP=17,CA)
49.51.8.195	32	CR	None	2021-05-11 00:00:00	2021-08-11 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt_Sourcefire (IP=195,US)
49.51.9.157	32	PS	None	2021-05-27 00:00:00	2021-08-25 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - SourceFire (1:42785:4) (IP=157,US)
49.51.9.196	32	CR	None	2021-05-13 00:00:00	2021-08-11 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=196,US)
49.51.9.216	32	srm	None	2021-05-17 00:00:00	2021-08-15 00:00:00	None	Firepower Suspicious Scan Activity (IP=216,CA)
49.51.9.77	24	BMP	None	2021-05-27 00:00:00	2021-08-25 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire (IP=77,CA)
49.51.90.183	24	RT	None	2021-07-14 00:00:00	2021-10-12 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire Report (IP=183,CA)
49.51.91.91	24	RT	None	2021-07-07 00:00:00	2021-10-05 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire Report (IP=91,CA)
49.51.92.152	24	UA	None	2021-07-08 00:00:00	2021-10-06 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire (IP=152,CA)
49.51.93.98	24	ZH	None	2021-07-04 00:00:00	2021-10-02 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire Rpt (IP=98,CA)
49.51.96.28	24	DT	None	2021-06-25 00:00:00	2021-09-23 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Source Fire (IP=28,CA)
49.51.97.226	24	DT	None	2021-06-25 00:00:00	2021-09-23 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Source Fire (IP=226,CA)
49.51.98.136	24	DT	None	2021-09-06 00:00:00	2021-12-05 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Source Fire (IP=136,CA)
49.51.98.216	32	AR	None	2021-07-02 00:00:00	2021-09-30 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire (IP=216,US)
49.51.98.253	32	AR	None	2021-07-06 00:00:00	2021-10-04 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire (IP=253,US)
49.51.99.39	24	RT	None	2021-07-14 00:00:00	2021-10-12 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire Report (IP=39,CA)
49.51.99.53	32	DT	None	2021-07-09 00:00:00	2021-10-07 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Source Fire (IP=53,US)
49.7.234.86	24	EE	None	2021-03-12 00:00:00	2021-06-10 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=86,CN)
49.83.240.86	24	FT	None	2020-10-19 00:00:00	2021-01-19 00:00:00	None	SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (1:51620:4) - SourceFire (IP=86,CN)
49.83.88.81	24	GM	None	2020-11-28 00:00:00	2021-02-28 00:00:00	None	Generic URI Injection wget Attempt - FireEye CMS (IP=81,CN)
49.84.119.38	24	DT	None	2021-06-24 00:00:00	2021-09-22 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Web Attacks (IP=38,CN)
49.88.76.140	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=140,CN)
49.89.211.86	24	GM	None	2021-01-30 00:00:00	2021-04-30 00:00:00	None	Generic URI Injection wget Attempt - FireEye CMS (IP=86,CN)
49.89.216.188	32	srm	None	2021-05-17 00:00:00	2021-08-15 00:00:00	None	Firepower Suspicious Scan Activity (IP=188,CN)
49.89.217.54	32	srm	None	2021-04-20 00:00:00	2021-07-19 00:00:00	None	Firepower Suspicious Scan Activity (IP=54,CN)
49.89.219.233	24	KH	None	2021-08-23 00:00:00	2021-11-21 00:00:00	None	Generic URI Injection wget Attempt - FE IPS (IP=233,CN)
5.10.124.142	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	GB TO-S-2020-0331 Malicious Email Activity
5.10.224.66	24	KH	None	2021-07-19 00:00:00	2021-10-17 00:00:00	None	SERVER-OTHER OpenSSL TLSv1.1 heartbeat read overrun attempt (1:30524:5) - SourceFire (IP=66, IQ)
5.100.152.162	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=162,US)
5.100.152.25	32	dbc	None	2020-04-08 00:00:00	2021-04-08 00:00:00	None	US TO-S-2020-0419 Malicious Email Activity
5.100.155.169	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=169,US)
5.101.110.225	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	Unaffiliated TO-S-2020-0535 Malicious Email Activity
5.101.219.214	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	BG Hive Case 4237 TO-S-2021-0910 Malware Activity
5.101.219.242	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	BG Hive Case 4237 TO-S-2021-0910 Malware Activity
5.101.45.10	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	OM TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
5.101.45.14	24	BMP	None	2021-05-25 00:00:00	2021-08-23 00:00:00	None	Phish.URL - Hive Case 5484 (IP=14,NL)
5.101.64.0	24	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	RU Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
5.104.110.89	24	RB	None	2021-05-15 00:00:00	2021-08-13 00:00:00	None	SQL injection - 6hr web attacks (IP=89,DE)
5.104.21.2	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	CZ TO-S-2020-0298 Malicious Email Activity
5.12.57.255	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	OM Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
5.13.216.72	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	OM Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
5.132.191.104	32	NAB	None	2021-05-17 00:00:00	2021-11-17 00:00:00	None	HIVE Case #NA FP Security (IP=104,AT)
5.133.99.103	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	IT TO-S-2020-0298 Malicious Email Activity
5.134.124.172	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=172,IT)
5.134.4.194	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	BE Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
5.134.8.3	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	GB TO-S-2020-0459 Malware Activity
5.135.152.45	24	RW	None	2021-03-07 00:00:00	2021-06-07 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=45,FR)
5.135.197.26	24	BMP	None	2021-02-28 00:00:00	2021-05-28 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=26,FR)
5.135.24.33	24	BMP	None	2021-08-08 00:00:00	2021-12-06 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - 6hr Web Attacks (IP=33,FR) | updated by RR Block expiration extended with reason SERVER-WEBAPP Atlassian Confluence OGNL injection remote code execution attempt - SourceFire (IP=33,FR)
5.135.31.88	24	BMP	None	2021-03-27 00:00:00	2021-06-25 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=88,FR)
5.14.137.137	32	wmp	None	2021-04-19 00:00:00	2021-07-19 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=137,RO)
5.14.199.149	24	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=149,RO)
5.142.234.31	32	jkc	None	2020-06-26 00:00:00	2021-06-26 00:00:00	None	Case # 3146 - IOC_ CTO 20-172 malicious callback IP (ip=31,RU)
5.145.174.10	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	ES TO-S-2021-1007 Malicious Email Activity
5.145.225.121	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	RU TO-S-2020-0331 Malicious Web Application Activity
5.149.200.0	22	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5629 TO-S-2021-1303 (IP=0,RU)
5.149.252.0	23	TLM	None	2021-06-25 00:00:00	2021-12-25 00:00:00	None	HIVE Case #5704 TO-S-2021-1357 (IP=0,CA)
5.149.254.180	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=180,NL)
5.150.143.107	24	JKC	None	2020-04-13 00:00:00	2021-04-13 00:00:00	None	CTR-20-0628 MALWARE CAMPAIGN HIVE CASE #2504 (IP=107, IT)
5.150.143.107	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	IT TO-S-2020-0535 Malware Activity
5.150.233.146	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	SE TO-S-2020-0459 Malware Activity
5.150.233.146	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	SE TO-S-2020-0459 Malware Activity
5.152.206.196	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=196,GB)
5.152.223.103	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	GB TO-S-2020-0459 Malware Activity
5.153.135.46	32	kmw	None	2020-01-02 00:00:00	2021-01-02 00:00:00	None	UA TO-S-2020-0228 Malicious Web Application Activity
5.153.23.28	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	NL TO-S-2020-0459 Malware Activity
5.153.250.14	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	GB TO-S-2021-0876 Hive Case 4166 Malware Activity
5.157.114.59	24	KH	None	2021-09-05 00:00:00	2021-12-04 00:00:00	None	Drupal Core CVE-2018-7600 Form Rendering Post_render RCE - FE IPS (IP=59,IT)
5.157.2.0	23	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,SE)
5.157.96.66	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=66,IT)
5.158.119.226	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	RU TO-S-2020-0298 Malicious Email Activity
5.167.123.138	24	SW	None	2021-05-20 00:00:00	2021-08-19 00:00:00	None	FTP Login Failed - 6 Hour Failed Logons (IP=138,RU)
5.175.41.242	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	ES TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
5.175.74.6	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	IT TO-S-2020-0331 Malicious Web Application Activity
5.177.202.207	32	dbc	None	2020-06-10 00:00:00	2021-06-10 00:00:00	None	TR TO-S-2020-0601 Malware Activity
5.178.188.78	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	GE TO-S-2020-0331 Malicious Web Application Activity
5.180.184.220	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=220,TR)
5.180.211.107	32	wmp	None	2021-02-17 00:00:00	2021-05-17 00:00:00	None	Firepower Suspicious Scan Activity (IP=107,GB)
5.180.211.73	32	wmp	None	2021-02-18 00:00:00	2021-05-18 00:00:00	None	Firepower Suspicious Scan Activity (IP=73,GB)
5.180.211.73	24	FT	None	2020-11-01 00:00:00	2021-02-01 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt (1:28556:3) - SourceFire (IP=73,GB)
5.180.221.36	24	DT	None	2020-10-28 00:00:00	2021-01-26 00:00:00	None	HTTP: SQL Injection - Exploit - Web Attacks (IP=36,US)
5.180.62.162	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=162,DE)
5.181.156.0	22	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	MD Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
5.181.156.69	24	GL	None	2020-10-09 00:00:00	2021-01-07 00:00:00	None	HIVE Case #4099 CTO 2020-282 (IP=69,MD)
5.181.233.116	24	RB	None	2021-01-10 00:00:00	2021-04-10 00:00:00	None	HTTP: Blind SQL Injection - Timing - 6hr web attacks (IP=116,CA)
5.181.80.106	24	KH	None	2021-08-16 00:00:00	2021-11-14 00:00:00	None	FOX-SRT - IOC - XServer/Agent - Possible XServer Start SOCKS5 Proxy mode (ProxyTransmit) (1:21002457:1) - Sourcefire (IP=106,BG)
5.182.141.61	24	FT	None	2020-10-04 00:00:00	2021-01-04 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - Web Attacks (IP=61,PL)
5.182.210.147	32	RW	None	2021-01-28 00:00:00	2021-04-28 00:00:00	None	Unauthorized Access-Probe - TT# 21C00453 (IP=147,NL)
5.182.210.213	24	EE	None	2021-02-07 00:00:00	2021-05-08 00:00:00	None	Unauthorized Access-Probe/UDP: Host Sweep - TT# 21C00476 (IP=213,NL)
5.182.210.233	24	DT	None	2021-02-04 00:00:00	2021-05-04 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=233,NL)
5.182.210.81	24	EE	None	2021-02-07 00:00:00	2021-05-07 00:00:00	None	Unauthorized Access-Probe - TT: 21C00473 (IP=81,NL)
5.182.211.80	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	NL Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
5.183.179.78	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	DE TO-S-2020-0750 Malicious Email Activity
5.183.92.38	24	RB	None	2021-05-23 00:00:00	2021-08-21 00:00:00	None	SQL injection - 6hr web attacks (IP=38,DE)
5.185.69.45	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=45,PL)
5.187.0.0	21	NAB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HIVE Case #5136 TO-S-21-1197 TO-S-21-1197.01 (IP=0,DE)
5.187.52.10	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	PL TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
5.188.111.133	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=133,US)
5.188.133.172	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	ZA TO-S-2021-0949 Hive Case 4363 Malicious Email Activity
5.188.152.0	22	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,KZ)
5.188.196.189	24	DT	None	2021-03-21 00:00:00	2021-06-19 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=189,RU)
5.188.206.142	24	EE	None	2021-04-13 00:00:00	2021-07-12 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt (1:28556:3) Sourcefire (IP=142,BG)
5.188.210.65	32	jkc	None	2020-06-26 00:00:00	2021-06-26 00:00:00	None	Case # 3146 - IOC_ CTO 20-172 malicious callback IP (ip=65,RU)
5.188.62.140	32	wmp	None	2021-06-29 00:00:00	2021-09-29 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=140,RU)
5.188.84.0	24	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	RU Hive Case 4187 TO-S-2021-0898 Malicious Web Application Activity
5.189.129.2	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	HIVE Case #Firepower Firepower (IP=2,DE)
5.189.130.227	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=227,DE)
5.189.151.188	32	BMP	None	2020-03-05 00:00:00	2021-10-29 00:00:00	None	Known Attack Tool User Agent / HTTP: Masscan Scanner Traffic Detected - TT# 20C02011 (IP=188,DE) | updated by dbc Block was inactive. Reactivated on 20201029 with reason DE Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
5.189.155.65	32	dbc	None	2020-03-24 00:00:00	2021-03-24 00:00:00	None	DE TO-S-2020-0369 Malicious Email Activity
5.189.161.59	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	DE TO-S-2020-0331 Malicious Web Application Activity
5.189.162.164	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	DE TO-S-2021-1007 Malware Activity
5.189.164.108	32	FT	None	2021-01-29 00:00:00	2021-04-29 00:00:00	None	POLICY-OTHER SAP NetWeaver AS LM Configuration Wizard access detected (1:54573:1) - SourceFire (IP=108,DE)
5.189.164.108	32	wmp	None	2021-01-29 00:00:00	2021-04-29 00:00:00	None	PaloAlto Apache Authentication Vulnerability (IP=108,DE)
5.189.164.49	24	RR	None	2021-03-29 00:00:00	2021-06-27 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=49,DE)
5.189.166.164	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	DE Hive Case 4237 TO-S-2021-0910 Malicious Reconnaissance Activity
5.189.167.12	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	DE Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
5.189.170.219	32	RR	None	2019-11-06 00:00:00	2021-10-29 00:00:00	None	Unauthorized Access-Probe / UDP: Host Sweep - TT# 20C00864 (IP=219,DE) | updated by dbc Block was inactive. Reactivated on 20201029 with reason DE Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
5.189.171.49	32	wmp	None	2021-02-11 00:00:00	2021-05-11 00:00:00	None	Firepower Suspicious Scan Activity (IP=49,DE)
5.189.176.160	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	DE Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
5.189.176.208	32	RR	None	2020-03-06 00:00:00	2021-10-29 00:00:00	None	Known Attack Tool User Agent/ HTTP: Masscan Scanner Traffic Detected - TT# 20C02000(IP=208,DE) | updated by dbc Block was inactive. Reactivated on 20201029 with reason DE Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
5.189.177.253	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	DE Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
5.189.177.94	32	dbc	None	2020-05-13 00:00:00	2021-05-13 00:00:00	None	DE TO-S-2020-0503 Malicious Email Activity
5.189.179.155	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	DE TO-S-2020-0331 Malicious Web Application Activity
5.189.181.129	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	DE TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
5.189.181.43	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	DE TO-S-2021-1007 Malware Activity
5.189.183.165	32	TLM	None	2021-07-29 00:00:00	2021-10-27 00:00:00	None	HIVE Case #5884 TO-S-2021-1435 (IP=165,DE)
5.189.184.39	24	ZH	None	2021-09-15 00:00:00	2021-12-14 00:00:00	None	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - TT# 21C01861 (IP=39,DE)
5.189.187.205	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	DE TO-S-2021-0949 Hive Case 4363 Malicious Email Activity
5.189.190.180	32	kmw	None	2020-01-02 00:00:00	2021-01-02 00:00:00	None	DE TO-S-2020-0228 Malicious Email Activity
5.189.243.144	24	RR	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=144,RU)
5.195.196.246	24	RB	None	2021-06-19 00:00:00	2021-09-17 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=246,AE)
5.196.100.175	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	FR TO-S-2020-0459 Malware Activity
5.196.116.202	32	dbc	None	2020-03-24 00:00:00	2021-03-24 00:00:00	None	FR TO-S-2020-0369 Malicious Email Activity
5.196.167.184	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	FR Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
5.196.247.3	32	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	FR TO-S-2020-0315 Malicious Email Activity
5.196.247.81	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	FR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
5.196.35.138	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	FR TO-S-2021-0876 Hive Case 4166 Malware Activity
5.196.42.122	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	FR TO-S-2020-0298 Malware Activity
5.196.61.211	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	FR TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
5.196.65.217	32	GM	None	2020-03-07 00:00:00	2021-10-29 00:00:00	None	Known Attack Tool User Agent / HTTP: Masscan Scanner Traffic Detected - TT# 20C02047 (IP=217,US) | updated by dbc Block was inactive. Reactivated on 20201029 with reason FR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
5.196.65.74	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	FR TO-S-2020-0493 Malware Activity
5.196.65.85	32	RB	None	2020-03-06 00:00:00	2021-10-29 00:00:00	None	Known Attack Tool User Agent - TT# 20C02002 (IP=85,FR) | updated by dbc Block was inactive. Reactivated on 20201029 with reason FR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
5.196.70.112	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	FR TO-S-2020-0459 Malware Activity
5.196.70.112	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	FR TO-S-2020-0459 Malware Activity
5.196.74.210	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	FR TO-S-2021-0876 Hive Case 4166 Malware Activity
5.199.143.184	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	DE TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
5.2.138.236	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	OM Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
5.2.222.134	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=134,RO)
5.2.64.174	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	NL Hive Case 4237 TO-S-2021-0910 Malware Activity
5.2.69.14	32	GM	None	2021-03-09 00:00:00	2021-06-07 00:00:00	None	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00623 (IP=14,NL)
5.2.69.15	32	GM	None	2021-03-09 00:00:00	2021-06-07 00:00:00	None	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00621 (IP=15,NL)
5.2.69.21	32	RW	None	2021-03-10 00:00:00	2021-06-10 00:00:00	None	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00664 (IP=21,NL)
5.2.73.126	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	NL Hive Case 4187 TO-S-2021-0898 Malicious Web Application Activity
5.2.81.176	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=176,TR)
5.2.83.193	24	EE	None	2021-03-27 00:00:00	2021-06-25 00:00:00	None	SERVER-WEBAPP JBoss JMX console access attempt (1:21516:9) - SourceFire (IP=193,TR)
5.2.84.246	32	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	TR TO-S-2020-0315 Malicious Email Activity
5.2.87.151	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	TR Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
5.200.52.0	22	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	RU TO-S-2020-0322 Malware Activity
5.206.224.109	32	srm	None	2021-05-14 00:00:00	2021-08-12 00:00:00	None	Firepower Suspicious Scan Activity (IP=109,PT)
5.206.232.0	21	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	RS TO-S-2020-0303 Malicious Email Activity
5.230.195.99	24	WR	None	2021-06-14 00:00:00	2021-09-14 00:00:00	None	Attempted Access - Inbound Brute Force - TT# 21C01294 (IP=99, DE)
5.230.22.237	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	DE TO-S-2020-0303 Malicious Web Application Activity
5.248.224.61	32	jkc	None	2020-06-26 00:00:00	2021-06-26 00:00:00	None	Case # 3146 - IOC_ CTO 20-172 malicious callback IP (ip=61,UA)
5.248.225.97	32	jkc	None	2020-06-26 00:00:00	2021-06-26 00:00:00	None	Case # 3146 - IOC_ CTO 20-172 malicious callback IP (ip=97,UA)
5.249.149.140	24	RW	None	2021-03-31 00:00:00	2021-06-30 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability - 6hr web attacks (IP=140,IT)
5.251.181.80	24	BMP	None	2021-04-30 00:00:00	2021-07-29 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt (1:48837:6) - SourceFire (IP=80,KA)
5.251.196.175	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	KZ Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
5.252.161.152	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=152,GB)
5.252.177.25	24	CJC	None	2020-12-13 00:00:00	2021-12-13 00:00:00	None	Hive Case # 4481 - FireEye Blog IP related to SunBurst Backdoor (IP=25,MD)
5.252.194.0	24	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	RU Hive Case 4237 TO-S-2021-0910 Malware Activity
5.252.229.55	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	PL TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
5.252.229.59	32	NAB	None	2020-10-30 00:00:00	2021-01-28 00:00:00	None	HIVE Case #4238 COLS-NA-TIP-20-0344 (IP=59,PL)
5.253.204.90	24	RB	None	2021-01-10 00:00:00	2021-04-10 00:00:00	None	Hive Case #4729 (IP=90,LU)
5.253.25.42	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	IR TO-S-2020-0750 Malicious Email Activity
5.253.60.0	22	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	RU TO-S-2020-0750 Malicious Email Activity
5.255.90.119	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	NL TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
5.255.96.163	32	dbc	None	2020-03-24 00:00:00	2021-03-24 00:00:00	None	NL TO-S-2020-0369 Malware Activity
5.26.108.136	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	TR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
5.30.160.0	19	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	AE TO-S-2020-0750 Malicious Email Activity
5.30.195.75	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	AE TO-S-2020-0298 Malicious Email Activity
5.32.131.213	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	BG TO-S-2020-0303 Malicious Email Activity
5.32.176.0	23	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	US TO-S-2020-0303 Malicious Email Activity
5.35.226.160	32	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	DE TO-S-2020-0838 Malicious Email Activity
5.35.240.99	24	RR	None	2021-03-23 00:00:00	2021-06-21 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=99,DE)
5.35.250.25	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=25,DE)
5.36.163.208	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	OM Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
5.36.67.99	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	OM Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
5.37.169.114	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	OM Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
5.39.43.57	24	RR	None	2021-03-11 00:00:00	2021-06-09 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=57,FR)
5.39.66.58	24	FT	None	2020-11-04 00:00:00	2021-02-04 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - 6hr Web Attacks (IP=58,FR) | updated by GM Block was inactive. Reactivated on 20201104 with reason SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Sourcefire (IP=58,FR)
5.39.73.51	24	DT	None	2021-01-18 00:00:00	2021-04-18 00:00:00	None	Unauthorized Access-Probe / UDP: Host Sweep - TT# 21C00411 (IP=51,FR)
5.39.93.210	24	BMP	None	2021-03-07 00:00:00	2021-06-07 00:00:00	None	INDICATOR-COMPROMISE PHP backdoor communication attempt (1:50950:1) - SourceFire (IP=80,FR)
5.40.162.130	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	ES TO-S-2020-0331 Malicious Web Application Activity
5.40.175.149	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	ES TO-S-2020-0331 Malicious Web Application Activity
5.44.107.153	24	RB	None	2021-03-24 00:00:00	2021-06-22 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - 6hr web attacks (IP=153 DE)
5.44.154.204	32	TLM	None	2021-06-17 00:00:00	2021-12-17 00:00:00	None	HIVE Case #5644 TO-S-2021-1352 (IP=204,TR)
5.44.169.215	32	jkc	None	2020-06-26 00:00:00	2021-06-26 00:00:00	None	Case # 3146 - IOC_ CTO 20-172 malicious callback IP (ip=215,RU)
5.44.48.0	20	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	RU TO-S-2020-0303 Malicious Email Activity
5.45.179.186	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	DE TO-S-2020-0698 Malicious Email Activity
5.49.5.162	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	FR TO-S-2020-0459 Malware Activity
5.50.116.202	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	FR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
5.51.128.243	24	DT	None	2021-04-24 00:00:00	2021-07-24 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - 6hr web attacks (IP=243,FR)
5.51.232.146	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	FR TO-S-2020-0459 Malware Activity
5.51.82.77	24	EE	None	2021-04-12 00:00:00	2021-07-11 00:00:00	None	SQL injection - Web Attacks (IP=77,FR)
5.53.99.210	24	BMP	None	2021-09-15 00:00:00	2021-12-14 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - WebAttacks (IP=210,AE)
5.55.151.158	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	GR TO-S-2020-0303 Malicious Email Activity
5.55.183.188	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	GR TO-S-2020-0298 Malicious Email Activity
5.55.185.231	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	GR Hive Case 4237 TO-S-2021-0910 Malicious Reconnaissance Activity
5.55.72.67	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	GR TO-S-2020-0298 Malicious Email Activity
5.56.56.19	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	ES Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
5.57.133.136	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	PL TO-S-2020-0331 Malicious Web Application Activity
5.57.226.202	32	wmp	None	2020-08-13 00:00:00	2021-09-29 00:00:00	None	HIVE Case #3554 COLS-NA-TIP-20-0257 (IP=202,ES) | updated by dbc Block expiration extended with reason ES TO-S-2020-0838 Malicious Email Activity
5.58.58.93	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	UA TO-S-2020-0298 Malicious Email Activity
5.58.98.253	24	RR	None	2020-12-07 00:00:00	2021-03-07 00:00:00	None	FTP Login Failed - Failed Logons (IP=253,UA)
5.61.248.44	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	NL TO-S-2020-0331 Malicious Email Activity
5.61.249.75	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	NL TO-S-2020-0698 Malware Activity
5.61.57.59	32	jkc	None	2020-06-26 00:00:00	2021-06-26 00:00:00	None	Case # 3146 - IOC_ CTO 20-172 malicious callback IP (ip=59,DE)
5.61.60.232	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=232,DE)
5.62.152.0	21	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	RU Hive Case 4237 TO-S-2021-0910 Malware Activity
5.62.34.0	24	dbc	None	2020-03-24 00:00:00	2021-03-24 00:00:00	None	SG TO-S-2020-0369 Malicious Email Activity
5.62.38.21	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	NL TO-S-2020-0331 Malware Activity
5.62.39.238	32	dbc	None	2020-03-24 00:00:00	2021-03-24 00:00:00	None	GB TO-S-2020-0369 Malicious Email Activity
5.62.41.172	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	DE TO-S-2021-1007 Malware Activity
5.62.48.129	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	US TO-S-2020-0331 Malware Activity
5.62.48.19	32	dbc	None	2020-01-08 00:00:00	2021-01-08 00:00:00	None	US TO-S-2020-0236 Application Vulnerability Exploit
5.62.49.26	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
5.62.57.6	32	dbc	None	2020-03-24 00:00:00	2021-03-24 00:00:00	None	GB TO-S-2020-0369 Malicious Email Activity
5.62.60.178	24	BB	None	2021-07-26 00:00:00	2021-10-24 00:00:00	None	SERVER-WEBAPP JBoss JMXInvokerServlet access attempt (1:24343:4) - SourceFire (IP=178,IR)
5.62.63.82	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	OM TO-S-2021-1007 Malware Activity
5.62.63.83	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	OM TO-S-2021-1007 Malware Activity
5.63.151.100	24	RT	None	2021-06-08 00:00:00	2021-09-06 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire Report (IP=100,UK)
5.63.158.20	24	BMP	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=20,RU)
5.65.117.193	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	GB TO-S-2020-0303 Malicious Email Activity
5.67.121.37	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	GB TO-S-2020-0331 Malicious Web Application Activity
5.68.59.206	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	GB TO-S-2020-0298 Malicious Email Activity
5.74.191.179	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	IR TO-S-2020-0303 Malicious Email Activity
5.74.229.23	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	IR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
5.74.66.146	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	IR TO-S-2020-0303 Malicious Email Activity
5.75.116.243	32	dbc	None	2020-01-08 00:00:00	2021-01-08 00:00:00	None	IR TO-S-2020-0236 Malicious Email Activity
5.75.125.108	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	IR TO-S-2020-0331 Malicious Web Application Activity
5.75.28.224	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	IR TO-S-2020-0331 Malicious Web Application Activity
5.75.39.228	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	IR TO-S-2020-0303 Malicious Email Activity
5.77.32.202	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	GB TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
5.77.61.101	32	dbc	None	2020-03-24 00:00:00	2021-03-24 00:00:00	None	US TO-S-2020-0369 Malicious Email Activity
5.77.61.35	32	jkc	None	2021-04-21 00:00:00	2021-10-21 00:00:00	None	Case # 5273 IOC_TO-S-2021-1233 Malicious callback IP
5.79.100.161	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	NL Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
5.79.102.24	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	NL TO-S-2020-0331 Malicious Web Application Activity
5.79.113.168	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	NL TO-S-2020-0459 Malware Activity
5.79.121.69	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	NL TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
5.79.68.103	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	NL Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
5.79.68.103	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	NL Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
5.79.68.103	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	NL Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
5.79.68.107	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=107,NL)
5.79.70.250	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	NL TO-S-2021-0876 Hive Case 4166 Malware Activity
5.79.79.210	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	NL TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
5.8.47.58	24	EE	None	2021-03-14 00:00:00	2021-06-12 00:00:00	None	Malicious IP - Hive Case 5060 (IP=58,NL)
5.83.160.130	32	dbc	None	2020-03-24 00:00:00	2021-03-24 00:00:00	None	DE TO-S-2020-0369 Malicious Email Activity
5.83.162.115	24	RW	None	2020-10-18 00:00:00	2021-01-18 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Sourcefire (IP=115,DE)
5.83.162.32	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	DE TO-S-2021-1007 Malware Activity
5.83.163.69	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	DE TO-S-2021-0876 Hive Case 4166 Malicious Web Application Activity
5.9.106.180	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=180,DE)
5.9.114.25	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	DE TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
5.9.122.50	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	DE TO-S-2020-0750 Malicious Email Activity
5.9.154.17	32	kmw	None	2020-01-02 00:00:00	2021-01-02 00:00:00	None	DE TO-S-2020-0228 Malicious Web Application Activity
5.9.196.81	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	DE Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
5.9.20.142	24	RW	None	2021-05-09 00:00:00	2021-08-09 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt - Sourcefire (IP=142,DE)
5.9.58.51	32	dbc	None	2020-09-17 00:00:00	2021-09-17 00:00:00	None	DE TO-S-2020-0805 Malware Activity
5.97.253.98	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	IT Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
5.97.96.241	24	DT	None	2021-09-11 00:00:00	2021-12-10 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt - Web Attacks (IP=241,IT)
50.110.164.105	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=105,US)
50.115.168.122	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
50.115.41.244	32	NAB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HIVE Case #5136 TO-S-21-1197 TO-S-21-1197.01 (IP=244,US)
50.116.112.104	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	US Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
50.116.112.41	32	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5629 TO-S-2021-1303 (IP=41,US)
50.116.112.42	32	kmw	None	2020-01-02 00:00:00	2021-01-02 00:00:00	None	US TO-S-2020-0228 Malicious Email Activity
50.116.113.64	32	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5637 TO-S-2021-1321 (IP=64,US)
50.116.36.74	32	RW	None	2021-04-09 00:00:00	2021-07-09 00:00:00	None	Adobe ColdFusion Administrator Access Restriction - web attacks (IP=74,US)
50.116.48.121	32	AR	None	2021-08-29 00:00:00	2021-11-27 00:00:00	None	UDS-ColdFusion_logintowizard_RC7261 TT# 21C01639 (IP=121,US)
50.116.48.155	32	AR	None	2021-08-29 00:00:00	2021-11-27 00:00:00	None	SERVER-WEBAPP WordPress Yuzo Related Posts plugin cross site scripting attempt - 6hr Web Attack (IP=155,US)
50.116.48.182	32	AR	None	2021-08-29 00:00:00	2021-11-27 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - TT# 21C01665 (IP=182,US)
50.116.48.214	32	AR	None	2021-08-29 00:00:00	2021-11-27 00:00:00	None	SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1272 attack attempt - 6hr Web Attack (IP=214,US)
50.116.48.26	32	ZH	None	2021-08-28 00:00:00	2021-11-26 00:00:00	None	UDS-ColdFusion_logintowizard_RC7261 TT# 21C01631 (IP=26,US)
50.116.54.30	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	US TO-S-2020-0298 Malware Activity
50.116.54.68	32	AR	None	2021-08-23 00:00:00	2021-11-21 00:00:00	None	SERVER-WEBAPP Fortigate SSL VPN cross site scripting attempt (1:51466:1) - SourceFire Report (IP=68,US)
50.116.59.146	32	BMP	None	2021-08-23 00:00:00	2021-11-21 00:00:00	None	SERVER-WEBAPP Cisco ASA cross site scripting attempt - 6hr Web Attacks (IP=146,US)
50.116.59.218	32	BMP	None	2021-08-23 00:00:00	2021-11-21 00:00:00	None	SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1272 attack attempt - 6hr Web Attacks (IP=218,US)
50.116.60.118	32	BMP	None	2021-08-23 00:00:00	2021-11-21 00:00:00	None	HTTP SQL Injection Attempt - 6hr Web Attacks (IP=118,US)
50.116.60.84	32	BMP	None	2021-08-23 00:00:00	2021-11-21 00:00:00	None	SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1272 attack attempt - 6hr Web Attacks (IP=84,US)
50.116.61.152	32	KD	None	2021-06-04 00:00:00	2021-09-03 00:00:00	None	SERVER-WEBAPP JBoss JMX console access attempt (1:21516:9)- Source Fire (IP=152,US)
50.116.61.184	32	TLM	None	2021-06-17 00:00:00	2021-12-17 00:00:00	None	HIVE Case #5644 TO-S-2021-1352 (IP=184,US)
50.116.63.138	32	BMP	None	2021-08-23 00:00:00	2021-11-21 00:00:00	None	SERVER-WEBAPP WordPress Yuzo Related Posts plugin cross site scripting attempt - 6hr Web Attacks (IP=138,US)
50.116.63.217	32	BMP	None	2021-03-10 00:00:00	2021-06-10 00:00:00	None	SQL injection - HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Failed Logons (IP=217,US)
50.116.63.34	32	wmp	None	2021-05-13 00:00:00	2021-08-13 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=34,US)
50.116.71.87	32	wmp	None	2020-08-26 00:00:00	2021-10-08 00:00:00	None	HIVE Case #3650 COLS-NA-TIP-20-0271 (IP=87,US) | updated by dbc Block expiration extended with reason HIVE Case #4064 TO-S-2020-0859 (IP=87,US)
50.116.72.114	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	US TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
50.116.75.14	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=14,US)
50.116.78.109	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malware Activity
50.116.84.46	32	GED	None	2020-12-04 00:00:00	2021-03-04 00:00:00	None	HIVE Case #NA FP CIO Policy (IP=46,US)
50.116.86.18	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	US TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
50.116.86.34	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=34,US)
50.116.87.114	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	US TO-S-2020-0750 Malicious Email Activity
50.116.87.123	32	dbc	None	2020-03-24 00:00:00	2021-03-24 00:00:00	None	US TO-S-2020-0369 Malicious Email Activity
50.116.87.149	32	wmp	None	2020-09-22 00:00:00	2021-10-29 00:00:00	None	HIVE Case #3941 TO-S-2020-0821 COLS-NA-TIP-20-0298 (IP=149,US) | updated by dbc Block expiration extended with reason US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
50.116.87.98	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	US TO-S-2021-1007 Malicious Email Activity
50.116.93.77	32	dbc	None	2020-04-08 00:00:00	2021-04-08 00:00:00	None	US TO-S-2020-0419 Malware Activity
50.116.95.134	32	dbc	None	2020-06-08 00:00:00	2021-06-08 00:00:00	None	Unafiliated TO-S-2020-0592 Malicious Email Activity
50.117.117.122	32	CR	None	2019-06-10 00:00:00	2021-04-23 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Web Attacks (IP=122,US) | updated by dbc Block was inactive. Reactivated on 20200423 with reason US TO-S-2020-0459 Malware Activity
50.16.65.189	32	DT	None	2021-09-03 00:00:00	2021-12-02 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Source Fire (IP=189,US)
50.17.65.187	32	RW	None	2021-08-31 00:00:00	2021-11-29 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=187,US)
50.18.103.180	32	WR	None	2021-05-19 00:00:00	2021-08-17 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=180,US)
50.18.133.181	32	BMP	None	2021-04-01 00:00:00	2021-06-30 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=181,US)
50.193.234.33	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=33,US)
50.194.105.169	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=169,US)
50.197.169.29	32	BMP	None	2021-03-25 00:00:00	2021-06-23 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=29,US)
50.198.204.178	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=178,US)
50.198.217.249	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=249,US)
50.204.163.42	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=42,US)
50.206.204.146	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	US TO-S-2020-0303 Malicious Email Activity
50.209.239.185	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=185,US)
50.21.198.84	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=84,US)
50.210.54.70	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=70,US)
50.216.236.82	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=82,US)
50.22.208.143	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	US TO-S-2020-0493 Malware Activity
50.22.35.194	32	kmw	None	2020-01-02 00:00:00	2021-01-02 00:00:00	None	US TO-S-2020-0228 Malicious Email Activity
50.22.50.142	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	US TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
50.230.206.11	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=11,US)
50.230.90.146	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=146,US)
50.230.90.170	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=170,US)
50.230.96.23	32	GM	None	2021-03-29 00:00:00	2021-06-29 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=23,US)
50.231.28.86	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=86,US)
50.232.6.146	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=146,US)
50.234.157.99	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=99,US)
50.237.239.238	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=238,US)
50.238.73.2	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=2,US)
50.239.129.14	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=14,US)
50.250.24.174	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	Unaffiliated TO-S-2020-0535 Malware Activity
50.253.33.146	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	US TO-S-2020-0493 Malware Activity
50.28.1.57	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	US TO-S-2020-0698 Malicious Email Activity
50.28.11.132	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	US TO-S-2020-0698 Malicious Email Activity
50.28.40.153	32	dbc	None	2020-09-01 00:00:00	2021-09-01 00:00:00	None	US HIVE Case #3744 TO-S-2020-0772 Malicious Email Activity
50.28.51.143	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malware Activity
50.28.56.78	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	US TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
50.28.9.129	32	wmp	None	2020-08-20 00:00:00	2021-10-08 00:00:00	None	HIVE Case #3601 COLS-NA-TIP-20-0260 (IP=129,US) | updated by dbc Block expiration extended with reason HIVE Case #4064 TO-S-2020-0859 (IP=129,US)
50.28.99.103	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	US TO-S-2020-0750 Malicious Email Activity
50.30.47.172	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
50.31.134.90	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	US TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
50.31.138.189	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
50.31.162.218	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
50.31.21.10	32	wmp	None	2021-02-09 00:00:00	2021-05-09 00:00:00	None	Imperva Suspicious Scan Activity (IP=10,US)
50.31.21.11	32	wmp	None	2021-02-09 00:00:00	2021-05-09 00:00:00	None	Imperva Suspicious Scan Activity (IP=11,US)
50.31.21.6	32	wmp	None	2021-05-13 00:00:00	2021-08-13 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=6,US)
50.31.21.7	32	wmp	None	2021-05-11 00:00:00	2021-08-11 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=7,US)
50.31.6.130	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	US TO-S-2020-0331 Malicious Email Activity
50.31.65.6	32	dbc	None	2020-09-23 00:00:00	2021-09-23 00:00:00	None	US TO-S-2020-0826 Hive Case 3950 Malicious Email Activity
50.39.170.40	32	jkc	None	2021-04-21 00:00:00	2021-10-21 00:00:00	None	Case # 5273 IOC_TO-S-2021-1233 Malicious callback IP
50.47.107.50	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=50,US)
50.57.248.159	32	NAB	None	2021-06-07 00:00:00	2021-09-04 00:00:00	None	HIVE Case #NA FP Security (IP=159,US)
50.62.133.202	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
50.62.138.58	32	wmp	None	2020-08-25 00:00:00	2021-10-08 00:00:00	None	HIVE Case #3649 COLS-NA-TIP-20-0268 (IP=58,US) | updated by dbc Block expiration extended with reason HIVE Case #4064 TO-S-2020-0859 (IP=58,US)
50.62.141.181	32	NAB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HIVE Case #5136 TO-S-21-1197 TO-S-21-1197.01 (IP=181,US)
50.62.141.186	32	NAB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HIVE Case #5136 TO-S-21-1197 TO-S-21-1197.01 (IP=186,US)
50.62.160.103	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
50.62.160.111	32	RR	None	2019-01-21 00:00:00	2021-04-23 00:00:00	None	SQL 1 = 1 - possible sql injection attempt (IP=111,US) | updated by dbc Block was inactive. Reactivated on 20200423 with reason US TO-S-2020-0459 Malware Activity
50.62.160.231	32	NAB	None	2021-01-07 00:00:00	2021-04-07 00:00:00	None	HIVE Case #NA FP Security (IP=231,US)
50.62.160.250	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	US TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
50.62.160.28	32	RR	None	2018-06-19 05:00:00	2021-04-23 00:00:00	None	HTTP: Blind SQL Injection - Timing (IP=28,US) | updated by RWB Block was inactive. Reactivated on 20191024 with reason FILE-IMAGE Microsoft Windows Paint JPEG with malformed SOFx field integer overflow attempt - sourcefire (IP=28,US) | updated by dbc
50.62.160.32	32	BLP	None	2016-09-24 05:00:00	2021-12-17 00:00:00	None	SQL union select - possible sql injection attempt - GET parameter | updated by TLM Block was inactive. Reactivated on 20210617 with reason HIVE Case #5644 TO-S-2021-1352 (IP=32,US)
50.62.160.33	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	US Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
50.62.160.37	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	US TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
50.62.160.93	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=93,US)
50.62.161.227	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
50.62.161.81	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
50.62.172.113	32	dbc	None	2020-11-19 00:00:00	2021-05-21 00:00:00	None	US TO-S-2021-0941 Hive Case 4361 Malicious Email Activity | Unblocked - IP hosts over 3.8K sites
50.62.176.139	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
50.62.176.23	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
50.62.176.97	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
50.62.177.19	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
50.62.177.190	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
50.62.177.193	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	US TO-S-2020-0493 Malware Activity
50.62.177.223	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
50.62.177.237	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
50.62.177.26	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
50.62.198.97	32	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	US TO-S-2020-0838 Malicious Email Activity
50.62.208.102	32	RB	None	2019-09-15 00:00:00	2021-05-07 00:00:00	None	Possible SQLi attempt - TT# 19C03248 (IP=102,US) | updated by dbc Block was inactive. Reactivated on 20200507 with reason US TO-S-2020-0493 Malware Activity
50.62.208.143	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
50.62.208.148	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
50.62.208.158	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
50.62.208.170	32	RW	None	2020-03-17 00:00:00	2021-05-07 00:00:00	None	SQL HTTP URI blind injection attempt - Sourcefire (IP=170,US) | updated by dbc Block expiration extended with reason US TO-S-2020-0493 Malware Activity
50.62.208.78	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
50.62.22.112	32	TLM	None	2021-06-17 00:00:00	2021-12-17 00:00:00	None	HIVE Case #5644 TO-S-2021-1352 (IP=112,US)
50.62.235.1	32	dbc	None	2020-09-17 00:00:00	2021-09-17 00:00:00	None	US TO-S-2020-0805 Malicious Email Activity
50.62.26.129	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
50.62.49.1	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=1,US)
50.62.64.1	32	dbc	None	2020-09-17 00:00:00	2021-09-17 00:00:00	None	US TO-S-2020-0805 Malicious Email Activity
50.62.81.222	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=222,US)
50.62.88.87	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=87,US)
50.62.89.79	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=79,US)
50.63.12.204	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	US TO-S-2020-0493 Malware Activity
50.63.14.194	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
50.63.162.9	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	US TO-S-2020-0303 Malicious Web Application Activity
50.63.165.203	32	dbc	None	2020-06-10 00:00:00	2021-06-10 00:00:00	None	Unaffiliated TO-S-2020-0601 Malicious Email Activity
50.63.202.69	32	dbc	None	2020-06-10 00:00:00	2021-06-10 00:00:00	None	Unaffiliated TO-S-2020-0601 Malicious Email Activity
50.63.7.2	32	TLM	None	2021-06-14 00:00:00	2021-12-14 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=2,US)
50.63.70.1	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
50.63.80.1	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
50.63.92.167	32	BMP	None	2020-03-26 00:00:00	2021-10-08 00:00:00	None	HTTP: Blind SQL Injection - Timing - 6hr Web Attacks (IP=167,US) | updated by wmp Block was inactive. Reactivated on 20200902 with reason HIVE Case #3725 COLS-NA-TIP-20-0277 (IP=167,US) | updated by dbc Block expiration extended with reason HIVE Case
50.7.218.2	32	wmp	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=2,NL)
50.73.245.9	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
50.74.229.115	32	wmp	None	2019-02-04 00:00:00	2021-04-23 00:00:00	None	CMS Getshell Vulnerability (IP=115,US) | updated by dbc Block was inactive. Reactivated on 20200423 with reason US TO-S-2020-0459 Malware Activity
50.76.222.227	32	GM	None	2020-11-28 00:00:00	2021-02-28 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - Failed Logons (IP=227,US)
50.78.158.173	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=173,US)
50.86.176.2	32	BMP	None	2020-12-15 00:00:00	2021-03-15 00:00:00	None	SQL 1 = 1 - possible sql injection attempt - 6hr Web Attacks (IP=2,US)
50.86.52.86	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=86,US)
50.87.111.194	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	US TO-S-2020-0698 Malicious Email Activity
50.87.114.150	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=150,US)
50.87.144.227	32	dbc	None	2020-05-27 00:00:00	2021-05-27 00:00:00	None	Unafilliated TO-S-2020-0559.01 Malicious Email Activity
50.87.144.227	32	dbc	None	2020-05-22 00:00:00	2021-05-22 00:00:00	None	Unafilliated TO-S-2020-0559 Malicious Email Activity
50.87.145.130	32	dbc	None	2020-05-13 00:00:00	2021-05-13 00:00:00	None	Unaffiliated TO-S-2020-0503 Malicious Email Activity
50.87.145.146	32	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	US TO-S-2020-0315 Malicious Web Application Activity
50.87.146.86	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	US TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
50.87.146.86	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	US TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
50.87.146.86	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	US TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
50.87.147.114	32	NAB	None	2021-04-05 00:00:00	2021-07-04 00:00:00	None	HIVE Case #5201 TO-S-21-1209 (IP=114,US)
50.87.150.131	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	US TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
50.87.153.10	32	TLM	None	2021-06-10 00:00:00	2021-12-10 00:00:00	None	HIVE CASE #5606 TO-S-2021-1338
50.87.153.121	32	TLM	None	2021-06-10 00:00:00	2021-12-10 00:00:00	None	HIVE CASE #5606 TO-S-2021-1338
50.87.176.218	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	US TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
50.87.176.218	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	US TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
50.87.2.120	32	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	US TO-S-2020-0838 Malicious Email Activity
50.87.230.23	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=23,US)
50.87.233.33	32	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5637 TO-S-2021-1321 (IP=33,US)
50.87.248.173	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
50.87.248.248	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
50.87.249.26	32	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	US TO-S-2020-0838 Malicious Email Activity
50.87.249.53	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
50.87.253.14	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=14,US)
50.87.253.38	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
50.87.253.50	32	NAB	None	2021-04-05 00:00:00	2021-07-04 00:00:00	None	HIVE Case #5201 TO-S-21-1209 (IP=50,US)
50.87.29.104	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=104,US)
50.87.34.191	32	TLM	None	2021-07-29 00:00:00	2021-10-27 00:00:00	None	HIVE Case #5884 TO-S-2021-1435 (IP=191,US)
50.87.44.232	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	US TO-S-2021-1007 Malicious Email Activity
50.93.195.11	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
50.93.31.178	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	CA TO-S-2020-0459 Malware Activity
50.97.234.35	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	US TO-S-2020-0698 Malware Activity
51.103.82.26	32	RW	None	2020-10-04 00:00:00	2021-01-04 00:00:00	None	Unauthorized Access-Probe/UDP: Host Sweep - TT# 21C00020 (IP=26,FR)
51.104.214.45	24	RR	None	2021-09-17 00:00:00	2021-12-20 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 21C01879 (IP=45,GB)
51.105.151.252	24	RR	None	2021-04-01 00:00:00	2021-06-30 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt -SourceFire (IP=252,NL)
51.105.54.178	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	MULTIPLE UNRECOGNIZED TECHNIQUES; FORWARD TO DEV TEAM (IP=178,US)
51.11.245.122	24	RR	None	2020-12-29 00:00:00	2021-03-29 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - SourceFire (IP=122,FR)
51.11.246.68	24	RR	None	2020-12-07 00:00:00	2021-03-07 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=68,GB)
51.116.100.1	32	RW	None	2021-09-17 00:00:00	2021-12-16 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - IR# 21C01876 (IP=1,GB)
51.136.15.196	24	RR	None	2021-08-31 00:00:00	2021-12-15 00:00:00	None	SQL injection - Web Attacks (IP=196,NL) | updated by RW Block expiration extended with reason SQL injection - Web Attacks (IP=196,NL)
51.136.50.73	24	GM	None	2020-11-20 00:00:00	2021-02-20 00:00:00	None	Generic URI Injection wget Attempt - FireEye CMS (IP=73,NL)
51.140.228.73	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=73,GB)
51.144.169.92	24	RW	None	2021-03-10 00:00:00	2021-06-10 00:00:00	None	SERVER-WEBAPP LifeRay arbitrary Java object deserialization attempt - Sourcefire (IP=92,NL)
51.145.141.239	24	DT	None	2021-03-30 00:00:00	2021-06-28 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=239,NL)
51.15.10.148	32	RT	None	2021-09-01 00:00:00	2021-11-30 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) TT# 21C01735 (IP=148,NL)
51.15.10.166	24	BMP	None	2021-03-16 00:00:00	2021-06-14 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt (1:28556:3) - SourceFire (IP=166,NL)
51.15.103.21	32	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	NL TO-S-2020-0838 Malicious Email Activity
51.15.124.1	32	RR	None	2021-03-09 00:00:00	2021-06-07 00:00:00	None	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00594 (IP=1,NL)
51.15.126.223	24	EE	None	2021-03-12 00:00:00	2021-06-10 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=223,NL)
51.15.129.225	24	RR	None	2021-03-23 00:00:00	2021-06-21 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=225,FR)
51.15.13.43	24	CR	None	2021-05-31 00:00:00	2021-08-29 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt - Sourcefire (IP=43,NL)
51.15.138.119	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	FR TO-S-2020-0459 Malware Activity
51.15.15.191	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	NL Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
51.15.163.28	32	wmp	None	2021-05-06 00:00:00	2021-08-06 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=28,FR)
51.15.187.153	24	EE	None	2021-04-12 00:00:00	2021-08-21 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attack (IP=153,FR) | updated by RR Block expiration extended with reason SERVER-WEBAPP PHPUnit PHP remote code execution attempt - SourceFire (IP=153,FR)
51.15.189.102	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	FR TO-S-2020-0493 Malware Activity
51.15.193.104	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	FR TO-S-2020-0493 Malware Activity
51.15.200.62	24	ZH	None	2021-09-08 00:00:00	2021-12-07 00:00:00	None	SQL injection - 6hr Web Attacks (IP=62,FR)
51.15.21.167	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	NL Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
51.15.219.222	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	FR TO-S-2020-0535 Malicious Email Activity
51.15.231.140	24	BMP	None	2021-04-02 00:00:00	2021-07-01 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=140,FR)
51.15.252.198	32	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	FR TO-S-2020-0315 Malicious Email Activity
51.15.27.138	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	NL Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
51.15.46.5	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	NL TO-S-2020-0459 Malware Activity
51.15.48.187	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	NL TO-S-2020-0459 Malware Activity
51.15.48.187	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	NL TO-S-2020-0459 Malware Activity
51.15.54.32	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	NL TO-S-2020-0459 Malware Activity
51.15.62.92	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	NL TO-S-2020-0459 Malware Activity
51.15.7.134	24	KD	None	2021-08-10 00:00:00	2021-11-08 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt - SourceFire (IP=134,NL)
51.15.76.246	32	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5629 TO-S-2021-1303 (IP=246,NL)
51.15.76.246	32	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5629 TO-S-2021-1303 (IP=246,NL)
51.15.89.38	24	BMP	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=38,NL)
51.15.96.233	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	NL TO-S-2020-0459 Malware Activity
51.158.111.255	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	FR TO-S-2021-0876 Hive Case 4166 Malicious Web Application Activity
51.158.119.4	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	FR TO-S-2020-0459 Malware Activity
51.158.123.250	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	FR TO-S-2020-0459 Malware Activity
51.158.124.52	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	FR TO-S-2020-0698 Malicious Web Application Activity
51.158.147.3	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	FR TO-S-2020-0535 Malware Activity
51.158.175.139	25	JKC	None	2021-06-08 00:00:00	2021-06-08 00:00:00	None	Malicious IP Hive Case 2977 TIPPER 20-0172 (ip=139, GB)
51.158.187.57	32	RW	None	2020-10-21 00:00:00	2021-01-21 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - TT# 21C00173 (IP=57,NL)
51.158.24.19	32	RB	None	2021-02-14 00:00:00	2021-05-15 00:00:00	None	Unauthorized Access-Probe / UDP: Host Sweep - TT # 21C00498 (IP=19,FR)
51.158.68.68	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	FR Hive Case 4187 TO-S-2021-0898 Malicious Web Application Activity
51.158.77.80	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	FR TO-S-2020-0750 Malicious Email Activity
51.159.0.138	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	FR TO-S-2020-0459 Malware Activity
51.159.23.217	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	FR TO-S-2021-0876 Hive Case 4166 Malware Activity
51.159.28.101	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	FR Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
51.161.107.12	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	CA TO-S-2020-0331 Malware Activity
51.161.11.232	24	EE HTTP:	None	2021-03-19 00:00:00	2021-06-17 00:00:00	None	PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attack (IP=232,FR)
51.161.122.143	24	DT	None	2021-03-14 00:00:00	2021-06-30 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=143,CA) | updated by BMP Block expiration extended with reason HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=143,FR)
51.161.31.150	32	wmp	None	2021-02-09 00:00:00	2021-05-09 00:00:00	None	Firepower Suspicious Scan Activity (IP=150,CA)
51.161.43.235	32	GM	None	2021-03-09 00:00:00	2021-06-07 00:00:00	None	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00616 (IP=235,CA)
51.161.86.123	32	TLM	None	2021-06-17 00:00:00	2021-12-17 00:00:00	None	HIVE Case #5644 TO-S-2021-1352 (IP=123,CA)
51.178.206.167	24	BMP	None	2020-10-15 00:00:00	2021-01-13 00:00:00	None	MALWARE-CNC known malicious SSL certificate - Odinaff C&C - SourceFire (IP=167,IT)
51.178.41.176	24	EE	None	2021-03-28 00:00:00	2021-10-11 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=176,FR) | updated by KD Block was inactive. Reactivated on 20210713 with reason HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841)- Web Attacks (IP=176,FR)
51.178.42.14	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	FR TO-S-2020-0750 Malicious Email Activity
51.178.47.149	24	EE	None	2021-03-03 00:00:00	2021-06-02 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=149,FR)
51.178.9.212	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	FR TO-S-2020-0331 Malware Activity
51.178.94.149	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	FR TO-S-2020-0698 Malicious Email Activity
51.195.111.108	32	GM	None	2020-11-20 00:00:00	2021-02-20 00:00:00	None	Unauthorized Access-Probe - TT # 21C00246 (IP=108,NL)
51.195.117.247	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	GB TO-S-2021-1007 Malicious Email Activity
51.195.136.158	24	RR	None	2021-03-30 00:00:00	2021-06-28 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=158,FR)
51.195.166.164	32	RR	None	2021-03-09 00:00:00	2021-06-07 00:00:00	None	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00576 (IP=164,GB)
51.195.167.73	24	GM	None	2020-12-08 00:00:00	2021-03-08 00:00:00	None	Masscan TCP Port Scanner - FireEye CMS (IP=73,GB)
51.195.170.12	32	wmp	None	2020-09-16 00:00:00	2021-11-03 00:00:00	None	HIVE Case #3909 COLS-NA-TIP-20-0296 (IP=12,FR) | updated by dbc Block expiration extended with reason FR Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
51.195.202.210	24	BMP	None	2021-03-30 00:00:00	2021-06-28 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=210,FR)
51.195.208.235	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=235,FR)
51.195.220.90	24	FT	None	2021-03-30 00:00:00	2021-06-28 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=90,FR)
51.195.5.232	32	nab	None	2021-01-21 00:00:00	2021-04-21 00:00:00	None	HIVE Case #NA Potential Adware (IP=232,DE)
51.195.5.38	32	nab	None	2021-01-21 00:00:00	2021-04-21 00:00:00	None	HIVE Case #NA Potential Adware (IP=38,DE)
51.195.5.40	32	nab	None	2021-01-21 00:00:00	2021-04-21 00:00:00	None	HIVE Case #NA Potential Adware (IP=40,DE)
51.195.55.2	32	BMP	None	2020-11-19 00:00:00	2021-02-19 00:00:00	None	Unauthorized Access-Probe - TT# 21C00241 (IP=2,JP)
51.195.55.6	32	GM	None	2020-11-29 00:00:00	2021-03-01 00:00:00	None	Unauthorized Access-Probe / UDP: Host Sweep - TT # 21C00262 (IP=6,NL)
51.195.70.167	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	HIVE Case #Firepower Firepower (IP=167,FR)
51.195.77.9	32	BMP	None	2020-12-13 00:00:00	2021-03-13 00:00:00	None	Unauthorized Access-Probe / UDP: Host Sweep - TT# 21C00284 (IP=9,CA)
51.195.91.189	24	RR	None	2021-04-01 00:00:00	2021-06-30 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt -SourceFire (IP=189,DE)
51.210.125.33	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=33,FR)
51.210.138.71	32	NAB	None	2021-05-11 00:00:00	2021-11-11 00:00:00	None	HIVE Case #5422 DARKSIDE Ransomware (IP=71,FR)
51.210.14.120	24	BMP	None	2021-04-01 00:00:00	2021-06-30 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=120,FR)
51.210.150.251	24	BMP	None	2021-03-30 00:00:00	2021-06-28 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=251,FR)
51.210.3.158	32	TLM	None	2021-06-17 00:00:00	2021-12-17 00:00:00	None	HIVE Case #5644 TO-S-2021-1352 (IP=158,FR)
51.210.43.26	24	EE	None	2021-03-22 00:00:00	2021-06-20 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attack(IP=26,FR)
51.210.45.213	24	DT	None	2021-03-03 00:00:00	2021-06-02 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=213,FR)
51.210.71.99	24	DT	None	2021-09-12 00:00:00	2021-12-11 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=99,FR)
51.210.80.127	32	RR	None	2021-03-09 00:00:00	2021-06-07 00:00:00	None	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00601 (IP=127,FR)
51.211.223.21	24	KD	None	2021-05-28 00:00:00	2021-08-27 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (1:42857:3) -Sourcefire (IP=21,SA)
51.211.69.24	24	ZH	None	2021-07-05 00:00:00	2021-10-03 00:00:00	None	SQL injection - 6hr Web Attacks (IP=24,SA)
51.222.0.40	32	dbc	None	2020-06-08 00:00:00	2021-06-08 00:00:00	None	FR TO-S-2020-0592 Malicious Email Activity
51.222.117.13	24	EE	None	2021-03-28 00:00:00	2021-06-26 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=13,FR)
51.222.137.154	24	CR	None	2021-05-29 00:00:00	2021-08-27 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - 6hr Web Attacks (IP=154,FR)
51.222.139.65	24	DT	None	2021-02-04 00:00:00	2021-05-04 00:00:00	None	SSH2 Failed Login Attempt - 6hr Failed Logons (IP=65,CA)
51.222.25.14	24	GM	None	2021-03-29 00:00:00	2021-06-29 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=14,CA)
51.222.26.54	32	dbc	None	2020-09-17 00:00:00	2021-09-17 00:00:00	None	FR TO-S-2020-0805 Malicious Email Activity
51.222.32.200	24	DT	None	2021-03-14 00:00:00	2021-06-14 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=200,CA)
51.222.43.131	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	CA Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
51.222.85.62	24	GM	None	2021-03-04 00:00:00	2021-06-05 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=62,CA)
51.222.88.248	32	RR	None	2021-07-02 00:00:00	2021-09-30 00:00:00	None	Unauthorized Access-Probe/UDP: Host Sweep - TT# 21C01347 (IP=248,CA)
51.235.64.0	19	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	SA Hive Case 4237 TO-S-2021-0910 Malware Activity
51.254.202.4	24	FT	None	2021-03-30 00:00:00	2021-06-28 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=4,FR)
51.254.220.139	24	RW	None	2021-04-18 00:00:00	2021-07-18 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - Web attacks (IP=139,FR)
51.254.241.158	24	EE	None	2021-06-29 00:00:00	2021-09-27 00:00:00	None	HIVE Case #5669 IOC_ Nobelium (IP=158,FR)
51.254.27.232	24	SW	None	2021-06-09 00:00:00	2021-09-07 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=232,FR)
51.254.75.185	24	CR	None	2020-12-29 00:00:00	2021-03-29 00:00:00	None	Masscan TCP Port Scanner - IPS Events (IP=185,FR
51.38.107.237	32	NAB	None	2020-11-13 00:00:00	2021-02-11 00:00:00	None	HIVE Case #4305 COLS-NA-TIP-20-0351 (IP=237,DE)
51.38.40.95	24	RR	None	2021-05-24 00:00:00	2021-08-22 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability - Web Attack (IP=95,FR) | updated by RR Block expiration extended with reason HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=95,FR) HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (
51.38.40.95	24	CR	None	2021-05-13 00:00:00	2021-08-22 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability - Web Attack (IP=95,FR) | updated by RR Block expiration extended with reason HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=95,FR) HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (
51.38.58.203	24	AR	None	2021-08-13 00:00:00	2021-11-11 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt (1:48837:6) - SourceFire Report (IP=203,FR)
51.38.64.136	32	GM	None	2021-03-09 00:00:00	2021-06-07 00:00:00	None	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00612 (IP=136,US)
51.38.85.225	24	EE	None	2021-06-29 00:00:00	2021-09-27 00:00:00	None	HIVE Case #5669 IOC_ Nobelium (IP=225,GB)
51.39.224.0	21	jkc	None	2021-04-21 00:00:00	2021-10-21 00:00:00	None	Case # 5273 IOC_TO-S-2021-1233 Malicious callback IP
51.68.11.211	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	FR TO-S-2020-0459 Malware Activity
51.68.119.230	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	FR TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
51.68.119.89	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	FR TO-S-2020-0303 Malware Activity
51.68.120.183	32	BMP	None	2020-03-05 00:00:00	2021-10-29 00:00:00	None	Known Attack Tool User Agent / HTTP: Masscan Scanner Traffic Detected - TT# 20C02007 (IP=183,FR) | updated by dbc Block was inactive. Reactivated on 20201029 with reason FR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
51.68.136.67	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	FR TO-S-2020-0298 Malicious Email Activity
51.68.153.200	24	RW	None	2021-03-13 00:00:00	2021-06-13 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=200,FR)
51.68.173.193	32	dbc	None	2020-03-24 00:00:00	2021-03-24 00:00:00	None	DE TO-S-2020-0369 Malware Activity
51.68.173.251	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	FR TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
51.68.180.4	24	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=4,FR)
51.68.202.68	32	dbc	None	2020-06-08 00:00:00	2021-06-08 00:00:00	None	GB TO-S-2020-0592 Malware Activity
51.68.225.51	32	RW	None	2019-11-07 00:00:00	2021-10-29 00:00:00	None	28744: HTTP: MASSCAN Tool Usage - TT# 20C00889 (IP=51,US) | updated by RR Block was inactive. Reactivated on 20200330 with reason Known Attack Tool User Agent/ HTTP: Masscan Scanner Traffic Detected - TT# 20C02246 (IP=51,FR) | updated by dbc Block was
51.68.226.118	32	RR	None	2020-02-29 00:00:00	2021-10-29 00:00:00	None	Known Attack Tool User Agent/28744: HTTP: MASSCAN Tool Usage - TT# 20C01880 (IP=118,FR) | updated by dbc Block was inactive. Reactivated on 20201029 with reason FR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
51.68.230.150	32	dbc	None	2020-03-24 00:00:00	2021-03-24 00:00:00	None	FR TO-S-2020-0369 Malicious Email Activity
51.68.35.162	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	FR TO-S-2020-0535 Malware Activity
51.68.35.2	24	EE	None	2021-01-21 00:00:00	2021-04-22 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - 6 HR Web Attack (IP=2,FR)
51.68.36.205	24	RW	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr web attacks (IP=205,FR)
51.68.46.70	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	FR TO-S-2020-0459 Malware Activity
51.68.70.66	32	KF	None	2020-03-30 00:00:00	2021-10-29 00:00:00	None	Known Attack Tool User Agent - TT# 20C02250 (IP=66,US) | updated by dbc Block was inactive. Reactivated on 20201029 with reason FR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
51.68.77.242	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	FR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
51.68.80.29	24	EE	None	2021-04-02 00:00:00	2021-07-01 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attack (IP=29,FR)
51.68.97.4	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=4,FR)
51.75.122.170	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	FR TO-S-2020-0303 Malicious Email Activity
51.75.135.31	24	DT	None	2021-03-25 00:00:00	2021-06-23 00:00:00	None	TCP: SYN Host Sweep (IP=31,FR)
51.75.144.43	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	DE TO-S-2021-1007 Malware Activity
51.75.146.199	32	nab	None	2021-01-21 00:00:00	2021-04-21 00:00:00	None	HIVE Case #NA Potential Adware (IP=199,DE)
51.75.146.199	32	nab	None	2021-01-21 00:00:00	2021-04-21 00:00:00	None	HIVE Case #NA Potential Adware (IP=199,DE)
51.75.146.199	32	nab	None	2021-01-21 00:00:00	2021-04-21 00:00:00	None	HIVE Case #NA Potential Adware (IP=199,DE)
51.75.146.200	32	nab	None	2021-01-21 00:00:00	2021-04-21 00:00:00	None	HIVE Case #NA Potential Adware (IP=200,DE)
51.75.146.200	32	nab	None	2021-01-21 00:00:00	2021-04-21 00:00:00	None	HIVE Case #NA Potential Adware (IP=200,DE)
51.75.146.200	32	nab	None	2021-01-21 00:00:00	2021-04-21 00:00:00	None	HIVE Case #NA Potential Adware (IP=200,DE)
51.75.166.226	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	FR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
51.75.167.97	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	GB Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
51.75.175.27	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	GB TO-S-2021-1007 Malware Activity
51.75.194.15	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	FR TO-S-2020-0535 Malware Activity
51.75.208.180	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	FR TO-S-2020-0459 Malware Activity
51.75.208.180	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	FR TO-S-2020-0459 Malware Activity
51.75.24.151	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	FR TO-S-2020-0298 Malicious Email Activity
51.75.52.119	32	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	PL TO-S-2020-0315 Malicious Web Application Activity
51.75.69.187	24	EE	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=187,DE)
51.75.72.199	32	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	DE TO-S-2020-0315 Malware Activity
51.75.79.181	32	RW	None	2021-03-10 00:00:00	2021-06-08 00:00:00	None	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00667 (IP=181,DE)
51.75.86.211	32	FT	None	2021-01-22 00:00:00	2021-04-22 00:00:00	None	Unauthorized Access-Probe - TT: 21C00426 (IP=211,DE)
51.75.90.102	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	FR TO-S-2021-1007 Malicious Email Activity
51.77.110.32	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	GB TO-S-2020-0459 Malware Activity
51.77.110.48	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	GB Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
51.77.145.150	24	GM	None	2021-04-02 00:00:00	2021-07-02 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=150,FR)
51.77.165.200	32	RB	None	2021-02-26 00:00:00	2021-05-27 00:00:00	None	Unauthorized Access-Probe/UDP: Host Sweep - TT# 21C00531 (IP=200,US)
51.77.175.198	24	RR	None	2021-09-13 00:00:00	2021-12-12 00:00:00	None	SQL injection - Web Attacks (IP=198,FR)
51.77.188.227	24	GM	None	2021-02-24 00:00:00	2021-06-24 00:00:00	None	SERVER-WEBAPP JBoss JMX console access attempt - Web Attacks (IP=227,FR)
51.77.2.7	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	ES TO-S-2020-0459 Malware Activity
51.77.205.28	32	wmp	None	2020-07-17 00:00:00	2021-09-17 00:00:00	None	HIVE Case #3353 TO-S-2020-0682 COLS-NA-TIP-20-0223 (IP=28,FR) | updated by dbc Block expiration extended with reason FR TO-S-2020-0805 Malicious Email Activity
51.77.221.224	24	RW	None	2021-08-31 00:00:00	2021-11-29 00:00:00	None	SERVER-APACHE Apache Struts remote code execution attempt - POST parameter (1:23631:7) - SourceFire (IP=224,FR)
51.77.238.75	32	RW	None	2021-02-02 00:00:00	2021-05-02 00:00:00	None	Unauthorized Access-Probe/ UDP: Host Sweep - TT# 21C00460 (IP=75,FR)
51.77.52.99	24	DT	None	2021-04-04 00:00:00	2021-07-03 00:00:00	None	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection TT# 21C00976 (IP=99,NL)
51.77.58.242	24	FT	None	2021-03-14 00:00:00	2021-06-14 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=242,PL)
51.77.61.253	32	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	PL TO-S-2020-0838 Malicious Email Activity
51.79.101.16	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	CA TO-S-2021-1007 Malware Activity
51.79.144.215	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	SG Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
51.79.155.176	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=176,SG)
51.79.161.132	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=132,SG)
51.79.161.140	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	SG TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
51.79.161.230	32	TLM	None	2021-06-10 00:00:00	2021-12-10 00:00:00	None	HIVE CASE #5606 TO-S-2021-1338
51.79.164.42	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=42,SG)
51.79.176.221	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=221,SG)
51.79.215.64	24	KD	None	2021-06-04 00:00:00	2021-09-03 00:00:00	None	HTTP: SQL Injection Attempt Detected - Web Attacks (IP=64,CA)
51.79.27.238	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	CA TO-S-2021-1007 Malware Activity
51.79.28.249	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	CA TO-S-2021-1007 Malware Activity
51.79.29.240	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	CA TO-S-2020-0698 Malicious Email Activity
51.79.29.248	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	CA Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
51.79.30.167	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	CA TO-S-2020-0493 Malware Activity
51.79.43.14	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	CA TO-S-2020-0459 Malware Activity
51.79.51.228	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	CA TO-S-2020-0493 Malware Activity
51.79.62.52	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	GB TO-S-2020-0698 Malware Activity
51.79.69.241	32	RR	None	2021-03-09 00:00:00	2021-06-07 00:00:00	None	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00588 (IP=241,CA)
51.79.73.217	32	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	CA TO-S-2020-0838 Malicious Email Activity
51.79.99.17	24	KD	None	2021-06-17 00:00:00	2021-09-16 00:00:00	None	Unauthorized Access-Probe/UDP: Host Sweep - TT 21C01332 (IP=17,CA)
51.81.102.76	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	US Hive Case 4237 TO-S-2021-0910 Malware Activity
51.81.102.76	32	FT	None	2020-10-08 00:00:00	2021-01-06 00:00:00	None	TO-S-2020-0866/Pulse Report 175495-20 - TT# 21C00052 (IP=76,US)
51.81.112.190	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	US TO-S-2020-0750 Malicious Email Activity
51.81.135.80	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=80,US)
51.81.152.39	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	US TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
51.81.17.209	32	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	US TO-S-2020-0315 Malware Activity
51.81.29.194	32	ZH	None	2021-06-27 00:00:00	2021-09-25 00:00:00	None	SQL injection - 6hr Web Attacks (IP=194,US)
51.81.73.208	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=208,US)
51.81.84.37	32	RW	None	2021-03-10 00:00:00	2021-06-10 00:00:00	None	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00663 (IP=37,US)
51.81.86.186	32	TLM	None	2021-06-17 00:00:00	2021-12-17 00:00:00	None	HIVE Case #5644 TO-S-2021-1352 (IP=186,US)
51.81.96.4	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	US TO-S-2020-0303 Malicious Web Application Activity
51.83.12.214	32	dbc	None	2020-01-08 00:00:00	2021-01-08 00:00:00	None	FR TO-S-2020-0236 Malicious Email Activity
51.83.200.184	24	CR	None	2020-12-29 00:00:00	2021-03-29 00:00:00	None	Masscan TCP Port Scanner - IPS Events (IP=184,FR
51.83.209.11	32	dbc	None	2020-09-17 00:00:00	2021-09-17 00:00:00	None	FR TO-S-2020-0805 Malicious Web Application Activity
51.83.234.50	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	FR TO-S-2020-0331 Malicious Web Application Activity
51.83.234.53	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	FR TO-S-2020-0331 Malicious Web Application Activity
51.83.254.202	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	PL Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
51.83.41.254	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	FR TO-S-2020-0493 Malware Activity
51.83.66.220	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	FR TO-S-2020-0459 Malware Activity
51.89.125.18	16	CJC	None	2020-12-13 00:00:00	2021-12-13 00:00:00	None	Hive Case # 4481 - FireEye Blog IP related to SunBurst Backdoor (IP=18,DE)
51.89.153.79	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	Unaffiliated TO-S-2020-0535 Malicious Email Activity
51.89.156.7	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	GB TO-S-2020-0750 Malicious Email Activity
51.89.156.9	32	wmp	None	2020-06-19 00:00:00	2021-09-01 00:00:00	None	HIVE Case #3038 CTO-20-168 (IP=9,GB) | updated by wmp Block expiration extended with reason HIVE Case #3212 CTO-20-182 (IP=9,GB) | updated by dbc Block expiration extended with reason FR HIVE Case #3744 TO-S-2020-0772 Malicious Activity
51.89.157.100	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	GB TO-S-2020-0493 Malware Activity
51.89.171.239	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	FR Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
51.89.188.34	32	RW	None	2019-09-03 00:00:00	2021-02-20 00:00:00	None	HTTP: Joomla HTTP Header Unauthenticated Remote Code Execution - TT# 19C03122 (IP=3,US) | updated by dbc Block was inactive. Reactivated on 20200220 with reason US TO-S-2020-0303 Malicious Web Application Activity
51.89.203.215	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	FR TO-S-2020-0331 Malware Activity
51.89.208.88	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	FR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
51.89.254.25	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	GB Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
51.89.6.79	32	DT	None	2020-11-07 00:00:00	2021-02-07 00:00:00	None	Unauthorized Access-Probe / UDP: Host
51.89.99.120	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	FR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
51.91.120.249	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	FR Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
51.91.123.145	24	FT	None	2021-04-08 00:00:00	2021-07-07 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr web attacks (IP=145,FR)
51.91.188.128	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	FR TO-S-2020-0331 Malware Activity
51.91.19.92	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	FR TO-S-2020-0493 Malware Activity
51.91.38.190	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	NL TO-S-2020-0459 Malware Activity
51.91.68.154	24	BMP	None	2021-03-08 00:00:00	2021-06-08 00:00:00	None	SERVER-WEBAPP LifeRay arbitrary Java object deserialization attempt - 6hr Web Attacks (IP=154,FR)
51.91.76.190	24	RR	None	2021-03-29 00:00:00	2021-06-27 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=190,FR)
51.91.77.138	24	BMP	None	2021-04-02 00:00:00	2021-07-01 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=128,FR)
51.91.94.80	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	FR TO-S-2020-0493 Malware Activity
52.109.8.24	32	WR	None	2021-07-21 00:00:00	2021-10-19 00:00:00	None	ABOT: MadnessPro Traffic Detected - TT# 21C01469 (IP=24,US)
52.115.248.9	32	EE	None	2021-04-07 00:00:00	2021-07-06 00:00:00	None	malicious activity against the best interest of the Army - TT# 21C00983 (IP=9,US)
52.12.45.88	32	ZH	None	2021-07-04 00:00:00	2021-10-02 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=88,US)
52.129.92.13	32	NAB	None	2021-01-07 00:00:00	2021-04-07 00:00:00	None	HIVE Case #NA FP Security (IP=13,US)
52.137.44.93	24	BMP	None	2021-05-26 00:00:00	2021-08-24 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=93,NL)
52.137.44.93	24	BMP	None	2021-05-26 00:00:00	2021-08-24 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=93,NL)
52.138.36.40	24	BMP	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=40,CA)
52.140.100.150	24	DT	None	2021-04-13 00:00:00	2021-07-12 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr web attacks (IP=150,IN)
52.141.63.69	24	RR	None	2021-03-09 00:00:00	2021-06-07 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=69,KR)
52.146.34.52	32	BMP	None	2021-06-03 00:00:00	2021-09-01 00:00:00	None	AVSuiteWebshell.Binary.php.FEC2 - Hive Case 5434 (IP=52,US)
52.146.34.52	32	BMP	None	2021-06-03 00:00:00	2021-09-01 00:00:00	None	AVSuiteWebshell.Binary.php.FEC2 - Hive Case 5434 (IP=52,US)
52.147.166.246	32	GM	None	2020-11-29 00:00:00	2021-03-01 00:00:00	None	SERVER-WEBAPP ZyXEL P660HN ADSL Router viewlog.asp command injection attempt - Web Attacks (IP=246,US)
52.147.203.195	32	KH	None	2021-09-22 00:00:00	2021-12-21 00:00:00	None	WordPress Contact Form 7 CVE-2020-35489 File Upload Vulnerability - Sourcefire (IP=195,US)
52.15.65.1	32	CR	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Hive Case 4497 IOC Hit Found (Hive_4494-WebNavigatorBrowser IOCs-Malicious Software-20201207), 10.0.0.13, ENAPW2SD04NB081 (IP=1,US)
52.152.175.199	32	GM	None	2020-11-21 00:00:00	2021-02-21 00:00:00	None	HTTP: SQL Injection - Exploit II - Web Attacks (IP=199,US)
52.154.71.190	32	DT	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=190,US)
52.154.71.190	32	DT	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=190,US)
52.156.79.32	32	RB	None	2021-05-02 00:00:00	2021-08-02 00:00:00	None	Self Report/ColdFusion Error - TT# 21C01117 (IP=32,US)
52.158.235.51	32	BMP	None	2021-03-08 00:00:00	2021-06-08 00:00:00	None	SERVER-APACHE Apache Struts freemarker tag OGNL expression injection attempt - SourceFire (IP=51,US)
52.16.132.206	24	RW	None	2021-04-02 00:00:00	2021-07-02 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability - 6hr web attacks (IP=206,IR)
52.162.107.8	32	JKC	None	2020-06-11 00:00:00	2021-06-11 00:00:00	None	Malicious IP Hive Case 2987 COLS-NA TIP 20-0165 CTO 20-156 (ip=8, US)
52.165.179.110	32	CR	None	2021-05-31 00:00:00	2021-08-29 00:00:00	None	HTTP: SQL Injection - Exploit - Web Attacks (IP=110,US)
52.165.188.111	32	CR	None	2021-06-24 00:00:00	2021-09-22 00:00:00	None	Command Injection_ABC report (IP=111,US)
52.168.138.156	32	BMP	None	2021-03-27 00:00:00	2021-06-25 00:00:00	None	POLICY-OTHER Adobe ColdFusion admin interface access attempt - 6hr Web Attacks (IP=156,US)
52.170.156.87	32	ABC	None	2021-09-03 00:00:00	2021-12-02 00:00:00	None	Command Injection (IP=87,US)
52.170.41.88	32	PS	None	2021-06-03 00:00:00	2021-09-01 00:00:00	None	HTTP SQL Injection Attempt - Web Attacks (IP=88,US)
52.170.41.88	32	PS	None	2021-06-03 00:00:00	2021-09-01 00:00:00	None	HTTP SQL Injection Attempt - Web Attacks (IP=88,US)
52.170.61.209	32	WR	None	2021-07-12 00:00:00	2021-10-10 00:00:00	None	Attempted Access - Inbound Brute Force - TT# 21C01427 (IP=209,US)
52.171.36.217	32	BB	None	2021-07-25 00:00:00	2021-10-23 00:00:00	None	ABC Command Injection - ABC Report (IP=217,US)
52.171.54.164	32	BB	None	2021-08-12 00:00:00	2021-11-10 00:00:00	None	Command Injection - ABC (IP=164,US)
52.172.146.142	24	EE	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=142,IN)
52.172.146.142	24	EE	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attack (IP=142,IN)
52.172.159.49	24	RW	None	2021-03-07 00:00:00	2021-06-07 00:00:00	None	HTTP: SQL Injection Attempt Detected - 6hr web attacks (IP=49,IN)
52.172.192.244	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=244,IN)
52.172.193.132	24	RW	None	2021-03-13 00:00:00	2021-06-13 00:00:00	None	SERVER-WEBAPP Liferay arbitrary Java object deserialization attempt - Sourcefire (IP=132,IN)
52.172.43.67	24	EE	None	2021-04-02 00:00:00	2021-07-01 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attack (IP=67,IN)
52.173.188.212	32	BMP	None	2021-06-18 00:00:00	2021-09-16 00:00:00	None	SQL injection - 6hr Web Attacks (IP=212,US)
52.173.84.110	32	RR	None	2021-04-27 00:00:00	2021-07-26 00:00:00	None	SQL injection - Web Attacks (IP=110,US)
52.173.91.39	32	KH	None	2021-08-16 00:00:00	2021-11-14 00:00:00	None	Command Injection - ABC Report (IP=39,US)
52.173.91.39	32	DT	None	2021-08-16 00:00:00	2021-11-14 00:00:00	None	Possible Cross-site Scripting Attack - IPS Events (IP=39,US)
52.173.91.77	32	ZH	None	2021-06-27 00:00:00	2021-09-25 00:00:00	None	SERVER-WEBAPP YouPHPTube getSpiritsFromVideo.php command injection attempt (1:51926:4) - Sourcefire Rpt (IP=77,US)
52.174.192.252	32	RB	None	2020-01-04 00:00:00	2021-01-12 00:00:00	None	HTTP: Joomla HTTP Header Unauthenticated Remote Code Execution - TT# 20C01338 (IP=252,US) | updated by DT Block was inactive. Reactivated on 20201014 with reason HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 21C00119
52.175.237.137	32	GM	None	2020-11-28 00:00:00	2021-02-28 00:00:00	None	SERVER-WEBAPP Ulterius web server directory traversal attempt - Sourcefire (IP=137,US)
52.176.1.72	32	KH	None	2021-09-23 00:00:00	2021-12-22 00:00:00	None	File /etc/passwd Access Attempt Detect - FE IPS (IP=72,US)
52.176.107.153	32	BB	None	2021-07-26 00:00:00	2021-10-24 00:00:00	None	SERVER-ORACLE Oracle WebLogic Server remote code execution attempt (B-type) (1:1000135:3) - SourceFire (IP=153,US)
52.176.2.236	32	ZH	None	2021-07-17 00:00:00	2021-10-15 00:00:00	None	HTTP: SQL Injection - Exploit - Web Attacks (IP=236,US)
52.176.46.186	32	BMP	None	2021-04-02 00:00:00	2021-07-01 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=186,US)
52.177.173.161	32	BMP	None	2020-10-30 00:00:00	2021-01-30 00:00:00	None	HTTP SQL Injection Attempt - 6hr Web Atacks (IP=161,US)
52.178.203.186	24	BMP	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=186,IE)
52.178.44.6	24	RW	None	2021-04-29 00:00:00	2021-08-26 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web attacks (IP=6,NL) | updated by RR Block expiration extended with reason SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=6,NL) SERVER-WEBAPP PHPUnit PHP remote code execution atte
52.178.44.6	24	RR	None	2021-05-28 00:00:00	2021-08-26 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web attacks (IP=6,NL) | updated by RR Block expiration extended with reason SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=6,NL) SERVER-WEBAPP PHPUnit PHP remote code execution atte
52.183.126.219	32	BMP	None	2021-02-08 00:00:00	2021-05-09 00:00:00	None	SERVER-OTHER Mikrotik RouterOS directory traversal attempt (3:47684:1) - SourceFire (IP=219,US)
52.183.204.8	32	BMP	None	2021-06-04 00:00:00	2021-09-02 00:00:00	None	HTTP: SQL Injection - Exploit - 6hr Web Attacks (IP=8,US)
52.186.124.151	32	KD	None	2021-08-04 00:00:00	2021-11-02 00:00:00	None	Attempted Access - Inbound Brute Force- TT# 21C01517 (IP=151,US)
52.186.149.169	32	DT	None	2021-03-30 00:00:00	2021-06-28 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=169,US)
52.188.0.112	32	DT	None	2020-10-28 00:00:00	2021-01-26 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - SourceFire (IP=112,US)
52.188.152.113	32	DT	None	2020-10-28 00:00:00	2021-01-26 00:00:00	None	SERVER-WEBAPP RevSlider information disclosure attempt - SourceFire (IP=113,US)
52.192.73.251	32	wmp	None	2021-06-22 00:00:00	2021-09-22 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=251,JP)
52.196.103.75	24	EE	None	2021-03-28 00:00:00	2021-06-26 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=75,JP)
52.199.41.160	24	RW	None	2021-07-23 00:00:00	2021-10-21 00:00:00	None	SQL injection - Web Attacks (IP=160,BR)
52.2.89.41	32	RW	None	2021-03-13 00:00:00	2021-06-13 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=41,US)
52.202.61.137	32	CR	None	2021-05-30 00:00:00	2021-08-28 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Sourcefire (IP=137,US)
52.202.61.137	32	CR	None	2021-05-30 00:00:00	2021-08-28 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Sourcefire (IP=137,US)
52.203.177.206	32	BMP	None	2021-04-11 00:00:00	2021-07-10 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - SourceFire (IP=206,US)
52.203.244.208	32	DT	None	2021-02-21 00:00:00	2021-05-22 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=208,US)
52.204.6.20	32	BMP	None	2021-08-15 00:00:00	2021-11-13 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SoureFire (IP=20,US)
52.205.27.188	32	BMP	None	2021-06-26 00:00:00	2021-09-24 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - SourceFire (IP=188,US)
52.205.78.35	32	BMP	None	2021-02-23 00:00:00	2021-05-24 00:00:00	None	Multiple Events - FireEye IPS (IP=35,US)
52.207.209.139	32	ZH	None	2021-06-01 00:00:00	2021-08-30 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire Report (IP=139,US)
52.207.213.0	32	RW	None	2021-09-30 00:00:00	2021-12-29 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=0,US)
52.207.9.161	32	ZH	None	2021-07-15 00:00:00	2021-10-13 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire Rpt (IP=161,US)
52.209.88.214	32	NAB	None	2021-05-06 00:00:00	2021-11-06 00:00:00	None	HIVE Case #5404 TO-S-21-1270 COLS-NA-TIP-21-0144 (IP=214,IE)
52.211.241.98	24	ZH	None	2021-09-08 00:00:00	2021-12-07 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Sourcefire Rpt (IP=98,IE)
52.213.59.237	24	RR	None	2021-03-02 00:00:00	2021-05-31 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=237,IE)
52.214.194.253	24	BB	None	2021-05-26 00:00:00	2021-08-24 00:00:00	None	Unauthorized Access-Probe - TT#
52.214.194.253	24	BB	None	2021-05-26 00:00:00	2021-08-24 00:00:00	None	Unauthorized Access-Probe - TT# 21C01216 (IP=253,IR)
52.214.65.91	24	EE	None	2021-04-04 00:00:00	2021-07-03 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attack (IP=91,IE)
52.217.201.9	32	BMP	None	2021-04-28 00:00:00	2021-07-27 00:00:00	None	INDICATOR-OBFUSCATION obfuscated javascript excessive fromCharCode - potential attack - TT# 21C01096 (IP=9,US)
52.217.201.9	32	BMP	None	2021-04-28 00:00:00	2021-07-27 00:00:00	None	INDICATOR-OBFUSCATION obfuscated javascript excessive fromCharCode - potential attack - TT# 21C01096 (IP=9,US)
52.217.67.67	32	UA	None	2021-06-10 00:00:00	2021-09-08 00:00:00	None	INDICATOR-OBFUSCATION javascript with hex variable names - TT# 21C01284 (IP=67,US)
52.220.151.42	24	BMP	None	2021-04-01 00:00:00	2021-06-30 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=42,SG)
52.221.153.240	24	FT	None	2021-03-20 00:00:00	2021-06-18 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=240,SG)
52.221.224.243	24	BMP	None	2021-03-30 00:00:00	2021-06-28 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=243,SG)
52.221.6.170	24	BMP	None	2021-01-04 00:00:00	2021-04-04 00:00:00	None	Email Phishing - CMS Report (IP=238,SG)
52.221.67.25	24	BMP	None	2020-10-19 00:00:00	2021-01-17 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt - SourceFire (IP=25,SG)
52.222.11.128	32	UA	None	2021-06-22 00:00:00	2021-09-22 00:00:00	None	APP-DETECT SSH server detected on non-standard port (IP=128,US)
52.222.11.128	32	UA	None	2021-06-22 00:00:00	2021-09-22 00:00:00	None	APP-DETECT SSH server detected on non-standard port - Source Fire (IP=128,US)
52.222.28.59	32	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5632 CTO-21-142 (IP=59,US)
52.222.40.128	32	CR	None	2021-05-06 00:00:00	2021-08-06 00:00:00	None	APP-DETECT SSH server detected on non-standard port - Sourcefire (IP=128,US)
52.222.68.232	32	ZH	None	2021-07-15 00:00:00	2021-10-13 00:00:00	None	APP-DETECT SSH server detected on non-standard port (1:13586:5) - Sourcefire Rpt (IP=232,US)
52.224.11.21	32	DT	None	2021-04-01 00:00:00	2021-07-01 00:00:00	None	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - TT# 21C00912 (IP=21,US)
52.227.65.129	32	BMP	None	2021-04-01 00:00:00	2021-06-30 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=129,US)
52.228.26.217	32	RW	None	2021-09-21 00:00:00	2021-12-20 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 21C01907 (IP=217,US)
52.229.115.84	32	JKC	None	2020-06-11 00:00:00	2021-06-11 00:00:00	None	Malicious IP Hive Case 2987 COLS-NA TIP 20-0165 CTO 20-156 (ip=84, US)
52.23.181.200	32	NAB	None	2021-05-07 00:00:00	2021-11-07 00:00:00	None	HIVE Case #5407 TO-S-21-1268 Sharkseer-TIP-21-3117 (IP=200,US)
52.23.228.38	32	AR	None	2021-06-04 00:00:00	2021-09-02 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6 HR Web Attacks (IP=38,US)
52.23.242.247	32	ZH	None	2021-06-09 00:00:00	2021-09-07 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire Report (IP=247,US)
52.23.251.218	32	DT	None	2021-03-08 00:00:00	2021-06-08 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=218,US)
52.232.120.184	24	BMP	None	2021-06-01 00:00:00	2021-08-30 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=184,GB)
52.232.120.184	24	BMP	None	2021-06-01 00:00:00	2021-08-30 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=184,GB)
52.237.90.228	24	CR	None	2021-05-30 00:00:00	2021-08-28 00:00:00	None	SQL injection - Web Attacks (IP=228,SG)
52.237.90.228	24	CR	None	2021-05-30 00:00:00	2021-08-28 00:00:00	None	SQL injection - Web Attacks (IP=228,SG)
52.238.104.132	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=132,US)
52.243.62.67	24	RR	None	2021-03-23 00:00:00	2021-06-21 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=67,JP)
52.247.106.218	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=218,US)
52.247.192.191	32	GM	None	2020-12-17 00:00:00	2021-03-17 00:00:00	None	Self report / Cold-Fusion error - TT # 21C00306 (IP=191,US)
52.247.238.157	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=157,US)
52.254.1.127	32	BMP	None	2021-03-08 00:00:00	2021-06-08 00:00:00	None	SERVER-APACHE Apache Tomcat mod_jk access control bypass attempt - SourceFire (IP=127,US)
52.255.167.163	32	BMP	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	OS-OTHER Bash CGI environment variable injection attempt (1:31978:5) - SourceFire (IP=163,US)
52.4.143.42	32	BMP	None	2021-03-30 00:00:00	2021-06-28 00:00:00	None	SQL injection - 6hr Web Attacks (IP=42,US)
52.4.222.162	32	BMP	None	2021-03-10 00:00:00	2021-09-14 00:00:00	None	HTTP: Adobe ColdFusion Directory Traversal Information Disclosure Vulnerability - 6hr Failed Logons (IP=162,US) | updated by BMP Block was inactive. Reactivated on 20210616 with reason Adobe ColdFusion Administrator Access Restriction - 6hr Web Attacks
52.4.222.162	32	BMP	None	2021-06-16 00:00:00	2021-09-14 00:00:00	None	HTTP: Adobe ColdFusion Directory Traversal Information Disclosure Vulnerability - 6hr Failed Logons (IP=162,US) | updated by BMP Block was inactive. Reactivated on 20210616 with reason Adobe ColdFusion Administrator Access Restriction - 6hr Web Attacks
52.52.33.135	32	BMP	None	2021-03-25 00:00:00	2021-06-23 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - SourceFire (IP=135,US)
52.54.210.57	32	BMP	None	2021-06-23 00:00:00	2021-09-21 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=57,US)
52.55.149.236	32	SW	None	2021-05-25 00:00:00	2021-08-24 00:00:00	None	SERVER-OTHER limited RSA ciphersuite
52.59.250.175	24	BMP	None	2021-03-30 00:00:00	2021-06-28 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=175,DE)
52.60.34.56	24	ZH	None	2021-06-27 00:00:00	2021-09-25 00:00:00	None	SQL injection - 6hr Web Attacks (IP=56,CA)
52.61.146.132	32	DT	None	2021-08-12 00:00:00	2021-11-10 00:00:00	None	APP-DETECT SSH server detected on non-standard port (1:13586:5) - Source Fire (IP=132,US)
52.61.161.138	32	ZH	None	2021-07-15 00:00:00	2021-10-13 00:00:00	None	APP-DETECT SSH server detected on non-standard port (1:13586:5) - Sourcefire Rpt (IP=138,US)
52.61.171.175	32	CR	None	2021-05-06 00:00:00	2021-08-06 00:00:00	None	APP-DETECT SSH server detected on non-standard port - Sourcefire (IP=175,US)
52.61.192.47	32	UA	None	2021-06-22 00:00:00	2021-09-22 00:00:00	None	APP-DETECT SSH server detected on non-standard port (IP=47,US)
52.61.192.47	32	UA	None	2021-06-22 00:00:00	2021-09-22 00:00:00	None	APP-DETECT SSH server detected on non-standard port - Source Fire (IP=47,US)
52.61.31.180	32	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5632 CTO-21-142 (IP=180,US)
52.61.8.15	32	CR	None	2021-05-06 00:00:00	2021-08-06 00:00:00	None	APP-DETECT SSH server detected on non-standard port - Sourcefire (IP=15,US)
52.64.209.168	24	BB	None	2021-07-07 00:00:00	2021-10-05 00:00:00	None	SQL injection - Web Attacks (IP=168,AU)
52.64.251.138	24	RW	None	2021-07-17 00:00:00	2021-10-15 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=138,AU)
52.65.15.196	24	DT	None	2021-04-23 00:00:00	2021-07-23 00:00:00	None	FTP Login Failed - 6 hr failed logons (IP=196,AU)
52.65.229.65	24	BMP	None	2021-04-01 00:00:00	2021-06-30 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=65,AU)
52.66.113.187	24	EE	None	2021-04-02 00:00:00	2021-07-01 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attack (IP=187,IN)
52.66.178.222	32	wmp	None	2020-08-20 00:00:00	2021-10-08 00:00:00	None	HIVE Case #3601 COLS-NA-TIP-20-0260 (IP=222,IN) | updated by dbc Block expiration extended with reason HIVE Case #4064 TO-S-2020-0859 (IP=222,IN)
52.66.184.254	24	RR	None	2021-03-11 00:00:00	2021-06-09 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=254,IN)
52.66.31.124	24	EE	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=124,IN)
52.66.83.168	24	BMP	None	2021-06-15 00:00:00	2021-09-13 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=168,IN)
52.7.141.1	32	BMP	None	2021-03-30 00:00:00	2021-08-12 00:00:00	None	SQL injection - 6hr Web Attacks (IP=1,US) | updated by BMP Block expiration extended with reason SQL injection - 6hr Web Attacks (IP=1,US) SQL injection - 6hr Web Attacks (IP=1,US)
52.7.141.1	32	BMP	None	2021-05-14 00:00:00	2021-08-12 00:00:00	None	SQL injection - 6hr Web Attacks (IP=1,US) | updated by BMP Block expiration extended with reason SQL injection - 6hr Web Attacks (IP=1,US) SQL injection - 6hr Web Attacks (IP=1,US)
52.70.1.206	32	BMP	None	2021-04-30 00:00:00	2021-07-29 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - SourceFire (IP=206,US)
52.70.43.24	32	BMP	None	2021-08-08 00:00:00	2021-11-06 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - SourceFire (IP=24,US)
52.70.64.61	32	CR	None	2021-05-31 00:00:00	2021-08-29 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=61,US)
52.71.255.148	32	BMP	None	2021-02-08 00:00:00	2021-05-09 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=148,US)
52.73.44.1	32	DT	None	2021-09-03 00:00:00	2021-12-02 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Source Fire (IP=1,US)
52.76.230.15	24	GM	None	2021-04-03 00:00:00	2021-07-03 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=152,SG)
52.78.59.141	24	EE	None	2021-04-02 00:00:00	2021-07-01 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=141,KR)
52.79.168.27	24	CR	None	2021-05-05 00:00:00	2021-08-05 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - FirePower report (IP=27,KR)
52.8.148.112	32	RB	None	2020-11-11 00:00:00	2021-02-09 00:00:00	None	HTTP: Apache Struts OGNL Code Execution - TT# 21C00225 (IP=112,US)
52.80.186.233	24	RR	None	2021-05-05 00:00:00	2021-08-03 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=233,CN)
52.82.75.145	24	DT	None	2021-08-12 00:00:00	2021-11-10 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - Source Fire (IP=145,CN)
52.83.55.127	24	RR	None	2021-06-19 00:00:00	2021-09-17 00:00:00	None	SSH User Authentication Brute Force Attempt - Failed Logons (IP=127,CN)
52.86.119.179	32	AR	None	2021-06-26 00:00:00	2021-09-24 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=179,US)
52.87.135.207	32	BMP	None	2021-04-27 00:00:00	2021-07-26 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=207,US)
52.87.182.97	32	BMP	None	2021-04-10 00:00:00	2021-07-09 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=97,US)
52.87.210.57	32	DT	None	2021-08-31 00:00:00	2021-11-29 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Source Fire (IP=57,US)
52.87.226.173	32	BMP	None	2021-05-03 00:00:00	2021-08-01 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=173,US)
52.87.226.235	32	BMP	None	2021-06-09 00:00:00	2021-09-07 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - Sourcefire (IP=235,US)
52.87.99.15	32	GM	None	2021-02-21 00:00:00	2021-05-22 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=15,US)
52.90.147.33	32	BMP	None	2021-06-16 00:00:00	2021-09-14 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - SourceFire (IP=33,US)
52.90.16.206	32	KH	None	2021-08-31 00:00:00	2021-11-29 00:00:00	None	Masscan TCP Port Scanner - FE IPS (IP=206,US)
52.90.162.255	32	BMP	None	2021-09-09 00:00:00	2021-12-08 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=255, US)
52.90.175.116	32	BMP	None	2021-06-03 00:00:00	2021-09-01 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=116,US)
52.90.175.116	32	BMP	None	2021-06-03 00:00:00	2021-09-01 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=116,US)
52.90.183.27	32	BMP	None	2020-10-16 00:00:00	2021-01-14 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=27,US)
52.90.211.63	32	SW	None	2021-10-01 00:00:00	2021-12-30 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - WebAttacks (IP=63, US)
52.90.216.198	32	BMP	None	2021-06-04 00:00:00	2021-09-02 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=198,US)
52.90.245.132	32	BMP	None	2021-06-23 00:00:00	2021-09-21 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=132,US)
52.90.49.3	32	KH	None	2021-08-03 00:00:00	2021-11-01 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - Sourcefire (IP=3,US)
52.90.73.192	32	ZH	None	2021-07-03 00:00:00	2021-10-01 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire Rpt (IP=192,US)
52.90.80.62	32	AR	None	2021-05-21 00:00:00	2021-08-19 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) -SourceFire Report (IP=62,US)
52.91.110.46	32	DT	None	2020-10-05 00:00:00	2021-01-05 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=46,US)
52.91.163.145	32	BMP	None	2020-12-06 00:00:00	2021-03-06 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=145,US)
52.91.193.210	32	ZH	None	2021-06-28 00:00:00	2021-09-26 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire Rpt (IP=210,US)
52.91.222.231	32	DT	None	2021-02-21 00:00:00	2021-05-22 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=231,US)
52.91.238.179	32	BMP	None	2020-12-04 00:00:00	2021-03-04 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=179,US)
52.91.27.131	32	GM	None	2021-02-21 00:00:00	2021-05-22 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=131,US)
52.91.3.93	32	DT	None	2021-07-01 00:00:00	2021-09-29 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Source Fire (IP=93,US)
52.91.39.221	32	RW	None	2021-08-31 00:00:00	2021-11-29 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=221,US)
54.144.106.219	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	US TO-S-2020-0303 Malicious Email Activity
54.144.23.3	32	BMP	None	2021-06-04 00:00:00	2021-09-02 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=3,US)
54.144.78.91	32	BMP	None	2021-09-09 00:00:00	2021-12-08 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=91, US)
54.145.165.147	32	BMP	None	2021-08-15 00:00:00	2021-11-13 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SoureFire (IP=147,US)
54.145.179.191	32	ZH	None	2021-06-27 00:00:00	2021-09-25 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - Sourcefire Rpt (IP=191,US)
54.145.37.188	32	BMP	None	2021-08-07 00:00:00	2021-11-05 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - SourceFire (IP=188,US)
54.147.19.175	32	CR	None	2021-05-04 00:00:00	2021-08-04 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt_Sourcefire (IP=175,US)
54.148.211.0	32	BMP	None	2021-06-03 00:00:00	2021-09-01 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - 6hr Web Attacks (IP=0,US)
54.148.211.0	32	BMP	None	2021-06-03 00:00:00	2021-09-01 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - 6hr Web Attacks (IP=0,US)
54.151.129.207	24	DT	None	2021-03-21 00:00:00	2021-06-19 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=207,SG)
54.151.184.195	24	EE	None	2021-04-04 00:00:00	2021-07-03 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attack (IP=195,SG)
54.152.171.254	32	ZH	None	2021-06-01 00:00:00	2021-08-30 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire Report (IP=254,US)
54.152.212.17	32	RW	None	2021-09-27 00:00:00	2021-12-26 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire (IP=17,US)
54.152.212.17	32	RW	None	2021-09-27 00:00:00	2021-12-26 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire (IP=17,US)
54.152.242.185	32	BMP	None	2020-11-24 00:00:00	2021-02-24 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=185,US)
54.156.134.207	32	RW	None	2021-07-23 00:00:00	2021-10-21 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire (IP=207,US)
54.157.235.218	32	CR	None	2021-05-11 00:00:00	2021-08-11 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=218,US)
54.157.26.122	32	RW	None	2021-09-27 00:00:00	2021-12-26 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire (IP=122,US)
54.157.26.122	32	RW	None	2021-09-27 00:00:00	2021-12-26 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire (IP=122,US)
54.158.10.35	32	RW	None	2021-07-05 00:00:00	2021-10-03 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire (IP=35,US)
54.158.205.113	32	KD	None	2021-05-28 00:00:00	2021-08-27 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=113,US)
54.158.34.179	32	BMP	None	2021-02-23 00:00:00	2021-05-24 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=179,US)
54.158.89.194	32	ZH	None	2021-07-04 00:00:00	2021-10-02 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire Rpt (IP=194,US)
54.159.15.137	32	BMP	None	2020-10-12 00:00:00	2021-01-12 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=137,US)
54.159.8.89	32	ZH	None	2021-07-22 00:00:00	2021-10-20 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - Sourcefire Rpt (IP=89,US)
54.159.85.245	32	BMP	None	2021-05-14 00:00:00	2021-08-12 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - SourceFire (IP=245,US)
54.160.195.147	32	BMP	None	2021-04-10 00:00:00	2021-07-09 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=147,US)
54.161.181.72	32	ZH	None	2021-08-26 00:00:00	2021-11-24 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - Sourcefire (IP=72,US)
54.161.192.58	32	ZH	None	2021-06-27 00:00:00	2021-09-25 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire Rpt (IP=58,US)
54.161.27.135	32	ZH	None	2021-08-29 00:00:00	2021-11-27 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - Sourcefire (IP=135,US)
54.162.120.150	32	RW	None	2021-07-07 00:00:00	2021-10-05 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire (IP=150,US)
54.162.140.214	32	BMP	None	2020-10-19 00:00:00	2021-01-17 00:00:00	None	HTTP: SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=214,US)
54.162.152.121	32	BMP	None	2021-06-17 00:00:00	2021-09-15 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=121,US)
54.162.40.196	32	ZH	None	2021-06-27 00:00:00	2021-09-25 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire Rpt (IP=196,US)
54.162.67.248	32	KH	None	2021-09-04 00:00:00	2021-12-03 00:00:00	None	OpenSSL TLSv1.2 Heartbeat (Heartbleed) Information Leak Vulnerability - FE IPS (IP=248,US)
54.162.7.201	32	RW	None	2021-08-24 00:00:00	2021-11-22 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=201,US)
54.162.73.70	32	AR	None	2021-09-14 00:00:00	2021-12-13 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 21C01843 (IP=70,US)
54.163.185.34	32	BMP	None	2021-06-23 00:00:00	2021-09-21 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=34,US)
54.163.59.10	32	BMP	None	2021-08-15 00:00:00	2021-11-13 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SoureFire (IP=10,US)
54.163.73.21	32	BMP	None	2021-08-15 00:00:00	2021-11-13 00:00:00	None	Generic ArcSight scan attempt (IP=21,US) | updated by BMP Block was inactive. Reactivated on 20210815 with reason SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SoureFire (IP=21,US) SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SoureFire (IP=21,US)
54.163.73.21	32	ABC	None	2018-05-02 05:00:00	2021-11-13 00:00:00	None	Generic ArcSight scan attempt (IP=21,US) | updated by BMP Block was inactive. Reactivated on 20210815 with reason SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SoureFire (IP=21,US) SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SoureFire (IP=21,US)
54.164.147.9	32	RW	None	2021-07-07 00:00:00	2021-10-05 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire (IP=9,US)
54.165.116.131	32	BMP	None	2021-09-03 00:00:00	2021-12-02 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=131, US)
54.165.176.51	32	DT	None	2021-09-07 00:00:00	2021-12-06 00:00:00	None	Known Attack Tool User Agent V2 TT# 21C01788 (IP=51,US)
54.165.216.55	32	JKC	None	2020-06-08 00:00:00	2021-09-01 00:00:00	None	Malicious IP Hive Case 2977 TIPPER 20-0172 (ip=55, US) | Correction from tipper,Wrong IPs blocked | updated by wmp Block was inactive. Reactivated on 20200623 with reason HIVE Case #3072 COLS-NA-TIP-20-0190 (IP=55,US) | updated by wmp Block expiration e
54.165.234.12	32	BMP	None	2021-06-18 00:00:00	2021-09-16 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - SourceFire (IP=12,US)
54.165.32.116	32	DT	None	2021-03-20 00:00:00	2021-06-18 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=116,US)
54.165.33.106	32	CR	None	2021-05-04 00:00:00	2021-08-04 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt_Sourcefire (IP=106,US)
54.165.8.72	32	ZH	None	2021-07-04 00:00:00	2021-10-02 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - 6hr Web Attacks (IP=72,US)
54.166.159.49	32	RW	None	2021-07-05 00:00:00	2021-10-03 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - Sourcefire (IP=49,US)
54.166.4.93	32	ZH	None	2021-06-09 00:00:00	2021-09-07 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire Report (IP=93,US)
54.167.1.85	32	BMP	None	2021-06-24 00:00:00	2021-09-22 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=85,US)
54.167.114.114	32	RW	None	2021-06-29 00:00:00	2021-09-27 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire (IP=114,US)
54.167.61.152	32	KH	None	2021-08-03 00:00:00	2021-11-01 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire (IP=152,US)
54.167.61.29	32	BMP	None	2021-06-26 00:00:00	2021-09-24 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - SourceFire (IP=29,US)
54.168.144.133	24	BMP	None	2021-03-13 00:00:00	2021-06-11 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=133,JP)
54.169.243.251	24	BMP	None	2021-03-27 00:00:00	2021-06-25 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - 6hr Web Attacks (IP=251,SG)
54.172.219.84	32	GM	None	2020-11-22 00:00:00	2021-02-22 00:00:00	None	OpenSSL TLSv1.2 Heartbeat (Heartbleed) Information Leak Vulnerability - FireEye CMS (IP=84,US)
54.172.67.160	32	KH	None	2021-08-31 00:00:00	2021-11-29 00:00:00	None	Masscan TCP Port Scanner - FE IPS (IP=160,US)
54.172.69.37	32	ZH	None	2021-07-17 00:00:00	2021-10-15 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire Rpt (IP=37,US)
54.172.69.37	32	RW	None	2021-07-17 00:00:00	2021-10-15 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire (IP=37,US)
54.173.119.65	32	RW	None	2021-08-24 00:00:00	2021-11-22 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=65,US)
54.173.219.251	32	ZH	None	2021-08-26 00:00:00	2021-11-24 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire (IP=251,US)
54.174.120.231	32	BMP	None	2021-08-15 00:00:00	2021-11-13 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SoureFire (IP=231,US)
54.174.237.157	32	BMP	None	2021-06-24 00:00:00	2021-09-22 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=157,US)
54.175.120.96	32	AR	None	2021-06-26 00:00:00	2021-09-24 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=96,US)
54.175.208.154	32	BMP	None	2021-09-09 00:00:00	2021-12-08 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=154, US)
54.175.227.195	32	AR	None	2021-06-04 00:00:00	2021-09-02 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire Report (IP=195,US)
54.175.243.132	32	CR	None	2021-05-11 00:00:00	2021-08-11 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt_Sourcefire (IP=132,US)
54.175.9.189	32	RW	None	2021-07-05 00:00:00	2021-10-03 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire (IP=189,US)
54.176.59.196	32	BMP	None	2021-04-11 00:00:00	2021-07-10 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=196,US)
54.176.97.151	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	MULTIPLE UNRECOGNIZED TECHNIQUES; FORWARD TO DEV TEAM (IP=151,US)
54.177.233.90	32	GM	None	2020-11-12 00:00:00	2021-02-12 00:00:00	None	Self-Report / URL manipulation attempt - TT # 21C00226 (IP=90,US)
54.178.182.46	24	BMP	None	2021-05-04 00:00:00	2021-08-04 00:00:00	None	FTP Login Failed - 6hr Failed Logons (IP=46,JP)
54.180.85.67	24	EE	None	2021-03-27 00:00:00	2021-06-25 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=67,KR)
54.180.9.185	24	DT	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=185,KR)
54.180.9.185	24	DT	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=185,KR)
54.191.53.171	32	DT	None	2020-10-21 00:00:00	2021-01-21 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=171,US) | updated by DT Block expiration extended with reason SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Sourcefire (IP=171,US)
54.193.127.66	17	CJC	None	2020-12-13 00:00:00	2021-03-13 00:00:00	None	Hive Case # 4481 - FireEye Blog IP related to SunBurst Backdoor (IP=66,US)
54.193.64.210	32	BMP	None	2020-12-12 00:00:00	2021-03-12 00:00:00	None	Web Infection Match CitrixNetScalerGateway - Hive Case 4552 (IP=210,US)
54.196.106.33	32	ZH	None	2021-06-27 00:00:00	2021-09-25 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - Sourcefire Rpt (IP=33,US)
54.196.123.62	32	BMP	None	2020-10-28 00:00:00	2021-01-26 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=62,US)
54.196.165.191	32	UA	None	2021-06-22 00:00:00	2021-09-22 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (IP=191,US)
54.196.165.191	32	UA	None	2021-06-22 00:00:00	2021-09-22 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Source Fire (IP=191,US)
54.196.169.100	24	DT	None	2020-10-01 00:00:00	2021-01-01 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=100,US)
54.196.67.24	32	DT	None	2020-11-07 00:00:00	2021-02-07 00:00:00	None	SERVER-OTHER limited RSA ciphersuite
54.196.73.253	32	DT	None	2021-08-12 00:00:00	2021-11-10 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - Source Fire (IP=253,US)
54.197.161.214	32	DT	None	2021-03-25 00:00:00	2021-06-23 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=214,US)
54.197.186.183	32	BMP	None	2021-09-03 00:00:00	2021-12-02 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - SourceFire (IP=183,US)
54.197.81.198	32	RW	None	2021-08-24 00:00:00	2021-11-22 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - SourceFire (IP=198,US)
54.198.160.33	32	SW	None	2021-05-20 00:00:00	2021-08-19 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt SourceFire (IP=33,US)
54.198.172.122	32	DT	None	2020-11-06 00:00:00	2021-02-06 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=122,US)
54.198.172.54	32	BMP	None	2021-06-24 00:00:00	2021-09-22 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=54,US)
54.198.231.69	32	KH	None	2021-08-31 00:00:00	2021-11-29 00:00:00	None	Masscan TCP Port Scanner - FE IPS (IP=69,US)
54.198.38.134	32	DT	None	2021-08-12 00:00:00	2021-11-10 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Source Fire (IP=134,US)
54.198.41.184	32	BMP	None	2021-01-01 00:00:00	2021-04-01 00:00:00	None	OS-OTHER Bash CGI environment variable injection attempt - SourceFire (IP=184,US)
54.198.90.133	32	BMP	None	2020-10-06 00:00:00	2021-01-06 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=133,US)
54.198.99.22	32	BMP	None	2021-06-25 00:00:00	2021-09-23 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=22,US)
54.201.204.76	32	BMP	None	2021-07-04 00:00:00	2021-10-02 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=76,US)
54.205.138.247	32	BMP	None	2021-06-18 00:00:00	2021-09-16 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - SourceFire (IP=247,US)
54.205.151.153	32	BMP	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=153,US)
54.208.168.181	32	CR	None	2021-05-13 00:00:00	2021-08-11 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=181,US)
54.208.184.59	32	BMP	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=59,US)
54.208.187.26	32	BMP	None	2021-08-08 00:00:00	2021-11-06 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - SourceFire (IP=26,US)
54.208.246.54	32	ZH	None	2021-06-12 00:00:00	2021-09-10 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire Rpt (IP=54,US)
54.208.246.54	32	ZH	None	2021-06-12 00:00:00	2021-09-10 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire Rpt (IP=54,US)
54.209.213.255	32	BMP	None	2021-04-11 00:00:00	2021-07-10 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - SourceFire (IP=255,US)
54.209.255.97	32	BMP	None	2021-03-08 00:00:00	2021-06-08 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=97,US)
54.209.9.151	32	SW	None	2021-07-24 00:00:00	2021-10-22 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - SourceFire (IP=151,US)
54.210.104.207	32	PS	None	2021-06-03 00:00:00	2021-09-01 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (1:45200:2) (IP=207,US)
54.210.104.207	32	PS	None	2021-06-03 00:00:00	2021-09-01 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (1:45200:2) (IP=207,US)
54.210.144.110	32	BMP	None	2021-09-15 00:00:00	2021-12-14 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=110,US)
54.210.199.209	32	ZH	None	2021-07-05 00:00:00	2021-10-03 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire Rpt (IP=209,US)
54.210.242.232	32	BMP	None	2021-06-09 00:00:00	2021-09-07 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - Sourcefire (IP=232,US)
54.210.49.5	32	BMP	None	2021-05-03 00:00:00	2021-08-01 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=5,US)
54.210.57.49	32	BMP	None	2021-08-14 00:00:00	2021-11-12 00:00:00	None	Django SQL Injection Vulnerability - 6hr Web Attacks (IP=49,US)
54.211.166.118	32	ZH	None	2021-07-17 00:00:00	2021-10-15 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - Sourcefire Rpt (IP=118,US)
54.211.166.118	32	RW	None	2021-07-17 00:00:00	2021-10-15 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - Sourcefire (IP=118,US)
54.211.192.81	32	BMP	None	2020-11-13 00:00:00	2021-02-11 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=81,US)
54.211.207.133	32	BMP	None	2021-08-07 00:00:00	2021-11-05 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - SourceFire (IP=133,US)
54.211.62.24	32	RW	None	2021-07-23 00:00:00	2021-10-21 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire (IP=24,US)
54.215.107.247	32	BMP	None	2021-03-25 00:00:00	2021-06-23 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=247,US)
54.215.192.52	18	CJC	None	2020-12-13 00:00:00	2021-03-13 00:00:00	None	Hive Case # 4481 - FireEye Blog IP related to SunBurst Backdoor (IP=52,US)
54.220.166.87	24	RR	None	2021-03-30 00:00:00	2021-06-28 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt -SourceFire (IP=87,IL)
54.221.41.93	32	BMP	None	2021-08-15 00:00:00	2021-11-13 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SoureFire (IP=93,US)
54.221.62.16	32	UA	None	2021-06-22 00:00:00	2021-09-22 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (IP=16,US)
54.221.62.16	32	UA	None	2021-06-22 00:00:00	2021-09-22 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Source Fire (IP=16,US)
54.221.66.191	32	AR	None	2021-06-04 00:00:00	2021-09-02 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire Report (IP=191,US)
54.222.181.198	24	RB	None	2021-06-12 00:00:00	2021-09-10 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=198,CN) | updated by RB Block was inactive. Reactivated on 20210612 with reason HTTP: SQL Injection Attempt Detected - 6hr web attacks (IP=198,CN) HTTP: SQL
54.222.181.198	24	RB	None	2021-06-12 00:00:00	2021-09-10 00:00:00	None	HTTP: SQL Injection Attempt Detected - 6hr web attacks (IP=198,CN)
54.222.181.198	24	BMP	None	2020-05-18 00:00:00	2021-09-10 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=198,CN) | updated by RB Block was inactive. Reactivated on 20210612 with reason HTTP: SQL Injection Attempt Detected - 6hr web attacks (IP=198,CN) HTTP: SQL
54.222.190.93	24	DT	None	2021-09-03 00:00:00	2021-12-02 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=93,CN)
54.223.50.162	24	BMP	None	2021-05-25 00:00:00	2021-08-23 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=162,CN)
54.224.14.181	32	BMP	None	2021-06-22 00:00:00	2021-09-20 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - SourceFire (IP=181,US)
54.224.141.220	32	BMP	None	2021-02-08 00:00:00	2021-05-09 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=220,US)
54.224.143.125	32	BMP	None	2021-06-03 00:00:00	2021-09-01 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=125,US)
54.224.143.125	32	BMP	None	2021-06-03 00:00:00	2021-09-01 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=125,US)
54.224.208.75	32	RW	None	2021-09-27 00:00:00	2021-12-26 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - Sourcefire (IP=75,US)
54.224.208.75	32	RW	None	2021-09-27 00:00:00	2021-12-26 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - Sourcefire (IP=75,US)
54.224.248.126	32	DT	None	2021-02-10 00:00:00	2021-05-10 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=126,US)
54.224.249.247	32	ZH	None	2021-06-09 00:00:00	2021-09-07 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire Report (IP=247,US)
54.224.4.38	32	RW	None	2021-09-27 00:00:00	2021-12-26 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire (IP=38,US)
54.224.4.38	32	RW	None	2021-09-27 00:00:00	2021-12-26 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire (IP=38,US)
54.224.53.105	32	BMP	None	2021-09-15 00:00:00	2021-12-14 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=105,US)
54.224.63.192	32	BMP	None	2020-10-11 00:00:00	2021-01-09 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=192,US)
54.226.151.153	32	RW	None	2021-07-23 00:00:00	2021-10-21 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - Sourcefire (IP=153,US)
54.226.165.95	32	BMP	None	2021-07-15 00:00:00	2021-10-13 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - SourceFire (IP=95,US)
54.226.175.84	32	DT	None	2021-06-24 00:00:00	2021-09-22 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - Source Fire (IP=84,US)
54.226.23.58	32	KD	None	2021-05-28 00:00:00	2021-08-27 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt -Sourcefire (IP=58,US)
54.226.242.219	24	BMP	None	2021-06-15 00:00:00	2021-09-13 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=219,MA)
54.227.179.122	32	ZH	None	2021-06-27 00:00:00	2021-09-25 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - Sourcefire Rpt (IP=122,US)
54.227.233.216	32	BMP	None	2021-05-03 00:00:00	2021-08-01 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=216,US)
54.227.7.146	32	ZH	None	2021-08-20 00:00:00	2021-11-18 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire (IP=146,US)
54.230.139.94	32	RB	None	2021-05-02 00:00:00	2021-08-02 00:00:00	None	INDICATOR-OBFUSCATION obfuscated javascript excessive fromCharCode potential attack - TT# 21C01118 (IP=94,US)
54.230.31.111	32	KH	None	2021-07-27 00:00:00	2021-10-25 00:00:00	None	INDICATOR-OBFUSCATION obfuscated javascript excessive - TT 21C01470 (IP=111,US)
54.230.31.95	32	RT	None	2021-07-16 00:00:00	2021-10-14 00:00:00	None	Unauthorized Access-Probe - TT# 21C01452 (IP=95,US)
54.232.75.186	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=186,BR)
54.234.209.158	32	AR	None	2021-06-22 00:00:00	2021-09-20 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - SourceFire Report (IP=158,US)
54.234.6.86	32	BMP	None	2021-04-27 00:00:00	2021-07-26 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=86,US)
54.235.11.62	32	KH	None	2021-08-31 00:00:00	2021-11-29 00:00:00	None	OpenSSL TLSv1.2 Heartbeat (Heartbleed) Information Leak Vulnerability - FE IPS (IP=62,US)
54.235.37.131	32	BMP	None	2021-06-23 00:00:00	2021-09-21 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=131,US)
54.235.45.13	32	BMP	None	2021-03-23 00:00:00	2021-06-21 00:00:00	None	SERVER-OTHER OpenSSL TLSv1.2 heartbeat read overrun attempt (1:30513:8) - SourceFire (IP=13,US)
54.235.53.161	32	BMP	None	2021-03-13 00:00:00	2021-06-13 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - SourceFire (IP=161,US)
54.236.250.120	32	ZH	None	2021-06-09 00:00:00	2021-09-07 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - Sourcefire Report (IP=120,US)
54.236.75.60	32	AR	None	2021-07-02 00:00:00	2021-09-30 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - SourceFire (IP=60,US)
54.236.82.103	32	BMP	None	2021-03-13 00:00:00	2021-06-13 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - SourceFire (IP=103,US)
54.237.213.251	32	BMP	None	2020-10-01 00:00:00	2021-01-01 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=1251,US)
54.239.152.19	32	RW	None	2021-09-28 00:00:00	2021-12-27 00:00:00	None	INDICATOR-OBFUSCATION obfuscated javascript excessive fromCharCode - potential attack - TT# 21C01978 (IP=19,US)
54.242.141.161	32	ZH	None	2021-08-19 00:00:00	2021-11-17 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire Rpt (IP=161,US)
54.242.173.33	32	BMP	None	2021-08-15 00:00:00	2021-11-13 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SoureFire (IP=33,US)
54.242.38.230	32	BMP	None	2021-04-27 00:00:00	2021-07-26 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - SourceFire (IP=230,US)
54.243.194.197	32	BMP	None	2021-03-30 00:00:00	2021-06-28 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=197,US)
54.243.26.180	32	BMP	None	2021-04-27 00:00:00	2021-07-26 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=180,US)
54.248.139.33	24	BMP	None	2021-03-25 00:00:00	2021-06-23 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=33,JP)
54.251.161.50	24	BMP	None	2021-04-10 00:00:00	2021-07-10 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=50,SG)
54.251.189.149	24	RR	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=149,SG)
54.251.207.69	24	EE	None	2021-04-02 00:00:00	2021-07-01 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=69,SG)
54.254.80.78	24	EE	None	2021-04-07 00:00:00	2021-07-06 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - Sourcefire (IP=78,SG)
54.255.18.198	24	DT	None	2021-04-04 00:00:00	2021-07-03 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841)- 6hr Web Attacks (IP=198,SG)
54.36.109.237	24	CR	None	2020-12-29 00:00:00	2021-03-29 00:00:00	None	Masscan TCP Port Scanner - IPS Events (IP=237,FR)
54.36.109.71	32	dbc	None	2020-03-24 00:00:00	2021-03-24 00:00:00	None	DE TO-S-2020-0369 Malicious Email Activity
54.36.120.230	32	NAB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HIVE Case #5136 TO-S-21-1197 TO-S-21-1197.01 (IP=230,FR)
54.36.166.26	32	DT	None	2021-02-08 00:00:00	2021-05-08 00:00:00	None	Unauthorized Access-Probe - TT# 21C00479 (IP=26,UK)
54.36.185.124	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	FR Hive Case 4187 TO-S-2021-0898 Malicious Web Application Activity
54.36.221.51	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	IT TO-S-2020-0459 Malware Activity
54.36.49.151	32	RB	None	2020-03-06 00:00:00	2021-10-29 00:00:00	None	Known Attack Tool User Agent / HTTP: Masscan Scanner Traffic Detected - TT# 20C02003 (IP=151,FR) | updated by dbc Block was inactive. Reactivated on 20201029 with reason FR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
54.36.64.245	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	Unaffiliated TO-S-2020-0535 Malware Activity
54.36.84.241	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	PT TO-S-2020-0459 Malware Activity
54.36.91.62	32	NAB	None	2020-10-30 00:00:00	2021-01-28 00:00:00	None	HIVE Case #4238 COLS-NA-TIP-20-0344 (IP=62,FR)
54.37.100.120	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	IT TO-S-2020-0493 Malware Activity
54.37.121.239	32	RR	None	2019-01-03 06:00:00	2021-04-23 00:00:00	None	SQL 1 = 1 - possible sql injection attempt (IP=239,US) | updated by KF with reason Generic ArcSight scan attempt (IP=239,FR) | updated by dbc Block was inactive. Reactivated on 20200423 with reason FR TO-S-2020-0459 Malware Activity
54.37.13.231	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	FR TO-S-2020-0459 Malware Activity
54.37.137.174	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	FR Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
54.37.159.235	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	FR TO-S-2020-0303 Malicious Email Activity
54.37.177.16	32	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	FR TO-S-2020-0315 Malicious Web Application Activity
54.37.21.211	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	FR TO-S-2020-0493 Malware Activity
54.37.254.102	24	DT	None	2020-10-03 00:00:00	2021-01-03 00:00:00	None	SERVER-WEBAPP Ulterius web server directory traversal attempt - Web Attacks (IP=102,FR)
54.37.46.151	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	FR TO-S-2020-0298 Malicious Email Activity
54.37.77.37	24	DT	None	2021-03-13 00:00:00	2021-06-13 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=37,DE)
54.38.116.51	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	CZ TO-S-2020-0459 Malware Activity
54.38.123.225	32	jkc	None	2020-06-26 00:00:00	2021-06-26 00:00:00	None	Case # 3146 - IOC_ CTO 20-172 malicious callback IP (ip=225,FR)
54.38.141.137	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	PL Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
54.38.143.246	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	FR TO-S-2021-0876 Hive Case 4166 Malware Activity
54.38.153.82	32	NAB	None	2020-10-30 00:00:00	2021-01-28 00:00:00	None	HIVE Case #4238 COLS-NA-TIP-20-0344 (IP=82,DE)
54.38.160.197	24	EE	None	2021-02-10 00:00:00	2021-05-10 00:00:00	None	Unauthorized Access-Probe - TT# 21C00486 (IP=197,FR)
54.38.238.92	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	IT TO-S-2020-0331 Malicious Web Application Activity
54.38.79.247	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	GB Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
54.38.92.149	32	GM	None	2021-03-27 00:00:00	2021-06-25 00:00:00	None	Unauthorized Access-Probe/UPD: Host Sweep - TT # 21C00898 (IP=149,FR)
54.39.107.19	24	RR	None	2021-03-30 00:00:00	2021-06-28 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt -SourceFire (IP=19,CA)
54.39.131.131	24	WR	None	2021-06-09 00:00:00	2021-09-07 00:00:00	None	Unauthorized Access-Probe / UDP: Host Sweep - TT# TT# 21C01237 (IP=131, CA)
54.39.48.123	24	PS	None	2021-05-27 00:00:00	2021-08-25 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - SourceFire (1:45749:2) (IP=123,CA)
54.39.78.71	24	RR	None	2021-06-19 00:00:00	2021-09-17 00:00:00	None	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt - Web Attacks (IP=71,CA)
54.70.48.237	32	BMP	None	2021-04-02 00:00:00	2021-07-01 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=237,US)
54.79.53.149	24	EE	None	2021-03-28 00:00:00	2021-06-26 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks(IP=149,AU)
54.80.153.102	32	DT	None	2021-08-12 00:00:00	2021-11-10 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Source Fire (IP=102,US)
54.80.61.19	32	EDB	None	2020-12-11 00:00:00	2021-03-11 00:00:00	None	HIVE Case #4537 Nuclei Vulnerability Scanner (IP=19,US)
54.81.102.20	32	ZH	None	2021-06-28 00:00:00	2021-09-26 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - Sourcefire Rpt (IP=20,US)
54.81.112.157	32	AR	None	2021-06-22 00:00:00	2021-09-20 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire Report (IP=157,US)
54.81.122.29	32	AR	None	2021-06-09 00:00:00	2021-09-07 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire Report (IP=29,US)
54.81.175.185	32	RW	None	2021-09-20 00:00:00	2021-12-19 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire (IP=185,US)
54.81.176.153	32	SW	None	2021-07-25 00:00:00	2021-10-23 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=153, US)
54.81.63.40	32	BMP	None	2021-08-15 00:00:00	2021-11-13 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SoureFire (IP=40,US)
54.82.40.87	32	BMP	None	2021-07-04 00:00:00	2021-10-02 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=87,US
54.82.42.176	32	BMP	None	2021-07-03 00:00:00	2021-10-01 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - SourceFire (IP=176,US)
54.82.67.242	32	ZH	None	2021-06-27 00:00:00	2021-09-26 00:00:00	None	SQL injection - 6hr Web Attacks (IP=242,US) | updated by SW Block expiration extended with reason Apache Struts 2 CVE-2013-1965 Remote Code Execution - IPS Events (IP=242,US) Apache Struts 2 CVE-2013-1965 Remote Code Execution - IPS Events (IP=242,US)
54.82.67.242	32	SW	None	2021-06-28 00:00:00	2021-09-26 00:00:00	None	SQL injection - 6hr Web Attacks (IP=242,US) | updated by SW Block expiration extended with reason Apache Struts 2 CVE-2013-1965 Remote Code Execution - IPS Events (IP=242,US) Apache Struts 2 CVE-2013-1965 Remote Code Execution - IPS Events (IP=242,US)
54.82.74.43	32	RW	None	2021-06-01 00:00:00	2021-08-30 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - Sourcefire (IP=43,US)
54.82.74.43	32	RW	None	2021-06-01 00:00:00	2021-08-30 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - Sourcefire (IP=43,US)
54.82.78.26	32	ZH	None	2021-08-22 00:00:00	2021-11-20 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - Sourcefire (IP=26,US)
54.82.83.11	32	AR	None	2021-06-26 00:00:00	2021-09-24 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - SourceFire (IP=11,US)
54.83.123.140	32	BMP	None	2021-05-03 00:00:00	2021-08-01 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=140,US)
54.83.188.11	32	BMP	None	2021-08-07 00:00:00	2021-11-05 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - SourceFire (IP=11,US)
54.83.52.77	32	dbc	None	2020-09-01 00:00:00	2021-09-01 00:00:00	None	IN HIVE Case #3744 TO-S-2020-0772 Malicious Email Activity
54.84.112.149	32	BMP	None	2021-02-23 00:00:00	2021-05-24 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=149,US)
54.84.211.121	32	AR	None	2021-05-21 00:00:00	2021-08-19 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - SourceFire Report (IP=121,US)
54.85.153.73	24	BMP	None	2021-06-15 00:00:00	2021-09-13 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=73,MA)
54.85.174.243	32	RW	None	2021-07-17 00:00:00	2021-10-15 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire (IP=243,US)
54.85.202.206	32	KD	None	2021-05-28 00:00:00	2021-08-27 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt -Sourcefire (IP=206,US)
54.86.116.28	32	RW	None	2021-06-01 00:00:00	2021-08-30 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - Sourcefire (IP=28,US)
54.86.116.28	32	RW	None	2021-06-01 00:00:00	2021-08-30 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - Sourcefire (IP=28,US)
54.86.146.34	32	ZH	None	2021-08-26 00:00:00	2021-11-24 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - Sourcefire (IP=34,US)
54.86.192.124	32	SW	None	2021-10-01 00:00:00	2021-12-30 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - WebAttacks (IP=124, US)
54.86.20.211	32	BMP	None	2021-02-11 00:00:00	2021-05-11 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=211,US)
54.86.55.40	32	BMP	None	2021-06-09 00:00:00	2021-09-07 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - Sourcefire (IP=40,US)
54.86.77.128	32	KH	None	2021-08-31 00:00:00	2021-11-29 00:00:00	None	OpenSSL TLSv1.2 Heartbeat (Heartbleed) Information Leak Vulnerability - FE IPS (IP=128,US)
54.86.91.105	32	BMP	None	2021-06-22 00:00:00	2021-09-20 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - SourceFire (IP=105,US)
54.87.24.138	32	PS	None	2021-05-19 00:00:00	2021-08-17 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2)-Sourcefire Report (IP=138,US)
54.87.241.192	32	KH	None	2021-08-31 00:00:00	2021-11-29 00:00:00	None	Masscan TCP Port Scanner - FE IPS (IP=192,US)
54.88.144.24	32	ZH	None	2021-06-12 00:00:00	2021-09-10 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - Sourcefire Rpt (IP=24,US)
54.88.144.24	32	ZH	None	2021-06-12 00:00:00	2021-09-10 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - Sourcefire Rpt (IP=24,US)
54.88.202.231	32	BMP	None	2021-02-02 00:00:00	2021-05-02 00:00:00	None	SQL injection - 6hr Web Attacks (IP=231,US)
54.88.236.4	32	SW	None	2021-05-20 00:00:00	2021-08-19 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt SourceFire (IP=64,US)
54.88.250.70	32	AR	None	2021-07-18 00:00:00	2021-10-16 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=70,US)
54.88.41.44	32	BMP	None	2021-08-08 00:00:00	2021-11-06 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - SourceFire (IP=44,US)
54.88.54.52	32	BMP	None	2021-09-09 00:00:00	2021-12-08 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=52, US)
54.88.7.42	32	ZH	None	2021-07-04 00:00:00	2021-10-02 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire Rpt (IP=42,US)
54.89.174.179	32	CR	None	2021-05-31 00:00:00	2021-08-29 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=179,US)
54.89.176.126	32	CR	None	2021-05-31 00:00:00	2021-08-29 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=126,US)
54.89.197.38	32	BMP	None	2021-07-03 00:00:00	2021-10-01 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - SourceFire (IP=38,US)
54.89.250.37	32	ZH	None	2021-06-09 00:00:00	2021-09-07 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire Report (IP=37,US)
54.89.64.56	32	BMP	None	2021-08-15 00:00:00	2021-11-13 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SoureFire (IP=56,US)
54.90.143.36	32	BMP	None	2021-03-08 00:00:00	2021-06-08 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=36,US)
54.90.178.113	32	CR	None	2021-05-31 00:00:00	2021-08-29 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=113,US)
54.90.181.99	24	BMP	None	2021-06-15 00:00:00	2021-09-13 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=99,MA)
54.90.238.161	32	BMP	None	2021-08-15 00:00:00	2021-11-13 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SoureFire (IP=161,US)
54.90.54.89	32	BMP	None	2021-09-15 00:00:00	2021-12-14 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=89,US)
54.91.254.213	32	DT	None	2021-08-12 00:00:00	2021-11-10 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Source Fire (IP=213,US)
54.91.74.170	32	AR	None	2021-06-04 00:00:00	2021-09-02 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire Report (IP=170,US)
54.91.76.69	32	RW	None	2021-07-23 00:00:00	2021-10-21 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - Sourcefire (IP=69,US)
54.91.86.131	32	DT	None	2021-07-12 00:00:00	2021-10-10 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45199:2) - Source Fire (IP=131,US)
54.92.169.132	32	BMP	None	2021-08-15 00:00:00	2021-11-13 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SoureFire (IP=132,US)
54.92.194.76	32	BMP	None	2021-08-15 00:00:00	2021-11-13 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SoureFire (IP=76,US)
54.95.139.58	24	BMP	None	2021-03-30 00:00:00	2021-06-28 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=58,JP)
5435926218.elmatea.net	---	TLM	None	2021-06-15 00:00:00	2021-09-13 00:00:00	2023-01-19 22:57:28	HIVE Case #5605 TO-S-2021-1338
58.136.97.178	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	TH TO-S-2020-0303 Malicious Email Activity
58.142.130.101	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	KR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
58.146.208.135	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	KR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
58.152.108.228	24	EE	None	2021-02-07 00:00:00	2021-05-07 00:00:00	None	SERVER-WEBAPP Linksys E-series HNAP TheMoon remote code execution attempt (1:29831:3) - SourceFire (IP=228,HK)
58.152.233.145	24	BMP	None	2020-12-15 00:00:00	2021-03-15 00:00:00	None	SSH User Authentication Brute Force Attempt - 6hr Failed Logons (IP=145,KG)
58.16.34.3	24	RR	None	2020-11-03 00:00:00	2021-02-01 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attcks (IP=3,CN)
58.171.153.81	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	AU TO-S-2021-0876 Hive Case 4166 Malware Activity
58.178.92.208	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	AU TO-S-2020-0298 Malicious Email Activity
58.180.5.170	24	FT	None	2021-04-06 00:00:00	2021-07-05 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=170,KR)
58.181.19.220	24	RR	None	2021-05-11 00:00:00	2021-08-09 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=220,KR)
58.185.118.21	24	DT	None	2021-03-21 00:00:00	2021-06-19 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=21,SG)
58.186.128.0	20	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	VN TO-S-2021-0989 Hive Case # 4493 Malicious Web Application Activity
58.186.134.212	24	RR	None	2021-05-18 00:00:00	2021-08-16 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - Failed Logons (IP=212,VN)
58.186.149.5	24	RW	None	2021-04-29 00:00:00	2021-07-29 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web attacks (IP=5,VN)
58.186.237.158	24	AR	None	2021-09-03 00:00:00	2021-12-02 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6Hr Failed Logons (IP=158,VN)
58.186.51.215	24	BMP	None	2021-06-15 00:00:00	2021-09-13 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6hr Failed Logons (IP=215,VN)
58.186.96.0	20	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	VN Hive Case 4237 TO-S-2021-0910 Malware Activity
58.187.172.64	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	VN TO-S-2020-0298 Malicious Email Activity
58.187.174.97	24	AR	None	2021-08-29 00:00:00	2021-11-27 00:00:00	None	HTTP: PHP File Inclusion Vulnerability – 6hr Web Attack (IP=97,VN)
58.187.56.198	32	wmp	None	2021-04-29 00:00:00	2021-07-29 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=198,VN)
58.187.96.0	20	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	VN Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
58.19.198.121	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=121,CN)
58.19.249.50	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=50,CN)
58.210.235.10	24	RR	None	2020-12-13 00:00:00	2021-03-13 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=10,CN)
58.212.255.58	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=58,CN)
58.213.128.118	24	SW	None	2021-07-22 00:00:00	2021-10-20 00:00:00	None	SERVER-WEBAPP Laravel Framework PendingCommand arbitrary command execution attempt (1:54602:1) - SourceFire (IP=118, CN)
58.213.128.118	24	SW	None	2021-07-22 00:00:00	2021-10-20 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt - WebAttacks (IP=118, CN)
58.213.128.118	24	KH	None	2021-07-22 00:00:00	2021-10-20 00:00:00	None	Apache Struts Jakarta Multipart Parser Remote Code Execution - FE IPS (IP=118,CN)
58.214.111.27	24	AR	None	2021-09-11 00:00:00	2021-12-10 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6Hr Failed Logons (IP=27,CN)
58.214.34.58	24	RW	None	2021-03-07 00:00:00	2021-06-07 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr web attacks (IP=58,CN)
58.219.156.197	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=197,CN)
58.219.156.197	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=197,CN)
58.219.210.71	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=71,CN)
58.221.134.98	24	RT	None	2021-09-25 00:00:00	2021-12-24 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 21C01955 (IP=98,CN)
58.223.177.232	32	DT	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - 6hr web attacks (IP=232,CN)
58.223.177.232	32	DT	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - 6hr web attacks (IP=232,CN)
58.223.177.232	32	DT	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - 6hr web attacks (IP=232,CN)
58.225.132.20	24	CR	None	2021-04-29 00:00:00	2021-07-29 00:00:00	None	SSH User Authentication Brute Force Attempt _Failed Logon Report (IP=20,KR)
58.231.158.79	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	KR TO-S-2020-0303 Malicious Email Activity
58.240.147.97	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=97,CN)
58.240.54.109	24	BMP	None	2021-04-10 00:00:00	2021-07-10 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=109,CN)
58.242.147.229	24	RW	None	2021-02-09 00:00:00	2021-05-09 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Sourcefire (IP=229,CN)
58.244.159.10	24	GM	None	2021-01-12 00:00:00	2021-04-12 00:00:00	None	Hello Peppa Scan - FireEye CMS (IP=10,CN)
58.246.174.66	24	RR HTTP:	None	2021-04-23 00:00:00	2021-07-23 00:00:00	None	ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=66,CN)
58.246.191.190	24	FT	None	2021-04-06 00:00:00	2021-07-05 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=190,CN)
58.246.77.102	24	BMP	None	2021-04-10 00:00:00	2021-07-10 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=102,CN) | updated by RW Block expiration extended with reason SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Sourcefire (IP=102,CN)
58.247.125.200	24	GM	None	2021-03-09 00:00:00	2021-06-07 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=200,CN)
58.247.51.194	24	RR	None	2021-08-30 00:00:00	2021-11-28 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Web Attacks (IP=194,CN)
58.248.140.81	32	srm	None	2021-05-19 00:00:00	2021-08-17 00:00:00	None	Firepower Suspicious Scan Activity (IP=81,CN)
58.248.149.60	24	KH	None	2021-08-17 00:00:00	2021-11-15 00:00:00	None	Generic URI Injection wget Attempt -
58.248.150.211	32	srm	None	2021-04-23 00:00:00	2021-07-22 00:00:00	None	Firepower Suspicious Scan Activity (IP=211,CN)
58.248.175.230	24	RR	None	2020-10-20 00:00:00	2021-01-18 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=230,CN)
58.248.193.165	24	WR	None	2021-05-19 00:00:00	2021-08-17 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - 6hr web attacks (IP=165,CN)
58.248.193.166	32	srm	None	2021-04-27 00:00:00	2021-07-26 00:00:00	None	Firepower Suspicious Scan Activity (IP=166,CN)
58.248.193.96	32	srm	None	2021-04-23 00:00:00	2021-07-22 00:00:00	None	Firepower Suspicious Scan Activity (IP=96,CN)
58.248.76.18	24	SW	None	2021-06-09 00:00:00	2021-09-07 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Web Attacks(IP=18, CN)
58.248.82.144	24	GM	None	2021-03-03 00:00:00	2021-06-03 00:00:00	None	Generic URI Injection wget Attempt - FireEye CMS (IP=144,CN)
58.249.13.44	24	GM	None	2021-01-26 00:00:00	2021-04-26 00:00:00	None	Generic URI Injection wget Attempt - FireEye CMS (IP=44,CN)
58.249.15.105	32	srm	None	2021-04-27 00:00:00	2021-07-26 00:00:00	None	Firepower Suspicious Scan Activity (IP=105,CN)
58.249.73.66	32	wmp	None	2021-05-04 00:00:00	2021-08-04 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=66,CN)
58.249.74.62	32	wmp	None	2021-05-04 00:00:00	2021-08-04 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=62,CN)
58.249.75.167	32	srm	None	2021-04-30 00:00:00	2021-07-30 00:00:00	None	Firepower Suspicious Scan Activity (IP=167,CN)
58.249.75.57	32	srm	None	2021-05-04 00:00:00	2021-08-02 00:00:00	None	Firepower Suspicious Scan Activity (IP=57,CN)
58.249.76.229	32	srm	None	2021-05-04 00:00:00	2021-08-02 00:00:00	None	Firepower Suspicious Scan Activity (IP=229,CN)
58.249.77.29	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=29,CN)
58.249.81.214	32	srm	None	2021-05-05 00:00:00	2021-08-03 00:00:00	None	Firepower Suspicious Scan Activity (IP=214,CN)
58.249.87.122	24	BB	None	2021-09-10 00:00:00	2021-12-09 00:00:00	None	Malicious.LIVE.DTI.URL - CMS (IP=122,CN)
58.249.87.39	32	wmp	None	2021-05-11 00:00:00	2021-08-11 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=39,CN)
58.249.87.65	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=65,CN)
58.249.89.59	32	wmp	None	2021-04-23 00:00:00	2021-07-23 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=59,CN)
58.249.91.118	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=118,CN)
58.249.91.164	24	KH	None	2021-07-08 00:00:00	2021-10-06 00:00:00	None	Generic URI Injection wget Attempt - IPS Events (IP=164,CN)
58.250.161.97	24	BMP	None	2021-04-02 00:00:00	2021-07-01 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=97,CN)
58.250.20.15	32	BB	None	2021-09-18 00:00:00	2021-12-17 00:00:00	None	Attempted Access - Inbound Brute Force - TT#21C01886 (IP=15, US)
58.252.178.229	32	srm	None	2021-04-30 00:00:00	2021-07-30 00:00:00	None	Firepower Suspicious Scan Activity (IP=229,CN)
58.252.197.119	32	wmp	None	2021-04-20 00:00:00	2021-07-20 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=119,CN)
58.252.205.84	24	KH	None	2021-08-17 00:00:00	2021-11-15 00:00:00	None	Generic URI Injection wget Attempt -
58.253.12.43	32	srm	None	2021-05-05 00:00:00	2021-08-03 00:00:00	None	Firepower Suspicious Scan Activity (IP=43,CN)
58.253.151.249	24	UA	None	2021-09-29 00:00:00	2021-12-28 00:00:00	None	SQL injection - 6hr web attacks (IP=249,CN)
58.253.8.23	32	srm	None	2021-04-27 00:00:00	2021-07-26 00:00:00	None	Firepower Suspicious Scan Activity (IP=23,CN)
58.255.141.171	32	srm	None	2021-05-04 00:00:00	2021-08-02 00:00:00	None	Firepower Suspicious Scan Activity (IP=171,CN)
58.255.143.198	32	srm	None	2021-05-19 00:00:00	2021-08-17 00:00:00	None	Firepower Suspicious Scan Activity (IP=198,CN)
58.255.15.75	32	srm	None	2021-05-17 00:00:00	2021-08-15 00:00:00	None	Firepower Suspicious Scan Activity (IP=75,CN)
58.27.232.0	21	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	PK Hive Case 4237 TO-S-2021-0910 Malware Activity
58.27.64.181	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	MY TO-S-2020-0698 unknown activity
58.34.1.22	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=22,CN)
58.44.247.87	24	SW	None	2021-06-01 00:00:00	2021-08-30 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Web Attacks(IP=87,CN)
58.46.169.194	32	srm	None	2021-05-17 00:00:00	2021-08-15 00:00:00	None	Firepower Suspicious Scan Activity (IP=194,CN)
58.47.177.161	24	EE	None	2021-02-13 00:00:00	2021-05-13 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6 HR Web Attack (IP=161,CN)
58.56.140.242	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=242,CN)
58.56.85.242	24	RB	None	2021-05-08 00:00:00	2021-08-06 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr web attacks (IP=242,CN)
58.57.183.170	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=170,CN)
58.65.153.246	24	BMP	None	2020-10-16 00:00:00	2021-01-14 00:00:00	None	FTP Login Failed - 6hr Failed Logons (IP=246,PK)
58.65.194.85	24	DT	None	2021-03-14 00:00:00	2021-06-14 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=85,PK)
58.69.105.55	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	PH Hive Case 4237 TO-S-2021-0910 Malware Activity
58.69.174.237	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=237,PH)
58.70.123.88	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	JP TO-S-2020-0331 Malicious Web Application Activity
58.71.17.2	32	TLM	None	2021-06-17 00:00:00	2021-12-17 00:00:00	None	HIVE Case #5644 TO-S-2021-1352 (IP=2,PH)
58.8.157.175	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	TH TO-S-2020-0298 Malicious Email Activity
58.8.157.240	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	TH Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
58.84.43.239	24	RR	None	2021-03-23 00:00:00	2021-06-21 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=239,MY)
58.87.100.65	24	BMP	None	2021-03-07 00:00:00	2021-06-07 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=65,CN)
58.87.90.106	24	RW	None	2021-03-31 00:00:00	2021-06-30 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Sourcefire (IP=106,IN)
58.87.96.38	24	RR	None	2021-03-29 00:00:00	2021-06-27 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=38,CN)
58.97.201.45	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=45,KH)
58.97.206.33	32	srm	None	2021-01-29 00:00:00	2021-04-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=33,BD)
58.97.208.111	24	EE	None	2021-02-12 00:00:00	2021-05-12 00:00:00	None	SERVER-WEBAPP LifeRay arbitrary Java object deserialization attempt - 6 HR Web Attack (IP=111,KH)
59.103.105.133	24	BMP	None	2021-04-10 00:00:00	2021-07-09 00:00:00	None	FTP Login Failed (1:46898:1) - 6hr Failed Logons (IP=133,PK)
59.103.109.152	24	DT	None	2021-01-24 00:00:00	2021-04-24 00:00:00	None	FTP Login Failed - 6hr Failed Logons (IP=152,PK)
59.103.180.0	24	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,PK)
59.106.211.26	24	EE	None	2021-03-22 00:00:00	2021-06-20 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attack(IP=26,JP)
59.110.136.215	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	HIVE Case #Firepower Firepower (IP=215,CN)
59.110.141.107	24	DT	None	2021-09-01 00:00:00	2021-11-30 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=107,CN)
59.110.170.61	24	SW	None	2021-09-02 00:00:00	2021-12-01 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - WebAttacks (IP=61,CN)
59.110.218.10	24	RW	None	2021-04-02 00:00:00	2021-07-02 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=10,CN)
59.110.225.225	24	BMP	None	2021-04-10 00:00:00	2021-10-02 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=225,CN) | updated by ZH Block expiration extended with reason HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=225,CN)
59.110.230.30	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=30,CN)
59.110.25.52	24	BMP	None	2021-03-25 00:00:00	2021-06-25 00:00:00	None	FTP Login Failed - 6hr Failed Logons (IP=52,CN)
59.110.51.39	24	RR	None	2021-05-31 00:00:00	2021-08-29 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=39,CN)
59.115.124.125	32	TLM	None	2021-06-10 00:00:00	2021-12-10 00:00:00	None	HIVE CASE #5606 TO-S-2021-1338
59.115.99.8	32	TLM	None	2021-06-10 00:00:00	2021-12-10 00:00:00	None	HIVE CASE #5606 TO-S-2021-1338
59.12.209.209	24	GM	None	2021-01-30 00:00:00	2021-04-30 00:00:00	None	Generic URI Injection wget Attempt - FireEye CMS (IP=209,KR)
59.12.222.76	32	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5637 TO-S-2021-1321 (IP=76,KR)
59.120.9.45	24	BMP	None	2021-07-27 00:00:00	2021-10-25 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - 6hr Web Attacks (IP=45,TW)
59.125.180.56	24	RW	None	2021-03-31 00:00:00	2021-06-30 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability - 6hr web attacks (IP=56,TW)
59.125.204.199	24	WR	None	2021-06-27 00:00:00	2021-09-25 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr Web Attacks (IP=199,TW)
59.127.238.44	32	GM	None	2020-10-05 00:00:00	2021-01-05 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 21C00024 (IP=44,TW)
59.128.66.213	32	srm	None	2021-01-29 00:00:00	2021-04-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=213,JP)
59.138.56.73	24	BMP	None	2021-03-10 00:00:00	2021-06-10 00:00:00	None	SERVER-WEBAPP LifeRay arbitrary Java object deserialization attempt - 6hr web attacks (IP=73,JP)
59.144.160.0	21	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	IN Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
59.144.174.42	32	dbc	None	2020-01-08 00:00:00	2021-01-08 00:00:00	None	IN TO-S-2020-0236 Malicious Email Activity
59.151.249.43	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	KR TO-S-2021-1007 Malicious Email Activity
59.152.245.126	24	RR	None	2020-11-07 00:00:00	2021-02-05 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - SourceFire (IP=126,HK)
59.152.60.0	22	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	BD TO-S-2020-0303 Malicious Email Activity
59.152.96.0	20	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,BD)
59.160.204.56	24	RR	None	2020-11-03 00:00:00	2021-02-01 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attcks (IP=56,IN)
59.164.64.0	22	jkc	None	2021-04-21 00:00:00	2021-10-21 00:00:00	None	Case # 5273 IOC_TO-S-2021-1233 Malicious callback IP
59.17.198.78	32	dbc	None	2020-09-17 00:00:00	2021-09-17 00:00:00	None	KR TO-S-2020-0805 Malicious activity
59.173.241.186	24	RR	None	2021-03-08 00:00:00	2021-06-06 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=186,CN)
59.175.44.87	24	GM	None	2020-12-08 00:00:00	2021-03-08 00:00:00	None	Generic URI Injection wget Attempt - FireEye CMS (IP=87,TH)
59.175.63.177	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=177,CN)
59.177.38.126	24	GM	None	2020-10-25 00:00:00	2021-01-25 00:00:00	None	Generic URI Injection wget Attempt - FireEye CMS (IP=126,IN)
59.18.142.58	24	WR	None	2021-06-27 00:00:00	2021-09-25 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr Web Attacks (IP=58,KR)
59.187.218.7	24	GM	None	2020-12-25 00:00:00	2021-03-25 00:00:00	None	Generic URI Injection wget Attempt - FireEye CMS (IP=7,KR)
59.187.221.12	32	wmp	None	2021-04-20 00:00:00	2021-07-20 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=12,KR)
59.20.196.35	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	KR TO-S-2020-0698 Malware Activity
59.23.179.38	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	KR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
59.36.160.84	32	wmp	None	2021-02-18 00:00:00	2021-05-18 00:00:00	None	Firepower Suspicious Scan Activity (IP=84,CN)
59.45.108.94	24	FT	None	2020-10-17 00:00:00	2021-01-18 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=94,CN) | updated by FT Block expiration extended with reason SERVER-WEBAPP vBulletin pre-authenticated command injection attempt (1:51620:4)- SourceFire (IP=94,CN)
59.48.102.174	24	RR	None	2020-10-20 00:00:00	2021-01-18 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=174,CN)
59.53.182.34	24	GM	None	2021-03-04 00:00:00	2021-06-05 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=34,CN)
59.55.6.42	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	HIVE Case #Firepower Firepower (IP=42,CN)
59.60.117.163	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=163,CN)
59.63.224.116	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	HIVE Case #Firepower Firepower (IP=116,CN)
59.7.50.57	24	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=57,KR)
59.88.0.0	20	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,IN)
59.88.137.58	32	srm	None	2021-05-17 00:00:00	2021-08-15 00:00:00	None	Firepower Suspicious Scan Activity (IP=58,IN)
59.89.128.0	20	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,IN)
59.89.88.41	24	RW	None	2020-11-27 00:00:00	2021-02-25 00:00:00	None	FTP Login Failed - 6hr failed logons (IP=41,IN)
59.9.157.71	24	WR	None	2021-06-23 00:00:00	2021-09-21 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (1:42857:3) - Sourcefire Report (IP=71,KR)
59.90.32.0	20	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	IN TO-S-2020-0331 Malicious Web Application Activity
59.92.217.163	24	GM	None	2020-10-31 00:00:00	2021-01-31 00:00:00	None	Generic URI Injection wget Attempt - FireEye CMS (IP=163,IN)
59.92.219.45	24	GM	None	2020-12-25 00:00:00	2021-03-25 00:00:00	None	Generic URI Injection wget Attempt - FireEye CMS (IP=45,IN)
59.93.16.0	20	NAB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HIVE Case #5136 TO-S-21-1197 TO-S-21-1197.01 (IP=0,IN)
59.93.19.252	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=252,IN)
59.93.21.148	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=148,IN)
59.94.180.72	24	RR	None	2021-01-07 00:00:00	2021-04-07 00:00:00	None	Generic URI Injection wget Attempt - IPS Events (IP=72,AU)
59.94.181.130	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=130,IN)
59.94.181.171	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=171,IN)
59.94.181.25	32	wmp	None	2021-04-20 00:00:00	2021-07-20 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=25,IN)
59.94.182.88	32	srm	None	2021-04-22 00:00:00	2021-07-21 00:00:00	None	Firepower Suspicious Scan Activity (IP=88,IN)
59.94.183.55	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=55,IN)
59.94.205.2	24	RR	None	2021-05-11 00:00:00	2021-08-09 00:00:00	None	FTP Login Failed - Failed Logons (IP=2,IN)
59.95.160.0	20	NAB	None	2021-04-05 00:00:00	2021-07-04 00:00:00	None	HIVE Case #5201 TO-S-21-1209 (IP=0,IN)
59.95.173.251	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=251,IN)
59.96.128.0	20	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	IN TO-S-2020-0331 Malware Activity
59.96.142.217	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	IN TO-S-2020-0331 Malicious Reconnaissance Activity
59.96.38.108	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=108,IN)
59.96.38.167	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=167,IN)
59.96.39.116	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=116,IN)
59.96.39.90	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=90,IN)
59.97.168.182	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=182,IN)
59.97.168.232	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=232,IN)
59.97.168.71	32	wmp	None	2021-05-13 00:00:00	2021-08-13 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=71,IN)
59.97.172.137	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=137,IN)
59.97.172.90	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=90,IN)
59.97.173.117	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=117,IN)
59.97.173.157	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=157,IN)
59.97.175.168	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=168,IN)
59.97.238.92	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=92,IN)
59.97.240.0	20	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	IN Hive Case 4237 TO-S-2021-0910 Malware Activity
59.97.252.140	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	IN TO-S-2020-0303 Malicious Email Activity
59.98.224.0	20	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,IN)
59.98.253.67	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	IN TO-S-2020-0303 Malicious Email Activity
59.99.128.0	20	NAB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HIVE Case #5136 TO-S-21-1197 TO-S-21-1197.01 (IP=0,IN)
59.99.137.154	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	HIVE Case #Firepower Firepower (IP=154,IN)
59.99.190.8	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=8,IN)
59.99.219.235	32	FT	None	2020-12-17 00:00:00	2021-03-17 00:00:00	None	SQL union select - possible sql injection attempt - POST parameter - 6hr Web Attacks (IP=235,IN)
59.99.41.153	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=153,IN)
59.99.41.55	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	HIVE Case #Firepower Firepower (IP=55,IN)
59.99.43.0	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=0,IN)
59.99.43.70	32	wmp	None	2021-05-04 00:00:00	2021-08-04 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=70,IN)
59.99.44.208	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=208,IN)
59.99.44.89	32	srm	None	2021-04-20 00:00:00	2021-07-19 00:00:00	None	Firepower Suspicious Scan Activity (IP=89,IN)
59.99.46.143	32	srm	None	2021-05-19 00:00:00	2021-08-17 00:00:00	None	Firepower Suspicious Scan Activity (IP=143,IN)
59.99.46.216	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=216,IN)
59.99.47.80	24	GM	None	2021-01-26 00:00:00	2021-04-26 00:00:00	None	Generic URI Injection wget Attempt - FireEye CMS (IP=80,IN)
59.99.86.83	32	srm	None	2021-05-14 00:00:00	2021-08-12 00:00:00	None	Firepower Suspicious Scan Activity (IP=83,IN)
59.99.87.24	32	srm	None	2021-05-11 00:00:00	2021-08-09 00:00:00	None	Firepower Suspicious Scan Activity (IP=24,IN)
59.99.94.148	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	HIVE Case #Firepower Firepower (IP=148,IN)
60.125.114.64	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	JP TO-S-2021-0876 Hive Case 4166 Malware Activity
60.16.8.172	24	BMP	None	2020-12-14 00:00:00	2021-03-14 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr Web Attacks (IP=172,CN)
60.162.122.36	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=36,CN)
60.164.243.198	24	BMP	None	2020-12-15 00:00:00	2021-03-15 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - 6hr Web Attacks (IP=198,CN)
60.167.239.136	24	RR	None	2021-03-08 00:00:00	2021-06-06 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=136,CN)
60.171.154.30	24	KD	None	2021-06-02 00:00:00	2021-08-31 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt- Web Attacks (IP=30,CN)
60.172.42.234	24	EE	None	2021-03-28 00:00:00	2021-06-26 00:00:00	None	SERVER-WEBAPP JBoss JMX console access attempt - Web Attacks(IP=234,CN)
60.173.199.180	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=180,CN)
60.174.244.53	24	RW	None	2021-03-06 00:00:00	2021-06-06 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=53,CN)
60.175.124.27	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=27,CN)
60.175.90.102	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firep0wer Suspicious Scan Activity (IP=102,CN)
60.2.245.26	24	RW	None	2021-04-02 00:00:00	2021-07-02 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Sourcefire (IP=26,CN)
60.20.217.142	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=142,CN)
60.205.186.13	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	HIVE Case #Firepower Firepower (IP=13,CN)
60.220.20.199	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=199,CN)
60.220.94.216	32	wmp	None	2021-04-27 00:00:00	2021-07-27 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=216,CN)
60.222.87.246	24	DT	None	2021-09-12 00:00:00	2021-12-11 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt (1:19559:13) - Source Fire (IP=246,CN)
60.223.84.102	32	srm	None	2021-04-07 00:00:00	2021-07-07 00:00:00	None	Firepower Suspicious Scan Activity (IP=102,CN)
60.224.142.10	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	AU TO-S-2020-0303 Malicious Email Activity
60.243.140.94	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	IN TO-S-2020-0535 Malware Activity
60.243.169.218	24	FT	None	2020-10-05 00:00:00	2021-01-05 00:00:00	None	SERVER-WEBAPP Ruby on Rails render file directory traversal attempt - SourceFire (IP=218,IN)
60.243.246.94	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	IN TO-S-2020-0303 Malicious Web Application Activity
60.246.0.0	19	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	MO Hive Case 4237 TO-S-2021-0910 Malicious Reconnaissance Activity
60.246.65.138	24	BMP	None	2020-12-21 00:00:00	2021-08-17 00:00:00	None	SERVER-WEBAPP vBulletin pre-authenticated command injection attempt - Sourcefire (IP=138,MO) | updated by WR Block was inactive. Reactivated on 20210519 with reason HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=138,MO)
60.248.167.26	32	FT	None	2020-12-08 00:00:00	2021-03-08 00:00:00	None	SERVER-WEBAPP vBulletin template rendering arbitrary PHP code execution attempt - Web Attacks (IP=26,TW)
60.249.123.105	24	GM	None	2021-02-14 00:00:00	2021-12-01 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - Web Attacks (IP=105,TW) | updated by BB Block was inactive. Reactivated on 20210902 with reason HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=105,TW)
60.25.0.53	32	wmp	None	2021-04-29 00:00:00	2021-07-29 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=53,CN)
60.25.159.146	32	srm	None	2021-04-27 00:00:00	2021-07-26 00:00:00	None	Firepower Suspicious Scan Activity (IP=146,CN)
60.250.137.144	24	RR	None	2020-12-14 00:00:00	2021-12-13 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=144,TW) | updated by RB Block expiration extended with reason SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Sourcefire (IP=144,TW)
60.255.229.75	24	BMP	None	2021-06-26 00:00:00	2021-09-24 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=75,CN)
60.26.104.150	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=150,CN)
60.30.17.20	24	RB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=20,CN)
60.51.18.217	24	RW	None	2021-01-04 00:00:00	2021-04-04 00:00:00	None	Authentication Failure - 6 hr failed logons (IP=217,MY)
60.7.10.121	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=121,CN)
60.7.222.2	24	GM	None	2020-11-28 00:00:00	2021-02-28 00:00:00	None	Generic URI Injection wget Attempt - FireEye CMS (IP=2,CN)
60.71.27.87	24	KH	None	2021-08-17 00:00:00	2021-11-15 00:00:00	None	HTTP: Apache Struts2 XML Deserialization Remote Code Execution (CVE-2017-9805) - IR# 21C01567 (IP=87,JP)
60.8.87.190	24	BMP	None	2021-06-03 00:00:00	2021-09-01 00:00:00	None	SSH2 Failed Login Attempt - 6hr Failed Logons (IP=190,CN)
60.8.87.190	24	BMP	None	2021-06-03 00:00:00	2021-09-01 00:00:00	None	SSH2 Failed Login Attempt - 6hr Failed Logons (IP=190,CN)
61.0.145.187	24	RR	None	2021-05-31 00:00:00	2021-08-29 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - Failed Logons (IP=187,IN)
61.0.80.0	20	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	IN Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
61.1.128.0	20	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	IN TO-S-2020-0838 Malware Activity
61.102.209.52	32	TLM	None	2021-06-17 00:00:00	2021-12-17 00:00:00	None	HIVE Case #5644 TO-S-2021-1352 (IP=52,KR)
61.115.36.124	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	JP TO-S-2020-0493 Malware Activity
61.130.29.5	24	RW	None	2021-07-05 00:00:00	2021-10-03 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - Sourcefire (IP=5,CN)
61.137.154.174	32	srm	None	2021-04-07 00:00:00	2021-07-07 00:00:00	None	Firepower Suspicious Scan Activity (IP=174,CN)
61.140.163.217	24	RW	None	2020-11-02 00:00:00	2021-02-02 00:00:00	None	Authentication Failed - 6hr Failed Logon (IP=217,CN)
61.141.87.39	24	GM	None	2020-11-28 00:00:00	2021-02-28 00:00:00	None	Generic URI Injection wget Attempt - FireEye CMS (IP=39,CN)
61.142.254.70	24	AR	None	2021-08-22 00:00:00	2021-11-20 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire Report (IP=70,CN)
61.146.108.150	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=150,CN)
61.147.15.66	32	wmp	None	2021-06-14 00:00:00	2021-09-14 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=66,CN)
61.149.8.90	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=90,CN)
61.152.197.41	24	KH	None	2021-08-17 00:00:00	2021-11-15 00:00:00	None	Generic URI Injection wget Attempt -
61.152.197.41	24	KH	None	2021-08-17 00:00:00	2021-11-15 00:00:00	None	Generic URI Injection wget Attempt - FE IPS (IP=41,CN)
61.154.138.108	24	BMP	None	2021-06-09 00:00:00	2021-09-07 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - Sourcefire (IP=108,CN)
61.154.138.108	24	SW	None	2021-06-09 00:00:00	2021-09-07 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks(IP=108, CN)
61.154.138.108	24	SW	None	2021-06-09 00:00:00	2021-09-07 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - Source Fire (IP=108,CN)
61.154.138.108	24	SW	None	2021-06-09 00:00:00	2021-09-07 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - Source Fire (IP=108,CN)
61.155.0.253	24	DT	None	2020-09-12 00:00:00	2021-08-20 00:00:00	None	SERVER-WEBAPP Zeroshell Linux Router command injection attempt - Sourcefire (IP=113,CN) | updated by RB Block was inactive. Reactivated on 20210517 with reason SERVER-WEBAPP Zeroshell Linux Router command injection attempt - 6hr web attacks (IP=253,CN)
61.155.0.253	24	RR	None	2021-05-22 00:00:00	2021-08-20 00:00:00	None	SERVER-WEBAPP Zeroshell Linux Router command injection attempt - Sourcefire (IP=113,CN) | updated by RB Block was inactive. Reactivated on 20210517 with reason SERVER-WEBAPP Zeroshell Linux Router command injection attempt - 6hr web attacks (IP=253,CN)
61.155.0.253	24	RB	None	2021-05-17 00:00:00	2021-08-20 00:00:00	None	SERVER-WEBAPP Zeroshell Linux Router command injection attempt - Sourcefire (IP=113,CN) | updated by RB Block was inactive. Reactivated on 20210517 with reason SERVER-WEBAPP Zeroshell Linux Router command injection attempt - 6hr web attacks (IP=253,CN)
61.155.142.123	24	RR	None	2021-05-22 00:00:00	2021-08-20 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=123,CN)
61.155.142.123	24	RR	None	2021-05-22 00:00:00	2021-08-20 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=123,CN) HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=123,CN)
61.155.142.126	24	BMP	None	2021-05-05 00:00:00	2021-08-03 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=126,CN)101.0.49.236/32
61.157.158.246	24	BMP	None	2020-10-12 00:00:00	2021-01-12 00:00:00	None	SERVER-WEBAPP vBulletin pre-authenticated command injection attempt - 6hr Web Attacks (IP=246,CN)
61.157.198.130	24	RR	None	2021-03-30 00:00:00	2021-06-28 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt -SourceFire (IP=130,CN)
61.16.140.0	24	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	IN Hive Case 4187 TO-S-2021-0898 Malware Activity
61.161.206.82	24	GM	None	2021-02-21 00:00:00	2021-05-22 00:00:00	None	SERVER-WEBAPP vBulletin pre-authenticated command injection attempt - Sourcefire (IP=82,CN)
61.161.86.194	24	RR	None	2020-10-15 00:00:00	2021-01-13 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=194,CN)
61.163.137.143	32	srm	None	2021-04-23 00:00:00	2021-07-22 00:00:00	None	Firepower Suspicious Scan Activity (IP=143,CN)
61.164.160.131	24	RB	None	2021-04-13 00:00:00	2021-07-12 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Sourcefire (IP=131,CN)
61.164.160.131	24	EE	None	2021-04-13 00:00:00	2021-07-12 00:00:00	None	HTTP: PHP Remote Code Execution Vulnerability (CVE-2018-20062) - Web Attack (IP=131,CN)
61.164.41.153	24	EE	None	2021-04-13 00:00:00	2021-07-12 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) Sourcefire (IP=153,CN)
61.167.36.19	24	RR	None	2020-11-16 00:00:00	2021-02-14 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=19,CN)
61.179.171.60	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=60,CN)
61.18.112.48	32	srm	None	2021-01-29 00:00:00	2021-04-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=48,HK)
61.180.230.174	24	BMP	None	2021-02-17 00:00:00	2021-05-16 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=174,CN)
61.182.111.170	24	UA	None	2021-08-13 00:00:00	2021-11-11 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6hr Failed Logons - (IP=170,CN)
61.185.30.186	24	BMP	None	2020-10-12 00:00:00	2021-01-12 00:00:00	None	SERVER-WEBAPP vBulletin template rendering arbitrary PHP code execution attempt - 6hr Web Attacks (IP=186,CN)
61.188.211.153	24	SW	None	2021-06-09 00:00:00	2021-09-07 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks(IP=153, CN)
61.19.240.0	20	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	TH TO-S-2021-0876 Hive Case 4166 Malware Activity
61.19.96.0	19	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	TH Hive Case 4237 TO-S-2021-0910 Malware Activity
61.2.21.244	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	IN TO-S-2020-0535 Malware Activity
61.216.147.167	24	JKC	None	2020-04-13 00:00:00	2021-04-13 00:00:00	None	CTR-20-0628 MALWARE CAMPAIGN HIVE CASE #2510 (ip=167, TW)
61.216.154.128	24	UA	None	2021-06-22 00:00:00	2021-09-22 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (1:42857:3) (IP=128,TW)
61.216.84.66	24	JKC	None	2020-04-13 00:00:00	2021-04-13 00:00:00	None	CTR-20-0628 MALWARE CAMPAIGN HIVE CASE #2510 (IP=66, TW)
61.219.11.153	32	wmp	None	2021-03-11 00:00:00	2021-06-11 00:00:00	None	ArcSight High Attacker (IP=153,TW)
61.219.193.240	24	RR	None	2020-10-12 00:00:00	2021-01-10 00:00:00	None	INDICATOR-SCAN PHP backdoor scan attempt - SourceFire (IP=240,TW)
61.220.144.123	24	JKC	None	2020-04-13 00:00:00	2021-04-13 00:00:00	None	CTR-20-0628 MALWARE CAMPAIGN HIVE CASE #2510 (IP=123, TW)
61.220.197.211	24	UA	None	2021-08-04 00:00:00	2021-11-02 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6hr Failed Logons (IP=211,TW)
61.223.188.242	32	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5629 TO-S-2021-1303 (IP=242,TW)
61.223.7.52	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=52,TW)
61.227.181.84	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=84,TW)
61.227.91.150	24	WR	None	2021-05-27 00:00:00	2021-08-25 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (1:42857:3) - SourceFire (IP=150,TW)
61.230.128.34	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=34,TW)
61.230.171.187	32	TLM	None	2021-06-10 00:00:00	2021-12-10 00:00:00	None	HIVE CASE #5606 TO-S-2021-1338
61.239.40.179	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	HK TO-S-2020-0298 Malicious Email Activity
61.242.40.190	32	wmp	None	2021-05-14 00:00:00	2021-08-14 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=190,CN)
61.242.40.247	32	srm	None	2021-05-19 00:00:00	2021-08-17 00:00:00	None	Firepower Suspicious Scan Activity (IP=247,CN)
61.242.40.45	32	srm	None	2021-05-14 00:00:00	2021-08-12 00:00:00	None	Firepower Suspicious Scan Activity (IP=45,CN)
61.242.40.84	32	srm	None	2021-05-17 00:00:00	2021-08-15 00:00:00	None	Firepower Suspicious Scan Activity (IP=84,CN)
61.242.54.122	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=122,CN)
61.242.54.59	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=59,CN)
61.242.54.77	24	FT	None	2021-03-19 00:00:00	2021-06-19 00:00:00	None	No Authentication Required - 6hr Failed Logons (IP=77,CN)
61.242.58.79	24	GM	None	2021-03-03 00:00:00	2021-06-03 00:00:00	None	Generic URI Injection wget Attempt - FireEye CMS (IP=79,CN)
61.243.4.168	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=168,CN)
61.245.160.0	20	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	LK TO-S-2020-0838 Malware Activity
61.246.59.150	32	dbc	None	2020-01-08 00:00:00	2021-01-08 00:00:00	None	IN TO-S-2020-0236 Malicious Reconnaissance Activity
61.247.176.0	20	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	BD TO-S-2020-0331 Malicious Web Application Activity
61.247.224.0	19	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	IN Hive Case 4187 TO-S-2021-0898 Malware Activity
61.3.124.100	24	GM	None	2021-01-30 00:00:00	2021-04-30 00:00:00	None	Generic URI Injection wget Attempt - FireEye CMS (IP=100,IN)
61.3.144.172	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	HIVE Case #Firepower Firepower (IP=172,IN)
61.3.150.2	24	KH	None	2021-08-27 00:00:00	2021-11-25 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt (1:46624:2) - Sourcefire (IP=2,IN)
61.3.155.9	32	wmp	None	2021-05-14 00:00:00	2021-08-14 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=9,IN)
61.3.158.253	32	srm	None	2021-05-17 00:00:00	2021-08-15 00:00:00	None	Firepower Suspicious Scan Activity (IP=253,IN)
61.3.208.0	20	TLM	None	2021-07-29 00:00:00	2021-10-27 00:00:00	None	HIVE Case #5884 TO-S-2021-1435 (IP=0,IN)
61.3.57.34	32	jkc	None	2021-04-21 00:00:00	2021-10-21 00:00:00	None	Case # 5273 IOC_TO-S-2021-1233 Malicious callback IP
61.34.80.206	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	KR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
61.37.150.6	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=6,KR)
61.38.252.146	32	dbc	None	2020-06-10 00:00:00	2021-06-10 00:00:00	None	KR TO-S-2020-0601 Malicious Web Application Activity
61.4.112.104	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	HK Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
61.43.129.122	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=122,KR)
61.5.28.59	24	SW	None	2021-05-26 00:00:00	2021-08-24 00:00:00	None	INDICATOR-SCAN SSH brute force login
61.5.52.0	22	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	ID Hive Case 4237 TO-S-2021-0910 Malware Activity
61.52.11.87	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=87,CN)
61.52.246.101	32	wmp	None	2021-04-30 00:00:00	2021-07-30 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=101,CN)
61.52.49.251	32	wmp	None	2021-04-23 00:00:00	2021-07-23 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=251,CN)
61.52.58.227	32	wmp	None	2021-04-23 00:00:00	2021-07-23 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=227,CN)
61.52.59.218	24	GM	None	2020-11-20 00:00:00	2021-02-20 00:00:00	None	Generic URI Injection wget Attempt - FireEye CMS (IP=218,CN)
61.52.61.122	24	EE	None	2020-12-07 00:00:00	2021-03-07 00:00:00	None	POLICY-OTHER SAP NetWeaver AS LM - SourceFire (IP=122,CN)
61.52.9.166	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=166,CN)
61.53.117.8	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=8,CN)
61.53.157.77	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=77,CN)
61.53.170.66	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=66,CN)
61.53.35.68	32	wmp	None	2021-04-22 00:00:00	2021-07-22 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=68,CN)
61.53.38.169	24	KH	None	2021-08-27 00:00:00	2021-11-25 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt (1:46624:2) - Sourcefire (IP=169,CN)
61.53.50.65	24	JKC	None	2021-08-30 00:00:00	2021-11-28 00:00:00	None	HIVE Case #NA AC HUNTER Malicious websites (IP=65,CN)
61.53.75.196	32	srm	None	2021-05-17 00:00:00	2021-08-15 00:00:00	None	Firepower Suspicious Scan Activity (IP=196,CN)
61.53.75.220	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=220,CN)
61.53.97.170	24	GM	None	2020-11-29 00:00:00	2021-03-01 00:00:00	None	Generic URI Injection wget Attempt - FireEye CMS (IP=170,CN)
61.54.252.175	24	FT	None	2020-10-25 00:00:00	2021-01-25 00:00:00	None	SERVER-WEBAPP Linksys E-series HNAP TheMoon remote code execution attempt - SourceFire (IP=175,CN)
61.54.56.54	24	GM	None	2020-11-22 00:00:00	2021-02-22 00:00:00	None	Generic URI Injection wget Attempt - FireEye (IP=54,CN)
61.57.231.230	24	DT	None	2021-06-21 00:00:00	2021-09-19 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=230,TW)
61.58.100.220	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	TW Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
61.58.170.60	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=60,TW)
61.6.204.0	22	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	BN TO-S-2020-0331 Malicious Web Application Activity
61.6.254.4	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=4,BN)
61.63.0.0	19	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	TW Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
61.65.172.121	32	srm	None	2021-01-29 00:00:00	2021-04-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=121,TW)
61.7.128.0	24	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	TH Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
61.7.168.241	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	TH TO-S-2020-0298 Malicious Email Activity
61.7.186.211	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	TH TO-S-2020-0303 Malicious Email Activity
61.7.191.0	24	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	TH TO-S-2020-0331 Malicious Web Application Activity
61.74.186.164	24	RR	None	2021-03-30 00:00:00	2021-06-28 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=164,KR)
61.76.218.161	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	KR TO-S-2020-0331 Malicious Web Application Activity
61.76.87.181	24	GM	None	2020-10-02 00:00:00	2021-01-02 00:00:00	None	FTP Login Failed - Failed Logons (IP=181,KR)
61.81.69.16	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	KR TO-S-2020-0303 Malicious Email Activity
61.84.162.86	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	KR TO-S-2020-0298 Malicious Email Activity
61.90.204.67	32	dbc	None	2020-06-10 00:00:00	2021-06-10 00:00:00	None	TH TO-S-2020-0601 Malicious Web Application Activity
61.91.32.0	19	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,TH)
61.91.53.122	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	TH TO-S-2020-0298 Malicious Email Activity
61.92.159.208	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	HK TO-S-2021-0876 Hive Case 4166 Malware Activity
61.92.79.48	32	KF	None	2019-08-28 00:00:00	2021-11-03 00:00:00	None	Immediate Inbound Network Block - TT# 19C03021 (IP=48,US) | updated by dbc Block was inactive. Reactivated on 20201103 with reason HK Hive Case 4237 TO-S-2021-0910 Malicious Reconnaissance Activity
62.1.201.120	24	RW	None	2020-10-28 00:00:00	2021-01-28 00:00:00	None	SERVER-WEBAPP Citrix ADC and Gateway information disclosure attempt - 6hr web attacks (IP=120,HK)
62.100.224.51	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	HIVE Case #Firepower Firepower (IP=51,HU)
62.108.32.104	32	dbc	None	2020-09-23 00:00:00	2021-09-23 00:00:00	None	DE TO-S-2020-0826 Hive Case 3950 Malicious Email Activity
62.108.35.26	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	DE TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
62.108.37.148	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	DE TO-S-2021-0949 Hive Case 4363 Malicious Email Activity
62.109.18.130	24	DT	None	2021-03-08 00:00:00	2021-06-08 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=130,RU)
62.109.19.125	24	RR	None	2021-03-22 00:00:00	2021-08-31 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=125,RU) | updated by KD Block expiration extended with reason HTTP: ThinkPHP CMS Getshell Vulnerability- Web Attacks (IP=125,RU) HTTP: ThinkPHP CMS Getshell Vulnerabili
62.109.19.125	24	KD	None	2021-06-02 00:00:00	2021-08-31 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=125,RU) | updated by KD Block expiration extended with reason HTTP: ThinkPHP CMS Getshell Vulnerability- Web Attacks (IP=125,RU) HTTP: ThinkPHP CMS Getshell Vulnerabili
62.109.27.89	24	RB	None	2021-04-01 00:00:00	2021-06-30 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability - 6hr web attacks (IP=89,RU)
62.11.89.25	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	IT TO-S-2020-0298 Malicious Email Activity
62.117.152.250	24	GM	None	2021-01-11 00:00:00	2021-04-11 00:00:00	None	SQL use of concat function with select - likely SQL injection - Sourcefire (IP=250,ES)
62.117.153.143	24	RB	None	2021-01-09 00:00:00	2021-04-09 00:00:00	None	Hive Case #4714 (IP=143,ES)
62.119.151.62	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	SE TO-S-2020-0459 Malware Activity
62.12.108.94	24	FT	None	2021-03-27 00:00:00	2021-06-25 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=94,CN)
62.12.164.26	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	CH TO-S-2021-0941 Hive Case 4361 Malware Activity
62.121.96.0	19	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	OM Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
62.122.137.0	24	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,TJ)
62.122.96.0	21	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	RU TO-S-2020-0298 Malicious Email Activity
62.128.59.61	32	dbc	None	2020-05-13 00:00:00	2021-05-13 00:00:00	None	Unaffiliated TO-S-2020-0503 Malicious Email Activity
62.138.143.127	32	wmp	None	2020-10-26 00:00:00	2021-11-03 00:00:00	None	HIVE Case #4196 COLS-NA-TIP-20-0323 (IP=127,ES) | updated by dbc Block expiration extended with reason FR Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
62.14.232.3	24	RW	None	2021-02-18 00:00:00	2021-05-18 00:00:00	None	SSH2 Failed Login Attempt - 6 hr failed logons (IP=3,ES)
62.14.235.247	32	wmp	None	2020-09-16 00:00:00	2021-10-29 00:00:00	None	HIVE Case #3909 COLS-NA-TIP-20-0296 (IP=247,ES) | updated by dbc Block expiration extended with reason ES Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
62.140.224.0	19	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	RU Hive Case 4237 TO-S-2021-0910 Malware Activity
62.141.35.225	32	DT	None	2021-09-11 00:00:00	2021-12-10 00:00:00	None	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - TT# Paper TT 004
62.141.36.198	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	DE TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
62.149.144.66	32	dbc	None	2020-05-13 00:00:00	2021-05-13 00:00:00	None	Unaffiliated TO-S-2020-0503 Malicious Email Activity
62.150.139.47	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	KW TO-S-2020-0298 Malicious Email Activity
62.151.176.26	24	GM	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	SERVER-OTHER Adobe ColdFusion unauthenticated file upload attempt - Web Attacks (IP=86,ES)
62.151.182.85	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
62.151.183.35	32	BMP	None	2021-09-03 00:00:00	2021-12-02 00:00:00	None	SERVER-WEBAPP Atlassian Confluence OGNL injection remote code execution attempt - Web Attacks (IP=212,US)
62.162.145.216	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	MK TO-S-2020-0331 Malicious Web Application Activity
62.163.215.76	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	NL TO-S-2020-0459 Malware Activity
62.165.249.246	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	HU TO-S-2020-0331 Malicious Web Application Activity
62.171.130.34	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	DE TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
62.171.131.121	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	DE Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
62.171.133.153	24	RR	None	2021-06-19 00:00:00	2021-09-18 00:00:00	None	SQL 1 = 0 - possible sql injection attempt - SourceFire (IP=153,DE) | updated by RR Block expiration extended with reason SQL 1 = 1 - possible sql injection attempt - SourceFire (IP=153,DE)
62.171.136.40	32	wmp	None	2020-07-17 00:00:00	2021-09-17 00:00:00	None	HIVE Case #3353 TO-S-2020-0682 COLS-NA-TIP-20-0223 (IP=40,GB) | updated by dbc Block expiration extended with reason DE TO-S-2020-0805 Malicious Email Activity
62.171.137.194	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	DE Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
62.171.138.225	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	DE Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
62.171.142.161	32	dbc	None	2020-06-08 00:00:00	2021-06-10 00:00:00	None	DE TO-S-2020-0592 Malware Activity | updated by dbc Block expiration extended with reason Unaffiliated TO-S-2020-0601 Malicious Email Activity
62.171.158.219	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	DE TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
62.171.158.219	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	DE TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
62.171.158.219	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	DE TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
62.171.177.17	24	RW	None	2021-01-16 00:00:00	2021-04-16 00:00:00	None	Nuclei Vulnerability Scanner - Fireeye IPS (IP=17,DE)
62.171.179.144	32	wmp	None	2021-06-17 00:00:00	2021-09-17 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=144,DE)
62.171.179.144	24	RT	None	2021-06-17 00:00:00	2021-09-15 00:00:00	None	Phish.URL - Hive Case 5641 (IP=144,DE)
62.171.179.56	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=56,DE)
62.173.152.146	32	NAB	None	2020-10-28 00:00:00	2021-01-26 00:00:00	None	HIVE Case #4192 COLS-NA-TIP-20-0322 (IP=146,RU)
62.182.82.201	24	CR	None	2021-05-13 00:00:00	2021-08-11 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt - Sourcefire dashboard (IP=201,UA)
62.182.99.115	32	nab	None	2021-01-06 00:00:00	2021-04-06 00:00:00	None	HIVE Case #4689 Hack the Army (IP=115,US)
62.182.99.145	24	RR	None	2021-01-07 00:00:00	2021-04-07 00:00:00	None	File /etc/passwd Access Attempt Detect - IPS Events (IP=145,NL)
62.194.161.222	24	FT	None	2020-10-09 00:00:00	2021-01-09 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass - Web Attacks (IP=222,NL) Vulnerability
62.197.222.199	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	SK TO-S-2020-0303 Malicious Email Activity
62.20.1.160	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	SE TO-S-2020-0459 Malware Activity
62.201.172.58	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=58,DE)
62.201.217.0	24	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	IQ TO-S-2020-0331 Malicious Web Application Activity
62.201.252.0	22	dbc	None	2020-09-17 00:00:00	2021-09-17 00:00:00	None	IQ TO-S-2020-0805 Malicious Web Application Activity
62.210.111.127	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	Case # 3146 - IOC_ CTO 20-172 malicious callback IP (ip=127,FR)
62.210.111.127	32	jkc	None	2020-06-26 00:00:00	2021-06-26 00:00:00	None	Case # 3146 - IOC_ CTO 20-172 malicious callback IP (ip=127,FR)
62.210.116.104	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	FR TO-S-2020-0459 Malware Activity
62.210.119.213	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	FR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
62.210.142.107	32	NAB	None	2020-10-30 00:00:00	2021-01-28 00:00:00	None	HIVE Case #4238 COLS-NA-TIP-20-0344 (IP=107,FR)
62.210.16.61	32	djs	None	2015-08-10 05:00:00	2021-06-10 00:00:00	None	Malware.DTI.Callback maid=6859 (ip=61,FR) | updated by dbc Block was inactive. Reactivated on 20200610 with reason Unaffiliated TO-S-2020-0601 Malicious Email Activity
62.210.172.66	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	FR TO-S-2021-0876 Hive Case 4166 Malicious Web Application Activity
62.210.177.42	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	FR TO-S-2021-0876 Hive Case 4166 Malicious Web Application Activity
62.210.178.67	24	BMP	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=67,FR)
62.210.180.8	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	FR TO-S-2021-1007 Malware Activity
62.210.192.226	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	FR Hive Case 4237 TO-S-2021-0910 Malicious Reconnaissance Activity
62.210.244.146	32	jkc	None	2021-04-21 00:00:00	2021-10-21 00:00:00	None	Case # 5273 IOC_TO-S-2021-1233 Malicious callback IP
62.210.252.232	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	Unaffiliated TO-S-2020-0535 Malware Activity
62.210.26.216	32	dbc	None	2020-04-08 00:00:00	2021-04-08 00:00:00	None	US TO-S-2020-0419 Malicious Email Activity
62.210.32.36	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	FR TO-S-2020-0331 Malware Activity
62.210.32.9	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	FR TO-S-2020-0331 Malware Activity
62.210.53.55	32	dbc	None	2020-01-08 00:00:00	2021-01-08 00:00:00	None	FR TO-S-2020-0236 Malicious Email Activity
62.210.79.219	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	FR TO-S-2021-0876 Hive Case 4166 Malicious Web Application Activity
62.210.8.216	32	BMP	None	2020-12-15 00:00:00	2021-03-15 00:00:00	None	SIP Express Router Contact Header Buffer Overflow - TT# 21C00289 (IP=216,FR)
62.210.84.60	32	dbc	None	2020-03-24 00:00:00	2021-03-24 00:00:00	None	FR TO-S-2020-0369 Malicious Email Activity
62.212.34.68	24	BB	None	2021-07-25 00:00:00	2021-10-23 00:00:00	None	ABC SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - ABC Report (IP=68,GE)
62.212.86.154	32	dbc	None	2020-03-24 00:00:00	2021-03-24 00:00:00	None	NL TO-S-2020-0369 Malicious Email Activity
62.212.87.133	24	DT	None	2021-03-25 00:00:00	2021-06-23 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=133,NL)
62.212.90.167	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=167,NL)
62.213.67.0	24	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	RU TO-S-2020-0750 Malicious Email Activity
62.215.103.121	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	KW Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
62.221.144.141	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	BG Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
62.221.207.207	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	NL Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
62.23.195.235	24	RW	None	2021-08-24 00:00:00	2021-11-22 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=235,AT)
62.231.95.188	32	wmp	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=188,RO)
62.233.120.26	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	GB TO-S-2020-0459 Malware Activity
62.234.123.152	24	BB	None	2021-07-31 00:00:00	2021-10-29 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=152,CN)
62.234.32.95	32	DT	None	2020-10-16 00:00:00	2021-01-16 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 21C00136 (IP=95,CN)
62.24.108.0	23	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	KE TO-S-2020-0331 Malicious Web Application Activity
62.24.120.0	22	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	KE TO-S-2020-0331 Malicious Web Application Activity
62.240.53.66	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	LY TO-S-2020-0298 Malicious Email Activity
62.240.7.0	24	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	RS Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
62.248.2.222	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	TR TO-S-2020-0303 Malicious Email Activity
62.248.27.91	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	TR TO-S-2021-1007 Malware Activity
62.28.137.41	24	BB	None	2021-07-31 00:00:00	2021-10-29 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - Web Attacks (IP=41,PT)
62.28.16.136	24	RR	None	2020-12-29 00:00:00	2021-03-29 00:00:00	None	FTP Login Failed - Failed Logons (IP=136,PT)
62.31.181.69	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	GB TO-S-2020-0698 Malware Activity
62.32.94.0	24	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=0,RU)
62.33.138.6	24	RB	None	2021-04-01 00:00:00	2021-06-30 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=6,RU)
62.38.158.49	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	GR TO-S-2020-0331 Malicious Web Application Activity
62.4.12.43	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	FR Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
62.4.16.86	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	FR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
62.4.160.22	32	TLM	None	2021-06-14 00:00:00	2021-12-14 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=22,BE)
62.4.18.229	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	FR TO-S-2020-0331 Malicious Email Activity
62.4.18.255	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	US TO-S-2020-0331 Malicious Email Activity
62.4.25.2	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	FR TO-S-2020-0459 Malware Activity
62.4.32.0	19	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	ME TO-S-2021-0876 Hive Case 4166 Malicious Web Application Activity
62.45.109.181	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	NL TO-S-2020-0698 Malware Activity
62.48.200.195	24	GM	None	2021-02-24 00:00:00	2021-06-24 00:00:00	None	HTTP: Apache mod_cgi Bash Environment Variable Code Injection - Web Attacks (IP=195,PT)
62.69.133.114	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	IT TO-S-2020-0331 Malicious Web Application Activity
62.73.4.47	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=47,FR)
62.75.141.82	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	FR TO-S-2021-0876 Hive Case 4166 Malware Activity
62.75.143.135	24	KD	None	2021-09-01 00:00:00	2021-12-01 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841)- TT# 21C01708 (IP=135,FR)
62.75.143.15	32	TLM	None	2021-06-25 00:00:00	2021-12-25 00:00:00	None	HIVE Case #5704 TO-S-2021-1357 (IP=15,FR)
62.75.159.60	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	FR TO-S-2020-0459 Malware Activity
62.77.33.18	32	kmw	None	2020-01-02 00:00:00	2021-01-02 00:00:00	None	IT TO-S-2020-0228 Malicious Email Activity
62.80.103.208	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	DE TO-S-2020-0750 Malicious Email Activity
62.81.255.4	24	UA	None	2021-08-15 00:00:00	2021-11-13 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - 6hr web attacks (IP=4,ES)
62.86.203.177	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	IT TO-S-2020-0493 Malware Activity
62.86.25.151	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	IT TO-S-2020-0493 Malware Activity
62.86.6.98	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	IT TO-S-2020-0493 Malware Activity
62.90.118.210	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=210,IL)
62.92.224.34	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	NO TO-S-2021-1007 Malicious Email Activity
63.123.140.116	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=116,US)
63.135.90.71	32	dbc	None	2020-05-22 00:00:00	2021-05-27 00:00:00	None	Unafilliated TO-S-2020-0559 Malicious Email Activity | updated by dbc Block expiration extended with reason Unafilliated TO-S-2020-0559.01 Malicious Email Activity
63.140.91.151	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=151,US)
63.141.233.130	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
63.141.243.98	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
63.141.244.210	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
63.141.254.194	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	US TO-S-2020-0698 Malicious Email Activity
63.141.48.127	32	ebt	None	2021-01-06 00:00:00	2021-04-06 00:00:00	None	HIVE Case #4689 Hack the Army (IP=127,US)
63.142.252.21	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	US TO-S-2020-0535 Malware Activity
63.149.129.34	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=34,US)
63.215.202.137	32	NAB	None	2021-03-23 00:00:00	2021-06-21 00:00:00	None	HIVE Case #NA FP Security (IP=137,NL)
63.225.255.250	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=250,US)
63.225.31.114	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=114,US)
63.237.69.254	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=254,US)
63.237.69.254	32	GLM	None	2021-04-04 00:00:00	2021-07-03 00:00:00	None	Web (HTTP) Attacks (IP=254,US)
63.237.69.254	32	GLM	None	2021-04-04 00:00:00	2021-07-03 00:00:00	None	Web (HTTP) Attacks (IP=254,US)
63.237.69.254	32	GLM	None	2021-04-05 00:00:00	2021-07-04 00:00:00	None	Web (HTTP) Attacks (IP=254,US)
63.240.155.81	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	US TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
63.247.183.10	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=10,US)
63.250.36.8	32	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	US TO-S-2020-0315 Malicious Email Activity
63.250.37.39	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
63.250.38.201	32	dbc	None	2020-05-13 00:00:00	2021-05-13 00:00:00	None	Unaffiliated TO-S-2020-0503 Malicious Email Activity
63.250.38.217	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	US TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
63.250.38.5	32	dbc	None	2020-05-13 00:00:00	2021-05-13 00:00:00	None	Unaffiliated TO-S-2020-0503 Malicious Email Activity
63.250.38.65	32	dbc	None	2020-06-10 00:00:00	2021-06-10 00:00:00	None	Unaffiliated TO-S-2020-0601 Malicious Email Activity
63.250.40.88	32	TLM	None	2021-06-17 00:00:00	2021-12-17 00:00:00	None	HIVE Case #5644 TO-S-2021-1352 (IP=88,US)
63.250.41.69	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	US TO-S-2020-0750 Malicious Email Activity
63.250.43.14	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=14,US)
63.250.43.3	32	TLM	None	2021-07-29 00:00:00	2021-10-27 00:00:00	None	HIVE Case #5884 TO-S-2021-1435 (IP=3,US)
63.250.45.214	32	NAB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HIVE Case #5136 TO-S-21-1197 TO-S-21-1197.01 (IP=214,US)
63.250.45.43	32	dbc	None	2020-09-17 00:00:00	2021-09-17 00:00:00	None	US TO-S-2020-0805 Malicious Email Activity
63.251.108.107	32	GLM	None	2018-10-01 05:00:00	2021-09-19 00:00:00	None	APP-DETECT SSH server detected on non-standard port (IP=107,US) | updated by RR with reason APP-DETECT SSH server detected on non-standard port - SourceFire (IP=107,US) | updated by DT Block was inactive. Reactivated on 20210621 with reason APP-DETE
63.42.29.109	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=109,US)
63.97.158.115	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	US TO-S-2020-0298 Malicious Email Activity
64.111.100.68	32	dbc	None	2020-06-10 00:00:00	2021-06-10 00:00:00	None	Unaffiliated TO-S-2020-0601 Malicious Email Activity
64.111.120.185	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
64.111.199.222	32	dbc	None	2015-02-02 06:00:00	2021-04-25 00:00:00	None	Exploit.Kit.Malvertisement (ip=222, US) | updated by NAB Block was inactive. Reactivated on 20210125 with reason HIVE Case #NA FP Security (IP=222,US)
64.111.26.213	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=213,US)
64.111.98.92	32	EE	None	2021-03-15 00:00:00	2021-06-13 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=92, US)
64.118.87.10	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
64.119.27.227	24	CR	None	2020-12-29 00:00:00	2021-03-29 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt- Sourcefire (IP=227,MN)
64.12.68.11	32	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	US TO-S-2020-0838 Malicious Email Activity
64.13.232.125	32	NAB	None	2021-07-19 00:00:00	2021-10-17 00:00:00	None	HIVE Case #NA FP Security (IP=125,US)
64.131.83.90	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	US TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
64.146.249.130	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=130,US)
64.147.114.15	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
64.15.129.118	24	RR	None	2021-08-31 00:00:00	2021-11-29 00:00:00	None	SERVER-OTHER OpenSSL TLSv1.1 heartbeat read overrun attempt - SourceFire (IP=118,CA)
64.15.147.113	24	BMP	None	2021-01-27 00:00:00	2021-04-27 00:00:00	None	Phish.LIVE.DTI.URL - CMS Report (IP=113,CA)
64.150.186.142	32	dbc	None	2020-09-23 00:00:00	2021-09-23 00:00:00	None	US TO-S-2020-0826 Hive Case 3950 Malicious Email Activity
64.150.231.6	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	BS TO-S-2020-0298 Malicious Email Activity
64.151.229.5	32	dbc	None	2020-06-10 00:00:00	2021-06-10 00:00:00	None	Unaffiliated TO-S-2020-0601 Malicious Email Activity
64.17.27.47	32	RR	None	2021-07-20 00:00:00	2021-10-18 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=47,US)
64.17.27.51	32	KH	None	2021-08-30 00:00:00	2021-11-28 00:00:00	None	Arbitrary command execution attempt - ABC Report (IP=51,US)
64.18.251.242	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=242,US)
64.183.73.122	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malware Activity
64.185.124.69	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=69,US)
64.188.1.2	32	GM	None	2019-09-24 00:00:00	2021-04-23 00:00:00	None	SQL HTTP URI blind injection attempt - Web Attacks (IP=2,US) | updated by dbc Block was inactive. Reactivated on 20200423 with reason US TO-S-2020-0459 Malware Activity
64.188.17.209	32	srm	None	2020-12-14 00:00:00	2021-12-18 00:00:00	None	HIVE Case #4554 COLS-NA-TIP-20-0402 (IP=209,US) | updated by dbc Block expiration extended with reason US TO-S-2021-1007 Malicious Email Activity
64.188.19.117	32	dbc	None	2020-01-08 00:00:00	2021-01-08 00:00:00	None	US TO-S-2020-0236 Malware Activity
64.188.21.219	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	US Hive Case 4237 TO-S-2021-0910 Command and Control Exploit
64.188.25.205	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malicious Email Activity
64.188.26.36	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
64.20.33.66	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
64.20.34.139	32	dbc	None	2020-09-17 00:00:00	2021-09-17 00:00:00	None	US TO-S-2020-0805 Malicious Email Activity
64.20.51.18	32	RR	None	2019-09-14 00:00:00	2021-04-23 00:00:00	None	SQL HTTP URI blind injection attempt - SourceFire (IP=18,US) | updated by dbc Block was inactive. Reactivated on 20200423 with reason US TO-S-2020-0459 Malware Activity
64.202.185.111	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	US TO-S-2020-0493 Malware Activity
64.207.156.170	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=170,US)
64.22.104.171	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	US TO-S-2020-0493 Malware Activity
64.222.111.207	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=207,US)
64.225.0.15	32	ZH	None	2021-06-18 00:00:00	2021-09-16 00:00:00	None	SERVER-WEBAPP JBoss JMX console access attempt (1:21516:9) - Sourcefire Rpt (IP=15,US)
64.225.0.15	24	BMP	None	2021-06-18 00:00:00	2021-09-16 00:00:00	None	INDICATOR-OBFUSCATION select concat statement - possible sql injection (1:19437:6) - SourceFire (IP=15,SG)
64.225.10.143	32	ZH	None	2021-06-18 00:00:00	2021-09-16 00:00:00	None	SERVER-WEBAPP JBoss JMX console access attempt (1:21516:9) - Sourcefire Rpt (IP=143,US)
64.225.100.153	24	RB	None	2021-05-01 00:00:00	2021-07-30 00:00:00	None	SQL injection - 6hr web attacks (IP=153,DE)
64.225.101.39	24	RB	None	2021-05-03 00:00:00	2021-08-01 00:00:00	None	SQL injection - 6hr failed logons (IP=39 DE)
64.225.102.174	24	RB	None	2021-05-02 00:00:00	2021-07-31 00:00:00	None	SQL injection - 6hr web attacks (IP=174,DE)
64.225.103.241	24	RB	None	2021-05-02 00:00:00	2021-07-31 00:00:00	None	SQL injection - 6hr web attacks (IP=241,DE)
64.225.104.174	24	RB	None	2021-05-01 00:00:00	2021-07-30 00:00:00	None	SQL injection - 6hr web attacks (IP=174,DE)
64.225.105.62	24	RB	None	2021-05-02 00:00:00	2021-07-31 00:00:00	None	SQL injection - 6hr web attacks (IP=62,DE)
64.225.107.4	24	RB	None	2021-05-02 00:00:00	2021-07-31 00:00:00	None	SQL injection - 6hr web attacks (IP=4,DE)
64.225.108.211	24	RB	None	2021-05-01 00:00:00	2021-07-30 00:00:00	None	SQL injection - 6hr web attacks (IP=211,DE)
64.225.109.223	24	RB	None	2021-05-02 00:00:00	2021-07-31 00:00:00	None	SQL injection - 6hr web attacks (IP=223,DE)
64.225.111.50	24	RB	None	2021-05-03 00:00:00	2021-08-01 00:00:00	None	SQL injection - 6hr failed logons (IP=50 DE)
64.225.14.234	32	kmw	None	2020-01-02 00:00:00	2021-01-02 00:00:00	None	US TO-S-2020-0228 Malicious Email Activity
64.225.17.36	32	GM	None	2021-03-27 00:00:00	2021-06-25 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=36,US)
64.225.19.142	24	ZH	None	2021-06-18 00:00:00	2021-09-16 00:00:00	None	SQL Injection - 6hr Web Attacks (IP=142,CA)
64.225.2.212	32	ZH	None	2021-06-18 00:00:00	2021-09-16 00:00:00	None	SERVER-WEBAPP JBoss web console access attempt (1:24342:4) - Sourcefire Rpt (IP=212,US)
64.225.23.171	32	DT	None	2021-06-18 00:00:00	2021-09-16 00:00:00	None	SERVER-WEBAPP WordPress Yuzo Related Posts plugin cross site scripting attempt (1:49796:1) - Source Fire (IP=171,US)
64.225.26.234	32	RB	None	2021-03-24 00:00:00	2021-06-22 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr web attacks (IP=234 US)
64.225.26.85	24	EE	None	2021-04-02 00:00:00	2021-07-01 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=85,CA)
64.225.30.230	32	DT	None	2021-06-18 00:00:00	2021-09-17 00:00:00	None	SERVER-WEBAPP Ruby on Rails render file directory traversal attempt (1:51261:1) - Source Fire (IP=230,US) | updated by RR Block expiration extended with reason SERVER-WEBAPP Atlassian OAuth plugin multiple versions server side request forgery attempt -
64.225.4.154	24	RR	None	2021-05-02 00:00:00	2021-07-31 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=154,CA)
64.225.47.60	32	FT	None	2021-03-27 00:00:00	2021-06-25 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=60,US)
64.225.49.7	32	ZH	None	2021-07-12 00:00:00	2021-10-10 00:00:00	None	HTTP Request Brute Force Attack - 6hr Failed Logons (IP=7,US)
64.225.51.190	32	BMP	None	2021-06-15 00:00:00	2021-09-13 00:00:00	None	SQL injection - 6hr Web Attacks (IP=19,US)
64.225.51.190	24	BMP	None	2021-06-15 00:00:00	2021-09-13 00:00:00	None	SERVER-WEBAPP Atlassian OAuth plugin multiple versions server side request forgery attempt (1:46898:1) - SourceFire (IP=190,MA)
64.225.54.149	32	BMP	None	2021-03-30 00:00:00	2021-06-28 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=149,US)
64.225.55.102	32	BMP	None	2021-06-15 00:00:00	2021-09-13 00:00:00	None	SQL injection - 6hr Web Attacks (IP=102,US)
64.225.55.212	32	RB	None	2021-06-19 00:00:00	2021-09-17 00:00:00	None	SQL injection - 6hr web attacks (IP=212,US)
64.225.59.10	32	DT	None	2021-03-25 00:00:00	2021-06-23 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=10,US)
64.225.59.103	32	BMP	None	2021-06-15 00:00:00	2021-09-13 00:00:00	None	SQL injection - 6hr Web Attacks (IP=103,US)
64.225.59.95	32	BMP	None	2021-06-15 00:00:00	2021-09-13 00:00:00	None	SQL injection - 6hr Web Attacks (IP=95,US)
64.225.68.233	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	NL Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
64.225.72.103	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	NL Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
64.225.73.160	24	KD	None	2021-08-24 00:00:00	2021-11-22 00:00:00	None	SERVER-WEBAPP Atlassian OAuth plugin multiple versions server side request forgery attempt - Web Attacks (IP=160,NL)
64.225.8.41	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	US TO-S-2020-0493 Malware Activity
64.225.96.80	24	RB	None	2021-05-01 00:00:00	2021-07-30 00:00:00	None	SQL injection - 6hr web attacks (IP=80,DE)
64.225.97.224	24	RB	None	2021-05-02 00:00:00	2021-07-31 00:00:00	None	SQL injection - 6hr web attacks (IP=224,DE)
64.225.98.121	24	RB	None	2021-05-02 00:00:00	2021-07-31 00:00:00	None	SQL injection - 6hr web attacks (IP=121,DE)
64.225.99.106	24	RB	None	2021-05-02 00:00:00	2021-07-31 00:00:00	None	SQL injection - 6hr web attacks (IP=106,DE)
64.227.0.15	32	DT	None	2021-03-14 00:00:00	2021-06-14 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=15,US)
64.227.1.97	32	DT	None	2021-03-13 00:00:00	2021-06-13 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=97,US)
64.227.106.152	32	GM	None	2021-03-27 00:00:00	2021-06-25 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=152,US)
64.227.107.188	32	GM	None	2021-01-26 00:00:00	2021-04-26 00:00:00	None	SSLv2 Client Hello Request Detected - FireEye CMS (IP=188,US)
64.227.110.8	32	DT	None	2021-03-21 00:00:00	2021-06-19 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=8,US)
64.227.116.227	24	RB	None	2021-05-02 00:00:00	2021-07-31 00:00:00	None	SQL injection - 6hr web attacks (IP=227,DE)
64.227.118.154	24	RW	None	2021-05-01 00:00:00	2021-08-01 00:00:00	None	SQL injection - Web attacks (IP=154,DE)
64.227.12.10	32	GM	None	2020-11-20 00:00:00	2021-02-20 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=10,US)
64.227.120.185	24	RB	None	2021-05-02 00:00:00	2021-07-31 00:00:00	None	SQL injection - 6hr web attacks (IP=185,DE)
64.227.122.118	24	RB	None	2021-05-09 00:00:00	2021-08-07 00:00:00	None	SQL injection - 6hr web attacks (IP=118,DE)
64.227.123.111	24	RB	None	2021-05-09 00:00:00	2021-08-07 00:00:00	None	SQL injection - 6hr web attacks (IP=111,DE)
64.227.124.41	24	RR	None	2021-03-29 00:00:00	2021-06-27 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt -SourceFire (IP=41,DE)
64.227.125.97	24	DT	None	2020-10-25 00:00:00	2021-01-25 00:00:00	None	Hive Case #4195 (IP=97,DE)
64.227.126.105	24	RB	None	2021-05-08 00:00:00	2021-08-06 00:00:00	None	SQL injection - 6hr web attacks (IP=105,DE)
64.227.127.59	24	RB	None	2021-05-02 00:00:00	2021-07-31 00:00:00	None	SQL injection - 6hr web attacks (IP=59,DE)
64.227.13.71	32	BMP	None	2021-04-02 00:00:00	2021-07-01 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=71,US)
64.227.15.139	32	GM	None	2021-03-20 00:00:00	2021-06-18 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=139,US)
64.227.17.6	32	RB	None	2021-01-09 00:00:00	2021-04-11 00:00:00	None	Suspicious Scan Activity - Hive Case #4744 (IP=6,US) | updated by BMP Block expiration extended with reason Backdoor.TROCHILUS - Hive Case 4744 (IP=6,US)
64.227.18.4	32	BMP	None	2021-04-01 00:00:00	2021-06-30 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=4,US)
64.227.19.94	32	RW	None	2020-10-28 00:00:00	2021-01-28 00:00:00	None	SERVER-WEBAPP Citrix ADC and Gateway information disclosure attempt - 6hr web attacks (IP=94,US)
64.227.2.35	32	AR	None	2021-07-10 00:00:00	2021-10-08 00:00:00	None	POLICY-OTHER F5 iControl REST interface tm.util.bash invocation attempt (1:57336:1) - SourceFire (IP=35,US)
64.227.22.165	32	RW	None	2021-04-19 00:00:00	2021-07-19 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Sourcefire (IP=165,US)
64.227.23.46	32	RB	None	2021-01-09 00:00:00	2021-04-11 00:00:00	None	Suspicious Scan Activity - Hive Case #4744 (IP=46,US) | updated by BMP Block expiration extended with reason Backdoor.TROCHILUS - Hive Case 4744 (IP=46,US)
64.227.30.204	32	DT	None	2021-03-13 00:00:00	2021-06-13 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=204,US)
64.227.32.100	24	GM	None	2021-03-11 00:00:00	2021-06-11 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=100,GB)
64.227.35.132	24	RR	None	2020-10-21 00:00:00	2021-01-19 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - SourceFire (IP=132,GB)
64.227.36.4	32	BMP	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=4,US)
64.227.38.210	24	RW	None	2020-10-28 00:00:00	2021-01-28 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) - Sourcefire (IP=210,GB)
64.227.41.242	24	EE	None	2021-01-08 00:00:00	2021-04-08 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire (IP=242,GB)
64.227.43.81	24	BMP	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=81,GB)
64.227.44.54	24	DT	None	2021-03-25 00:00:00	2021-06-23 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=54,GB)
64.227.55.39	32	EE	None	2021-01-08 00:00:00	2021-04-08 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire (IP=39,US)
64.227.59.185	32	RW	None	2021-04-19 00:00:00	2021-07-19 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=185,US)
64.227.59.228	32	FT	None	2021-03-27 00:00:00	2021-06-25 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=228,US)
64.227.6.109	32	AR	None	2021-07-11 00:00:00	2021-10-09 00:00:00	None	SERVER-WEBAPP Symantec Messaging Gateway KavaChart Component directory traversal attempt (1:40451:2) - SourceFire (IP=109,US)
64.227.60.37	32	RB	None	2021-03-09 00:00:00	2021-06-07 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=37,US)
64.227.64.63	32	BMP	None	2021-03-25 00:00:00	2021-06-23 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=63,US)
64.227.64.63	24	RR	None	2021-05-28 00:00:00	2021-09-30 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - SourceFire (IP=63,NL) | updated by RR Block expiration extended with reason SERVER-WEBAPP PHPUnit PHP remote code execution attempt - SourceFire (IP=63,NL)
64.227.67.38	32	RR	None	2021-08-31 00:00:00	2021-11-30 00:00:00	None	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - TT# 21C01692 (IP=38,US)
64.227.69.208	32	RR	None	2021-08-31 00:00:00	2021-11-29 00:00:00	None	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - TT# 21C01698 (IP=208,US)
64.227.69.35	32	RR	None	2021-08-31 00:00:00	2021-11-30 00:00:00	None	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - TT# 21C01690 (IP=35,US)
64.227.71.141	32	RR	None	2021-08-31 00:00:00	2021-11-29 00:00:00	None	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - TT# 21C01698 (IP=141,US)
64.227.71.144	32	RR	None	2021-08-31 00:00:00	2021-11-29 00:00:00	None	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - TT# 21C01698 (IP=144,US)
64.227.71.157	32	RR	None	2021-08-31 00:00:00	2021-11-29 00:00:00	None	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - TT# 21C01698 (IP=157,US)
64.227.71.181	32	RR	None	2021-08-31 00:00:00	2021-11-29 00:00:00	None	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - TT# 21C01698 (IP=181,US)
64.227.73.137	32	RR	None	2021-08-31 00:00:00	2021-11-29 00:00:00	None	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - TT# 21C01698 (IP=137,US)
64.227.75.231	24	EE	None	2021-03-12 00:00:00	2021-06-10 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=231,CA)
64.227.8.147	32	SW	None	2021-07-06 00:00:00	2021-10-04 00:00:00	None	AR RCC-CONUS HTTP_GET_Psble_F5TMUI_RCE_RC130840 - TT# 21C01398 (IP=147,US)
64.227.8.57	32	BMP	None	2021-03-25 00:00:00	2021-06-23 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=57,US)
64.227.8.96	32	KH	None	2021-08-03 00:00:00	2021-11-01 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=96,US)
64.227.90.185	24	BMP	None	2021-05-11 00:00:00	2021-08-11 00:00:00	None	FTP Login Failed - 6hr Failed Logons (IP=185,CN)
64.227.90.185	32	RW	None	2020-10-28 00:00:00	2021-01-28 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=185,US)
64.227.97.224	32	wmp	None	2021-03-25 00:00:00	2021-06-25 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=224,US)
64.227.98.65	32	GM	None	2021-04-03 00:00:00	2021-08-14 00:00:00	None	SERVER-WEBAPP Java XML deserialization remote code execution attempt - Web Attacks (IP=65,US) | updated by RB Block expiration extended with reason HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=65,US)
64.229.207.101	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	CA TO-S-2020-0331 Malicious Web Application Activity
64.235.37.149	32	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	NL TO-S-2020-0838 Malicious Email Activity
64.235.59.38	32	NAB	None	2021-01-15 00:00:00	2021-04-15 00:00:00	None	HIVE Case #NA FP Security (IP=38,US)
64.251.19.215	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	US TO-S-2020-0303 Malware Activity
64.251.19.216	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	US TO-S-2020-0303 Malware Activity
64.251.19.231	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	US TO-S-2020-0303 Malware Activity
64.253.210.186	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	US TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
64.27.30.17	32	wmp	None	2020-08-20 00:00:00	2021-10-08 00:00:00	None	HIVE Case #3601 COLS-NA-TIP-20-0260 (IP=17,US) | updated by dbc Block expiration extended with reason HIVE Case #4064 TO-S-2020-0859 (IP=17,US)
64.31.41.245	32	dbc	None	2020-05-13 00:00:00	2021-05-13 00:00:00	None	Unaffiliated TO-S-2020-0503 Malicious Email Activity
64.31.8.10	32	BMP	None	2020-10-30 00:00:00	2021-01-30 00:00:00	None	Unauthorized Access-Probe // UDP: Host Sweep - TT# 21C00196 (IP=10,US)
64.32.11.75	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	US TO-S-2020-0750 Malicious Email Activity
64.32.11.95	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	US TO-S-2020-0750 Malicious Email Activity
64.32.122.146	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	DM Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
64.32.8.70	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=70,US)
64.34.127.11	32	NAB	None	2021-04-05 00:00:00	2021-07-04 00:00:00	None	HIVE Case #5201 TO-S-21-1209 (IP=11,US)
64.34.139.133	32	wmp	None	2020-08-24 00:00:00	2021-10-08 00:00:00	None	HIVE Case #3623 COLS-NA-TIP-20-0266 (IP=133,CA) | updated by dbc Block expiration extended with reason HIVE Case #4064 TO-S-2020-0859 (IP=133,CA)
64.34.159.203	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=203,CA)
64.34.68.50	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	CA TO-S-2020-0459 Malware Activity
64.37.49.58	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	US TO-S-2020-0698 Malicious Email Activity
64.37.52.2	32	dbc	None	2020-06-10 00:00:00	2021-06-10 00:00:00	None	Unaffiliated TO-S-2020-0601 Malicious Email Activity
64.37.60.39	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=39,US)
64.39.99.63	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=63,US)
64.40.126.65	32	wmp	None	2020-08-03 00:00:00	2021-09-29 00:00:00	None	HIVE Case #3444 COLS-NA-TIP-20-0242 (IP=65,CA) | updated by dbc Block expiration extended with reason CA TO-S-2020-0838 Malicious Email Activity
64.41.200.105	32	ZH	None	2021-07-17 00:00:00	2021-10-15 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45201:2) - Sourcefire Rpt (IP=105,US)
64.41.200.106	32	alj	None	2018-11-19 06:00:00	2021-08-31 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) (ip=106,us) | updated by BMP Block was inactive. Reactivated on 20200404 with reason SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SS
64.41.200.106	32	BMP	None	2021-06-02 00:00:00	2021-08-31 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45200:2) (ip=106,us) | updated by BMP Block was inactive. Reactivated on 20200404 with reason SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SS
64.41.200.107	32	BMP	None	2021-07-19 00:00:00	2021-10-17 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (IP=107,US) | updated by BMP Block was inactive. Reactivated on 20200404 with reason SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack at | updated by BMP Block was inactive. Reactivated on 20210719 with reason SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45201:2) - SourceFire (IP=107,US) SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45201:2) - SourceFire (IP=107,US)
64.41.200.107	32	CR	None	2018-11-07 06:00:00	2021-10-17 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (IP=107,US) | updated by BMP Block was inactive. Reactivated on 20200404 with reason SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack at | updated by BMP Block was inactive. Reactivated on 20210719 with reason SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45201:2) - SourceFire (IP=107,US) SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45201:2) - SourceFire (IP=107,US)
64.41.200.108	32	ZH	None	2021-07-17 00:00:00	2021-10-15 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (IP=108,US) | updated by BP Block was inactive. Reactivated on 20191129 with reason SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack atte | updated by ZH Block expiration extended with reason SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45201:2) - Sourcefire Rpt (IP=108,US) SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45201:2) - Sourcefire Rpt (IP=108,US)
64.41.200.108	32	CR	None	2018-11-15 06:00:00	2021-10-15 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (IP=108,US) | updated by BP Block was inactive. Reactivated on 20191129 with reason SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack atte | updated by ZH Block expiration extended with reason SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45201:2) - Sourcefire Rpt (IP=108,US) SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45201:2) - Sourcefire Rpt (IP=108,US)
64.41.200.108	32	ZH	None	2021-06-01 00:00:00	2021-10-15 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (IP=108,US) | updated by BP Block was inactive. Reactivated on 20191129 with reason SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack atte | updated by ZH Block expiration extended with reason SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45201:2) - Sourcefire Rpt (IP=108,US) SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45201:2) - Sourcefire Rpt (IP=108,US)
64.41.200.111	32	AR	None	2021-05-21 00:00:00	2021-08-19 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45201:2) -SourceFire Report (IP=111,US)
64.41.200.112	32	AR	None	2021-05-21 00:00:00	2021-08-19 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt (1:45201:2) - SourceFire Report (IP=112,US)
64.44.80.44	32	RR	None	2020-10-21 00:00:00	2021-01-21 00:00:00	None	HTTP: RedHat JBoss Enterprise Application Platform JMX Console Security Bypass - TT# 21C00174 (IP=44,US)
64.53.244.90	32	DT	None	2021-08-31 00:00:00	2021-11-29 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - Failed Logons (IP=90,US)
64.58.11.238	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=238,US)
64.62.252.162	32	dbc	None	2020-03-24 00:00:00	2021-03-24 00:00:00	None	US TO-S-2020-0369 Malicious Email Activity
64.64.18.116	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	US TO-S-2020-0750 Malicious Email Activity
64.71.156.106	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	US TO-S-2020-0698 Malware Activity
64.77.222.150	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=150,US)
64.79.67.68	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=68,US)
64.80.214.46	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=46,US)
64.88.200.210	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=210,US)
64.9.168.144	32	dbc	None	2020-01-29 00:00:00	2021-01-29 00:00:00	None	US TO-S-2020-0279 TIPPER Sharkseer-TIP-20-2588 Malicious Word File Download
64.90.144.164	32	RW	None	2021-02-28 00:00:00	2021-05-28 00:00:00	None	SSH User Authentication Brute Force Attempt - 6 hr failed logons (IP=164,US)
64.90.50.44	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
64.90.62.162	32	dbc	None	2020-12-08 00:00:00	2021-12-08 00:00:00	None	US TO-S-2021-0982 Malicious Email Activity
64.91.226.182	32	wmp	None	2020-07-17 00:00:00	2021-09-17 00:00:00	None	HIVE Case #3353 TO-S-2020-0682 COLS-NA-TIP-20-0223 (IP=182,US) | updated by dbc Block expiration extended with reason US TO-S-2020-0805 Malicious Email Activity
64.91.227.82	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	US TO-S-2020-0750 Malicious Email Activity
64.91.227.83	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	US TO-S-2021-1007 Malicious Email Activity
64.91.229.52	32	TLM	None	2021-07-29 00:00:00	2021-10-27 00:00:00	None	HIVE Case #5884 TO-S-2021-1435 (IP=52,US)
64.91.233.185	32	wmp	None	2020-07-17 00:00:00	2021-08-24 00:00:00	None	HIVE Case #3353 TO-S-2020-0682 COLS-NA-TIP-20-0223 (IP=185,US) | updated by dbc Block expiration extended with reason US TO-S-2020-0750 Malicious Email Activity
64.91.234.57	32	NAB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HIVE Case #5136 TO-S-21-1197 TO-S-21-1197.01 (IP=57,US)
64.91.237.134	32	NAB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HIVE Case #5136 TO-S-21-1197 TO-S-21-1197.01 (IP=134,US)
64.91.241.132	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=132,US)
64.91.241.76	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
64.91.250.173	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
64.95.64.219	32	wmp	None	2020-08-26 00:00:00	2021-10-21 00:00:00	None	HIVE Case #3650 COLS-NA-TIP-20-0271 (IP=219,US) | updated by wmp Block expiration extended with reason HIVE Case #3853 TO-S-2020-0804 COLS-NA-TIP-20-0291 (IP=219,US) | updated by dbc Block expiration extended with reason US TO-S-2021-0876 Hive Case 41
65.0.134.157	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=157,IN)
65.0.167.238	24	RR	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=238,IN)
65.0.169.124	24	GM	None	2021-03-09 00:00:00	2021-06-07 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=124,IN)
65.0.240.91	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	HIVE Case #Firepower Firepower (IP=91,IN)
65.0.74.31	24	RW	None	2020-11-09 00:00:00	2021-02-12 00:00:00	None	HTTP SQL Injection Attempt - 6hr web attacks (IP=31,IN) | updated by RW Block expiration extended with reason Nuclei Vulnerability Scanner - FirEeye IPS(IP=31,IN)
65.1.147.161	24	RR	None	2021-03-23 00:00:00	2021-06-21 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) -SourceFire (IP=161,IN)
65.1.187.231	24	BB	None	2021-08-19 00:00:00	2021-11-17 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - Web Attacks (IP=231,IN)
65.1.191.101	24	RR	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=101,IN)
65.1.225.128	24	DT	None	2021-03-14 00:00:00	2021-06-14 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=128,IN)
65.1.31.163	24	RR	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=163,IN)
65.1.65.128	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=128,IN)
65.1.98.52	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=52,IN)
65.101.65.186	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=186,US)
65.116.218.50	32	AR	None	2021-09-10 00:00:00	2021-12-09 00:00:00	None	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - TT# 21C01805 (IP=50,US)
65.127.220.148	32	AR	None	2021-05-27 00:00:00	2021-11-23 00:00:00	None	- CTO 21-131 (IP=148,US)
65.132.255.98	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=98,US)
65.140.245.74	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=74,US)
65.141.15.162	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=162,US)
65.141.15.186	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=186,US)
65.157.20.122	32	YM	None	2017-07-28 05:00:00	2021-07-02 00:00:00	None	APP-DETECT failed FTP login attempt (IP=122,US) | updated by GLM Block was inactive. Reactivated on 20210403 with reason Web (HTTP) Attacks (IP=122,US)
65.158.47.17	32	dbc	None	2020-01-08 00:00:00	2021-01-08 00:00:00	None	US TO-S-2020-0236 Application Vulnerability Exploit
65.158.47.32	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	US TO-S-2020-0331 Malware Activity
65.18.114.113	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	MM Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
65.18.114.116	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	MM Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
65.182.100.227	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
65.185.157.172	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=172,US)
65.188.57.172	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=172,US)
65.19.74.106	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	US TO-S-2020-0303 Malicious Web Application Activity
65.191.177.133	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=133,US)
65.191.188.74	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=74,US)
65.191.217.210	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=210,US)
65.2.71.126	24	RW	None	2021-07-08 00:00:00	2021-10-06 00:00:00	None	HTTP SQL Injection Attempt - Web Attacks (IP=126,IN)
65.2.86.74	24	DT	None	2021-04-16 00:00:00	2021-07-15 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - 6hr web attacks (IP=74,IN)
65.20.188.245	24	RR	None	2021-07-02 00:00:00	2021-09-30 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - SourceFire (IP=245,IR)
65.200.165.117	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=117,US)
65.208.118.229	32	dbc	None	2020-05-22 00:00:00	2021-05-27 00:00:00	None	Unafilliated TO-S-2020-0559 Malicious Email Activity | updated by dbc Block expiration extended with reason Unafilliated TO-S-2020-0559.01 Malicious Email Activity
65.21.100.199	24	ZH	None	2021-09-28 00:00:00	2021-12-27 00:00:00	None	SQL injection - 6hr Web Attacks (IP=199,FI)
65.21.108.211	24	SW	None	2021-06-28 00:00:00	2021-09-26 00:00:00	None	SQL injection - Web Attacks (IP=211,FI)
65.21.133.126	32	TLM	None	2021-07-29 00:00:00	2021-10-27 00:00:00	None	HIVE Case #5884 TO-S-2021-1435 (IP=126,FI)
65.21.176.231	32	BB	None	2021-05-20 00:00:00	2021-08-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - WebAttacks (IP=231, US)
65.211.37.197	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=197,US)
65.217.55.195	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=195,US)
65.254.225.149	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
65.255.143.78	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=78,US)
65.34.215.158	32	ZH	None	2021-07-20 00:00:00	2021-10-18 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt (1:19559:13) - Sourcefire Rpt (IP=158,US)
65.36.62.20	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malware Activity
65.41.242.10	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=10,US)
65.49.20.66	32	SW	None	2021-09-06 00:00:00	2021-12-05 00:00:00	None	ReputationDV Malware Event TT# 21C01759 (IP=66,US)
65.49.20.67	32	DT	None	2021-04-23 00:00:00	2021-07-23 00:00:00	None	Self Report/AAG Secure Server(4) - IR# 21C01054 (IP=67,US)
65.5.228.17	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=17,US)
65.52.115.71	32	FT	None	2020-10-07 00:00:00	2021-01-07 00:00:00	None	Unauthorized Access-Probe / UDP: Host Sweep - TT # 21C00053 (IP=71,WA)
65.60.10.251	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	US TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
65.60.26.73	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=73,US)
65.60.28.98	32	dbc	None	2020-06-08 00:00:00	2021-06-08 00:00:00	None	US TO-S-2020-0592 Malware Activity
65.61.14.13	32	dbc	None	2020-05-22 00:00:00	2021-05-27 00:00:00	None	Unafilliated TO-S-2020-0559 Malicious Email Activity | updated by dbc Block expiration extended with reason Unafilliated TO-S-2020-0559.01 Malicious Email Activity
65.75.96.43	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	BS Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
65.92.186.112	24	ZH	None	2021-05-19 00:00:00	2021-08-17 00:00:00	None	SERVER-WEBAPP Cisco ASA directory traversal attempt - 6 hr Web Attacks (IP=112,CA)
65.94.148.79	24	BB	None	2021-07-05 00:00:00	2021-10-03 00:00:00	None	SQL injection - Web Attacks (IP=79,CA)
65.94.216.247	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	CA TO-S-2020-0493 Malware Activity
65.99.136.126	24	RR	None	2020-12-25 00:00:00	2021-03-25 00:00:00	None	SSH User Authentication Brute Force Attempt - Failed Logons (IP=126,SE)
65.99.205.183	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	US TO-S-2020-0331 Malicious Email Activity
65.99.229.171	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
65.99.237.192	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
65.99.237.192	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
65.99.252.216	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	US TO-S-2020-0750 Malicious Email Activity
65.99.252.93	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	US Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
66.102.7.211	32	dbc	None	2020-06-08 00:00:00	2021-06-08 00:00:00	None	US TO-S-2020-0592 Malware Activity
66.102.7.213	32	dbc	None	2020-06-08 00:00:00	2021-06-08 00:00:00	None	US TO-S-2020-0592 Malware Activity
66.111.4.53	32	dbc	None	2019-12-17 00:00:00	2021-12-11 00:00:00	None	US TO-S-2020-0187 Malicious Email Activity | updated by jkc Block expiration extended with reason US TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
66.113.162.216	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	US Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
66.117.16.17	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	GB TO-S-2020-0535 Malicious Email Activity
66.117.2.182	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=182,US)
66.117.5.94	32	NAB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HIVE Case #5136 TO-S-21-1197 TO-S-21-1197.01 (IP=94,US)
66.119.29.101	32	NAB	None	2021-01-07 00:00:00	2021-11-28 00:00:00	None	HIVE Case #NA FP Security (IP=101,US) | updated by NAB Block expiration extended with reason HIVE Case #NA FP Security (IP=101,US) | updated by NAB Block was inactive. Reactivated on 20210528 with reason HIVE Case #NA FP Security (IP=101,US) HIVE Cas
66.119.29.101	32	NAB	None	2021-05-28 00:00:00	2021-11-28 00:00:00	None	HIVE Case #NA FP Security (IP=101,US) | updated by NAB Block expiration extended with reason HIVE Case #NA FP Security (IP=101,US) | updated by NAB Block was inactive. Reactivated on 20210528 with reason HIVE Case #NA FP Security (IP=101,US) HIVE Cas
66.128.53.3	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	US Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
66.129.102.52	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	US TO-S-2021-0949 Hive Case 4363 Malware Activity
66.131.231.118	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	CA TO-S-2020-0303 Malicious Email Activity
66.147.239.119	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	US TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
66.147.240.154	32	NAB	None	2021-01-11 00:00:00	2021-04-11 00:00:00	None	HIVE Case #NA FP Security (IP=154,US)
66.147.240.156	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
66.147.240.173	32	wmp	None	2020-08-20 00:00:00	2021-10-08 00:00:00	None	HIVE Case #3601 COLS-NA-TIP-20-0260 (IP=173,US) | updated by dbc Block expiration extended with reason HIVE Case #4064 TO-S-2020-0859 (IP=173,US)
66.147.242.88	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
66.147.242.90	32	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5629 TO-S-2021-1303 (IP=90,US)
66.147.242.90	32	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5629 TO-S-2021-1303 (IP=90,US)
66.147.244.136	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
66.147.244.140	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
66.147.244.179	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	US TO-S-2020-0698 Malicious Email Activity
66.147.244.184	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	US TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
66.147.244.184	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	US TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
66.147.244.184	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	US TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
66.147.244.190	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
66.147.244.238	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=238,US)
66.147.244.66	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
66.147.244.89	32	dbc	None	2020-09-23 00:00:00	2021-09-23 00:00:00	None	US TO-S-2020-0826 Hive Case 3950 Malicious Email Activity
66.148.66.11	32	EE	None	2021-04-22 00:00:00	2021-07-22 00:00:00	None	TO-S-2021-1251(2)/TELNET Attempt - TT# 21C01047 (IP=11,US)
66.148.70.5	32	EE	None	2021-04-22 00:00:00	2021-07-22 00:00:00	None	TO-S-2021-1251(3)/TELNET Attempt - TT# 21C01048 (IP=5,US)
66.151.211.218	32	dbc	None	2020-09-17 00:00:00	2021-09-17 00:00:00	None	US TO-S-2020-0805 Malicious Email Activity
66.152.139.33	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
66.152.142.40	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=40,US)
66.152.189.130	32	dbc	None	2020-05-22 00:00:00	2021-05-27 00:00:00	None	Unafilliated TO-S-2020-0559 Malicious Email Activity | updated by dbc Block expiration extended with reason Unafilliated TO-S-2020-0559.01 Malicious Email Activity
66.154.107.39	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	US TO-S-2020-0493 Malware Activity
66.155.86.41	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=41,US)
66.155.86.43	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=43,US)
66.161.229.2	32	dbc	None	2020-06-08 00:00:00	2021-06-08 00:00:00	None	US TO-S-2020-0592 Malware Activity
66.165.240.73	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=73,US)
66.165.253.235	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
66.172.10.74	32	KD	None	2021-09-30 00:00:00	2021-12-29 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841)- TT# 21C02019 (IP=74,US)
66.172.12.252	32	KH	None	2021-07-09 00:00:00	2021-10-07 00:00:00	None	PHPUnit CVE-2017-9841 Remote Code Execution - FE IPS Events (IP=252,US)
66.172.33.212	32	DT	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=212,US)
66.172.33.212	32	DT	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=212,US)
66.175.209.184	32	DT	None	2021-06-18 00:00:00	2021-09-16 00:00:00	None	POLICY-OTHER PHP uri tag injection attempt (1:23111:14) - Source Fire (IP=184,US)
66.175.209.201	32	DT	None	2021-06-18 00:00:00	2021-09-16 00:00:00	None	SERVER-WEBAPP Oracle Business Intelligence directory traversal attempt (1:49967:2) - Source Fire (IP=201,US)
66.175.209.203	32	DT	None	2021-06-18 00:00:00	2021-09-16 00:00:00	None	POLICY-OTHER SAP NetWeaver AS LM Configuration Wizard access detected (1:54573:2) - Source Fire (IP=203,US)
66.175.209.233	32	RR	None	2021-06-19 00:00:00	2021-09-17 00:00:00	None	SERVER-WEBAPP JBoss JMX console access attempt - SourceFire (IP=233,US)
66.175.211.162	32	KH	None	2021-08-17 00:00:00	2021-11-15 00:00:00	None	HTTP: Apache Struts2 XML Deserialization Remote Code Execution (CVE-2017-9805) - IR# 21C01567 (IP=162,US)
66.175.211.172	32	KH	None	2021-08-17 00:00:00	2021-11-15 00:00:00	None	HTTP: Apache Struts2 XML Deserialization Remote Code Execution (CVE-2017-9805) - IR# 21C01567 (IP=172,US)
66.175.211.179	32	RR	None	2021-07-23 00:00:00	2021-10-21 00:00:00	None	POLICY-OTHER Adobe ColdFusion admin interface access attempt - Web Attacks (IP=179,US)
66.175.211.44	32	KH	None	2021-08-17 00:00:00	2021-11-15 00:00:00	None	HTTP: Apache Struts2 XML Deserialization Remote Code Execution (CVE-2017-9805) - IR# 21C01567 (IP=44,US)
66.175.211.55	32	KH	None	2021-08-17 00:00:00	2021-11-15 00:00:00	None	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - IR# 21C01566(55,US)
66.175.215.250	32	BMP	None	2021-04-27 00:00:00	2021-07-26 00:00:00	None	WebUI mainfile.php Arbitrary Command - Hive Case 5326 (IP=250,US)
66.175.232.206	32	RR	None	2020-12-07 00:00:00	2021-03-07 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=206,US)
66.175.236.94	32	KH	None	2021-09-05 00:00:00	2021-12-04 00:00:00	None	SERVER-WEBAPP Atlassian Confluence OGNL injection remote code execution attempt (1:58093:1) - Sourcefire (IP=94,US)
66.175.58.9	32	JKC	None	2018-01-05 06:00:00	2021-04-07 00:00:00	None	TIPPER 18-0033 (ip=9, US) | updated by NAB Block was inactive. Reactivated on 20210107 with reason HIVE Case #NA FP Security (IP=9,US)
66.180.167.51	32	NAB	None	2020-10-30 00:00:00	2021-01-28 00:00:00	None	HIVE Case #4238 COLS-NA-TIP-20-0344 (IP=51,US)
66.181.161.32	24	RW	None	2021-02-16 00:00:00	2021-05-16 00:00:00	None	Authentication Failure - 6 hr failed logons (IP=32,MN)
66.181.164.0	24	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,MN)
66.181.166.140	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	MN Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
66.198.240.33	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
66.198.240.4	32	wmp	None	2019-01-25 00:00:00	2021-10-21 00:00:00	None	Doc.Malware.Dkvn (IP=4,US) | updated by dbc Block was inactive. Reactivated on 20201021 with reason US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
66.198.240.42	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
66.198.240.50	32	wmp	None	2020-09-16 00:00:00	2021-10-29 00:00:00	None	HIVE Case #3909 COLS-NA-TIP-20-0296 (IP=50,US) | updated by dbc Block expiration extended with reason US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
66.198.240.53	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
66.198.240.56	32	dbc	None	2020-09-23 00:00:00	2021-09-23 00:00:00	None	US TO-S-2020-0826 Hive Case 3950 Malicious Email Activity
66.198.240.6	32	NAB	None	2021-01-12 00:00:00	2021-04-12 00:00:00	None	HIVE Case #NA FP Security (IP=6,US)
66.198.240.8	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
66.198.244.46	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	US TO-S-2020-0493 Malware Activity
66.198.246.118	32	TLM	None	2021-06-10 00:00:00	2021-12-10 00:00:00	None	HIVE CASE #5606 TO-S-2021-1338
66.198.252.248	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
66.199.141.105	32	NAB	None	2021-04-05 00:00:00	2021-07-04 00:00:00	None	HIVE Case #5201 TO-S-21-1209 (IP=105,CA)
66.199.245.58	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
66.199.35.192	32	dbc	None	2020-05-22 00:00:00	2021-05-27 00:00:00	None	Unafilliated TO-S-2020-0559 Malicious Email Activity | updated by dbc Block expiration extended with reason Unafilliated TO-S-2020-0559.01 Malicious Email Activity
66.201.24.73	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=73,US)
66.206.18.186	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	US TO-S-2020-0535 Malware Activity
66.206.20.130	32	NAB	None	2021-01-07 00:00:00	2021-04-07 00:00:00	None	HIVE Case #NA FP Security (IP=130,US)
66.206.22.98	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=98,US)
66.206.9.194	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
66.212.31.198	32	None	None	None	2021-04-23 00:00:00	None	| updated by RW with reason FE_Webshell_PHP_Generic_3.FEC2 - Malware Object Download (IP=198,US) | updated by dbc Block was inactive. Reactivated on 20200423 with reason US TO-S-2020-0459 Malware Activity
66.220.9.57	32	dbc	None	2020-09-23 00:00:00	2021-09-23 00:00:00	None	US TO-S-2020-0826 Hive Case 3950 Malicious Email Activity
66.225.121.74	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=74,US)
66.226.76.245	32	GLM	None	2021-04-05 00:00:00	2021-07-04 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=245,US)
66.228.32.233	32	RR	None	2021-07-23 00:00:00	2021-10-21 00:00:00	None	Adobe ColdFusion Administrator Access Restriction - Web Attacks (IP=233,US)
66.228.34.198	32	BMP	None	2021-08-07 00:00:00	2021-11-05 00:00:00	None	SERVER-WEBAPP vBulletin template rendering arbitrary PHP code execution attempt (1:54768:2) - SourceFire (IP=198,US)
66.228.34.212	32	WR	None	2021-05-19 00:00:00	2021-08-17 00:00:00	None	HTTP: SQL Injection - Exploit - 6hr web attacks (IP=212,US)
66.228.37.134	32	DT	None	2021-09-01 00:00:00	2021-11-30 00:00:00	None	SQL injection - Web Attacks (IP=134,US)
66.228.37.240	32	DT	None	2021-09-01 00:00:00	2021-11-30 00:00:00	None	SQL injection - Web Attacks (IP=240,US)
66.228.37.33	32	RW	None	2021-07-23 00:00:00	2021-10-21 00:00:00	None	POLICY-OTHER Adobe ColdFusion admin interface access attempt - Web Attacks (IP=33,US)
66.228.38.22	32	ZH	None	2021-07-24 00:00:00	2021-10-22 00:00:00	None	POLICY-OTHER Adobe ColdFusion admin interface access attempt - 6hr Web Attacks (IP=22,US)
66.228.43.151	32	KH	None	2021-08-17 00:00:00	2021-11-15 00:00:00	None	HTTP: Apache Struts2 XML Deserialization Remote Code Execution (CVE-2017-9805) - IR# 21C01567 (IP=151,US)
66.228.43.175	32	ZH	None	2021-07-20 00:00:00	2021-10-18 00:00:00	None	SERVER-WEBAPP Terramaster TOS command injection attempt - 6hr Web Attacks (IP=175,US)
66.228.43.39	32	KH	None	2021-08-17 00:00:00	2021-11-15 00:00:00	None	HTTP: Apache Struts2 XML Deserialization Remote Code Execution (CVE-2017-9805) - IR# 21C01567 (IP=39,US)
66.228.43.43	32	KH	None	2021-08-17 00:00:00	2021-11-15 00:00:00	None	HTTP: Apache Struts2 XML Deserialization Remote Code Execution (CVE-2017-9805) - IR# 21C01567 (IP=43,US)
66.228.43.48	32	KH	None	2021-07-26 00:00:00	2021-10-24 00:00:00	None	SERVER-WEBAPP Cisco ASA cross site scripting attempt - Web Attacks (IP=48,US)
66.228.43.76	32	DT	None	2021-08-16 00:00:00	2021-11-14 00:00:00	None	Apache Struts ConversionErrorInterceptor OGNL Script Injection - TT# 21C01561 (IP=76,US)
66.228.43.99	32	KH	None	2021-08-17 00:00:00	2021-11-15 00:00:00	None	HTTP: Apache Struts2 XML Deserialization Remote Code Execution (CVE-2017-9805) - IR# 21C01567 (IP=99,US)
66.228.46.113	32	GM	None	2020-11-20 00:00:00	2021-02-20 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=113,US)
66.228.50.196	32	RR	None	2019-10-19 00:00:00	2021-05-07 00:00:00	None	OS-WINDOWS Microsoft Windows Terminal server RDP over non-standard port attempt - SourceFire (IP=196,US) | updated by dbc Block was inactive. Reactivated on 20200507 with reason US TO-S-2020-0493 Malware Activity
66.23.225.77	32	jkc	None	2021-04-21 00:00:00	2021-10-21 00:00:00	None	Case # 5273 IOC_TO-S-2021-1233 Malicious callback IP
66.23.233.59	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
66.230.230.230	32	GM	None	2021-03-09 00:00:00	2021-06-07 00:00:00	None	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00639 (IP=230,US)
66.232.107.218	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=218,US)
66.232.20.0	23	dbc	None	2021-01-06 00:00:00	2021-01-07 00:00:00	None	HIVE Case #4689 Web Server Vulnerability Scanning (IP=multiple,US) | unblocked This IP is involved with the Hack The Army and was unblocked.
66.232.20.72	32	BMP	None	2021-03-10 00:00:00	2021-06-10 00:00:00	None	SQL injection - 6hr Web Attacks (IP=72,US)
66.232.21.122	32	GM	None	2021-03-16 00:00:00	2021-06-16 00:00:00	None	SERVER-WEBAPP JBoss JMXInvokerServlet access attempt - Sourcefire (IP=122,US)
66.232.21.68	32	GM	None	2021-01-11 00:00:00	2021-04-11 00:00:00	None	SERVER-WEBAPP Apache Tomcat FileStore directory traversal attempt - Sourcefire (IP=68,US)
66.232.21.72	32	FT	None	2021-01-07 00:00:00	2021-04-07 00:00:00	None	/etc/passwd Access Attempt Detect - IPS Events (IP=72, US)
66.235.184.154	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=154,US)
66.235.200.145	32	wmp	None	2020-08-05 00:00:00	2021-09-17 00:00:00	None	HIVE Case #3479 COLS-NA-TIP-20-0246 (IP=145,US) | updated by dbc Block expiration extended with reason US TO-S-2020-0805 Malicious Email Activity
66.235.200.147	32	dbc	None	2020-04-08 00:00:00	2021-04-08 00:00:00	None	US TO-S-2020-0419 Malware Activity
66.240.219.133	32	RR	None	2021-05-21 00:00:00	2021-08-19 00:00:00	None	Authentication Failed - 6hr Failed Logon (IP=133,US) | updated by RR Block was inactive. Reactivated on 20210521 with reason FTP Login Failed - Failed Logons (IP=133,US) FTP Login Failed - Failed Logons (IP=133,US)
66.240.219.133	32	RW	None	2020-10-03 00:00:00	2021-08-19 00:00:00	None	Authentication Failed - 6hr Failed Logon (IP=133,US) | updated by RR Block was inactive. Reactivated on 20210521 with reason FTP Login Failed - Failed Logons (IP=133,US) FTP Login Failed - Failed Logons (IP=133,US)
66.240.219.146	32	dlb	None	2016-01-14 06:00:00	2021-12-07 00:00:00	None	ET POLICY Suspicious inbound to mySQL port 3306 (IP=146, US) | updated by tjh with reason US TO-S-2016-0490 | updated by RR | updated by BMP Block was inactive. Reactivated on 20200502 with reason INDICATOR-SCAN DNS version.bind string information di | updated by RT Block was inactive. Reactivated on 20210908 with reason HTTP: Microsoft Windows HTTP.sys Remote Code Execution(CVE-2015-1635) - TT# 21C01786 (IP=146,US) HTTP: Microsoft Windows HTTP.sys Remote Code Execution(CVE-2015-1635) - TT# 21C01786 (IP=146,US)
66.240.219.146	32	BMP	None	2021-05-14 00:00:00	2021-12-07 00:00:00	None	ET POLICY Suspicious inbound to mySQL port 3306 (IP=146, US) | updated by tjh with reason US TO-S-2016-0490 | updated by RR | updated by BMP Block was inactive. Reactivated on 20200502 with reason INDICATOR-SCAN DNS version.bind string information di | updated by RT Block was inactive. Reactivated on 20210908 with reason HTTP: Microsoft Windows HTTP.sys Remote Code Execution(CVE-2015-1635) - TT# 21C01786 (IP=146,US) HTTP: Microsoft Windows HTTP.sys Remote Code Execution(CVE-2015-1635) - TT# 21C01786 (IP=146,US)
66.240.219.146	32	RT	None	2021-09-08 00:00:00	2021-12-07 00:00:00	None	ET POLICY Suspicious inbound to mySQL port 3306 (IP=146, US) | updated by tjh with reason US TO-S-2016-0490 | updated by RR | updated by BMP Block was inactive. Reactivated on 20200502 with reason INDICATOR-SCAN DNS version.bind string information di | updated by RT Block was inactive. Reactivated on 20210908 with reason HTTP: Microsoft Windows HTTP.sys Remote Code Execution(CVE-2015-1635) - TT# 21C01786 (IP=146,US) HTTP: Microsoft Windows HTTP.sys Remote Code Execution(CVE-2015-1635) - TT# 21C01786 (IP=146,US)
66.240.236.119	32	BMP	None	2021-05-14 00:00:00	2021-08-12 00:00:00	None	multiple SQL port scans (ip=119,US) | updated by dlb with reason ET POLICY Suspicious inbound to PostgreSQL port (IP=119, US) | updated by RWB Block was inactive. Reactivated on 20191222 with reason Attempted Information Leak - INDICATOR-SCAN DNS versi
66.240.236.119	32	djs	None	2015-02-25 06:00:00	2021-08-12 00:00:00	None	multiple SQL port scans (ip=119,US) | updated by dlb with reason ET POLICY Suspicious inbound to PostgreSQL port (IP=119, US) | updated by RWB Block was inactive. Reactivated on 20191222 with reason Attempted Information Leak - INDICATOR-SCAN DNS versi
66.248.205.44	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	NL TO-S-2020-0331 Malware Activity
66.248.206.239	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	AU TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
66.249.66.93	32	RB	None	2021-02-16 00:00:00	2021-05-16 00:00:00	None	Self Report: SRF Production Error - IR# 21C00508 (IP=93,US)
66.249.69.205	32	BMP	None	2020-12-12 00:00:00	2021-03-12 00:00:00	None	FTP Login Failed - 6 Hr Failed Logons (IP=207,US)
66.249.69.209	32	GM	None	2020-11-28 00:00:00	2021-02-28 00:00:00	None	FTP Login Failed - Failed Logons (IP=209,US)
66.249.69.235	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	MULTIPLE UNRECOGNIZED TECHNIQUES; FORWARD TO DEV TEAM (IP=235,US)
66.249.70.13	32	GM	None	2021-01-02 00:00:00	2021-04-02 00:00:00	None	FTP Login Failed - Failed Logons (IP=13,US)
66.249.73.109	32	GM	None	2020-10-31 00:00:00	2021-01-31 00:00:00	None	FTP Login Failed - Failed Logons (IP=109,US)
66.249.75.46	32	GM	None	2020-12-17 00:00:00	2021-03-17 00:00:00	None	FTP Login Failed - Failed Logons (IP=46,US)
66.251.163.0	24	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	ZA TO-S-2020-0331 Malicious Web Application Activity
66.254.114.41	32	GED	None	2020-12-04 00:00:00	2021-03-04 00:00:00	None	HIVE Case #NA FP CIO Policy (IP=41,US)
66.29.135.206	32	TLM	None	2021-06-17 00:00:00	2021-12-17 00:00:00	None	HIVE Case #5644 TO-S-2021-1352 (IP=206,US)
66.29.141.6	32	TLM	None	2021-07-29 00:00:00	2021-10-27 00:00:00	None	HIVE Case #5884 TO-S-2021-1435 (IP=6,US)
66.33.212.120	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	US TO-S-2020-0493 Malware Activity
66.33.214.4	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
66.33.215.209	32	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	US TO-S-2020-0838 Malicious Email Activity
66.34.200.215	32	TLM	None	2021-06-17 00:00:00	2021-12-17 00:00:00	None	HIVE Case #5644 TO-S-2021-1352 (IP=215,US)
66.35.84.90	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	US TO-S-2021-1007 Malicious Email Activity
66.42.35.25	24	EE	None	2021-04-20 00:00:00	2021-12-28 00:00:00	None	HIVE Case #6266 IOC_CVE-2021-22005 (IP=25,JP) | updated by EE Block was inactive. Reactivated on 20210929 with reason HIVE Case #6266 IOC_CVE-2021-22005 (IP=25,JP) HIVE Case #6266 IOC_CVE-2021-22005 (IP=25,JP)
66.42.35.25	24	EE	None	2021-04-20 00:00:00	2021-12-28 00:00:00	None	HIVE Case #6266 IOC_CVE-2021-22005 (IP=25,JP) | updated by EE Block was inactive. Reactivated on 20210929 with reason HIVE Case #6266 IOC_CVE-2021-22005 (IP=25,JP) HIVE Case #6266 IOC_CVE-2021-22005 (IP=25,JP)
66.42.35.25	24	EE	None	2021-04-20 00:00:00	2021-12-28 00:00:00	None	HIVE Case #6266 IOC_CVE-2021-22005 (IP=25,JP) | updated by EE Block was inactive. Reactivated on 20210929 with reason HIVE Case #6266 IOC_CVE-2021-22005 (IP=25,JP) HIVE Case #6266 IOC_CVE-2021-22005 (IP=25,JP)
66.42.35.25	24	EE	None	2021-09-29 00:00:00	2021-12-28 00:00:00	None	HIVE Case #6266 IOC_CVE-2021-22005 (IP=25,JP) | updated by EE Block was inactive. Reactivated on 20210929 with reason HIVE Case #6266 IOC_CVE-2021-22005 (IP=25,JP) HIVE Case #6266 IOC_CVE-2021-22005 (IP=25,JP)
66.42.35.25	24	EE	None	2021-09-29 00:00:00	2021-12-28 00:00:00	None	HIVE Case #6266 IOC_CVE-2021-22005 (IP=25,JP)
66.42.37.98	24	RW	None	2021-04-29 00:00:00	2021-07-29 00:00:00	None	Malicious external IP - Hive Case 5342 (IP=98,JP)
66.42.45.230	32	dbc	None	2020-05-13 00:00:00	2021-05-13 00:00:00	None	JP TO-S-2020-0503 Malicious Email Activity
66.42.55.124	24	RT	None	2021-07-01 00:00:00	2021-09-29 00:00:00	None	SERVER-WEBAPP PHPMailer command injection remote code execution attempt (1:45917:1) - Sourcefire Report (IP=124,SG)
66.42.55.124	24	RT	None	2021-07-01 00:00:00	2021-09-29 00:00:00	None	SERVER-WEBAPP PHPMailer command injection remote code execution attempt (1:45917:1) - Sourcefire Report (IP=124,SG)
66.42.63.128	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	SG TO-S-2020-0459 Malware Activity
66.42.63.85	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=85,SG)
66.45.229.178	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	US Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
66.45.230.219	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	US TO-S-2020-0750 Malicious Email Activity
66.45.251.211	32	NAB	None	2021-01-29 00:00:00	2021-04-29 00:00:00	None	HIVE Case #NA FP Security (IP=211,US)
66.49.201.7	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	CA Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
66.55.46.61	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=61,US)
66.58.235.197	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=197,US)
66.61.94.36	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malware Activity
66.64.245.242	32	GLM	None	2021-04-04 00:00:00	2021-07-03 00:00:00	None	Web (HTTP) Attacks (IP=242,US)
66.64.245.242	32	GLM	None	2021-04-04 00:00:00	2021-07-03 00:00:00	None	Web (HTTP) Attacks (IP=242,US) Web (HTTP) Attacks (IP=242,US)
66.64.245.242	32	GLM	None	2021-04-04 00:00:00	2021-07-03 00:00:00	None	Web (HTTP) Attacks (IP=242,US)
66.64.245.242	32	GLM	None	2021-04-04 00:00:00	2021-07-03 00:00:00	None	Web (HTTP) Attacks (IP=242,US) Web (HTTP) Attacks (IP=242,US)
66.64.245.242	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=242,US)
66.64.245.242	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=242,US) Web (HTTP) Attacks (IP=242,US)
66.64.5.206	32	wmp	None	2019-01-02 06:00:00	2021-04-23 00:00:00	None	authentication bypass vulnerability (IP=206,US) | updated by dbc Block was inactive. Reactivated on 20200423 with reason US TO-S-2020-0459 Malware Activity
66.65.14.225	32	RW	None	2021-02-02 00:00:00	2021-05-02 00:00:00	None	Authentication Failure - 6 hr failed logons (IP=225,US)
66.66.10.252	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=252,US)
66.7.193.242	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	US TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
66.7.197.217	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
66.7.199.235	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	Unaffiliated TO-S-2020-0535 Malicious Email Activity
66.70.132.195	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	CA TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
66.70.157.20	24	BMP	None	2021-03-23 00:00:00	2021-06-21 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - 6hr Web Attacks (IP=20,CA)
66.70.160.187	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	CA TO-S-2020-0493 Malware Activity
66.70.176.110	32	NAB	None	2020-10-30 00:00:00	2021-01-28 00:00:00	None	HIVE Case #4238 COLS-NA-TIP-20-0344 (IP=110,CA)
66.70.176.173	32	BMP	None	2020-12-05 00:00:00	2021-03-05 00:00:00	None	Unauthorized Access-Probe - TT# 21C00268 (IP=173,CA)
66.70.188.64	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	CA Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
66.70.190.63	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	CA TO-S-2020-0331 Malicious Web Application Activity
66.70.201.169	32	BMP	None	2021-02-13 00:00:00	2021-05-13 00:00:00	None	Unauthorized Access-Probe/UDP: Host Sweep - IR# 21C00496 (IP=169,CA)
66.70.204.208	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	CA Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
66.70.204.209	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	CA Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
66.70.207.201	32	RR	None	2021-02-18 00:00:00	2021-05-19 00:00:00	None	Unauthorized Access-Probe/UDP: Host Sweep - IR# 21C00514 (IP=201,CA)
66.75.66.131	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=131,US)
66.8.172.163	32	BMP	None	2020-10-16 00:00:00	2021-01-14 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6hr Failed Logons (IP=163,US)
66.85.228.82	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=82,US)
66.85.47.10	32	dbc	None	2020-01-08 00:00:00	2021-01-08 00:00:00	None	US TO-S-2020-0236 Malicious Email Activity
66.85.47.16	32	NAB	None	2020-10-28 00:00:00	2021-01-26 00:00:00	None	HIVE Case #4192 COLS-NA-TIP-20-0322 (IP=16,US)
66.85.47.248	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	US Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
66.85.47.5	32	dbc	None	2020-06-10 00:00:00	2021-06-10 00:00:00	None	Unaffiliated TO-S-2020-0601 Malicious Email Activity
66.85.47.6	32	JKC	None	2020-06-11 00:00:00	2021-08-24 00:00:00	None	Malicious IP Hive Case 2987 COLS-NA TIP 20-0165 CTO 20-156 (ip=6, US) | updated by dbc Block expiration extended with reason US TO-S-2020-0750 Malicious Email Activity
66.85.47.7	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	US TO-S-2020-0750 Malicious Email Activity
66.96.128.60	32	djs	None	2015-09-19 05:00:00	2021-04-23 00:00:00	None	sql injection attempts (ip=60,US) | updated by ged with reason SQL url ending in comment characters - possible sql injection a | updated by dbc Block was inactive. Reactivated on 20200423 with reason US TO-S-2020-0459 Malware Activity
66.96.147.105	32	NAB	None	2021-01-07 00:00:00	2021-04-08 00:00:00	None	HIVE Case #NA FP Security (IP=105,US) | updated by NAB Block expiration extended with reason HIVE Case #NA FP Security (IP=105,US)
66.96.149.18	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
66.96.160.129	32	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	US TO-S-2020-0838 Malicious Email Activity
66.96.183.37	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
66.96.183.62	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
66.96.236.255	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	ID TO-S-2020-0298 Malicious Email Activity
66.96.239.34	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	ID Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
67.11.226.94	32	DT	None	2021-08-26 00:00:00	2021-11-24 00:00:00	None	SQL injection - Web Attacks (IP=94,US)
67.140.47.254	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	US TO-S-2020-0493 Malware Activity
67.142.101.21	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=21,US)
67.143.180.107	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=107,US)
67.143.192.169	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=169,US)
67.160.50.56	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=56,US)
67.162.105.104	24	BMP	None	2020-12-05 00:00:00	2021-03-05 00:00:00	None	SSH User Authentication Brute Force Attempt - 6hr Failed Logons (IP=104,PK)
67.181.1.122	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	US TO-S-2020-0298 Malicious Email Activity
67.181.189.202	32	BMP	None	2021-01-20 00:00:00	2021-04-21 00:00:00	None	Nmap Scanner Traffic Detected - FireEye (IP=202,US)
67.190.69.142	32	GM	None	2019-06-29 00:00:00	2021-05-21 00:00:00	None	SERVER-WEBAPP Netgear DGN1000 series routers arbitrary command execution attempt - Web Attacks - Web Attacks (IP=142,US) | updated by dbc Block was inactive. Reactivated on 20200521 with reason Unaffiliated TO-S-2020-0535 Malware Activity
67.191.104.229	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=229,US)
67.192.47.224	32	dbc	None	2020-06-08 00:00:00	2021-06-08 00:00:00	None	US TO-S-2020-0592 Malware Activity
67.195.197.25	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	US TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
67.198.188.132	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=132,US)
67.198.232.84	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
67.20.120.139	32	wmp	None	2020-08-26 00:00:00	2021-10-08 00:00:00	None	HIVE Case #3650 COLS-NA-TIP-20-0271 (IP=139,US) | updated by dbc Block expiration extended with reason HIVE Case #4064 TO-S-2020-0859 (IP=139,US)
67.20.61.90	32	TLM	None	2021-06-17 00:00:00	2021-12-17 00:00:00	None	HIVE Case #5644 TO-S-2021-1352 (IP=90,US)
67.20.76.71	32	dbc	None	2020-09-17 00:00:00	2021-09-17 00:00:00	None	US TO-S-2020-0805 Malicious Email Activity
67.202.43.85	32	BMP	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=85,US)
67.202.70.137	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
67.205.10.77	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	US TO-S-2020-0493 Malware Activity
67.205.129.128	32	GM	None	2021-04-02 00:00:00	2021-07-02 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=128,US)
67.205.129.50	32	BMP	None	2021-03-13 00:00:00	2021-06-11 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=50,US)
67.205.132.189	32	DT	None	2021-03-25 00:00:00	2021-06-23 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=189,US)
67.205.134.231	32	FT	None	2021-03-30 00:00:00	2021-06-28 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=231,US)
67.205.135.193	32	RW	None	2021-01-26 00:00:00	2021-04-26 00:00:00	None	Self-Report/Cross-Site Scripting Attempt - TT# 21C00435 (IP=193,US)
67.205.148.65	32	wmp	None	2020-10-22 00:00:00	2021-01-20 00:00:00	None	HIVE Case #4172 CTO-20-295 (IP=65,US)
67.205.15.174	32	dbc	None	2020-06-08 00:00:00	2021-06-08 00:00:00	None	US TO-S-2020-0592 Malware Activity
67.205.150.161	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=161,US)
67.205.155.27	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	US TO-S-2020-0493 Malware Activity
67.205.163.254	32	DT	None	2021-04-09 00:00:00	2021-07-08 00:00:00	None	HTTP: PHP-FPM Remote Code Execution Vulnerability (CVE-2019-11043) - 6hr Web Attacks (IP=254,US)
67.205.164.239	32	AR	None	2021-07-12 00:00:00	2021-10-10 00:00:00	None	Command Injection (IP=239,US)
67.205.166.159	32	BB	None	2021-09-10 00:00:00	2021-12-09 00:00:00	None	HTTP: PHP File Inclusion Vulnerability - Web Attacks (IP=159,US)
67.205.171.113	32	KD	None	2021-08-10 00:00:00	2021-11-08 00:00:00	None	SERVER-WEBAPP Cisco ASA directory traversal attempt - SourceFire (IP=113,US)
67.205.172.40	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	US TO-S-2020-0493 Malware Activity
67.205.176.74	32	EE SERVER-WEBAPP	None	2021-03-19 00:00:00	2021-06-17 00:00:00	None	PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=74,US)
67.205.179.225	32	DT	None	2021-03-21 00:00:00	2021-06-19 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=225,US)
67.205.182.62	32	ZH	None	2021-07-13 00:00:00	2021-10-11 00:00:00	None	SQL injection - 6hr Web Attacks (IP=62,US)
67.205.183.254	32	BMP	None	2021-04-01 00:00:00	2021-06-30 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=254,US)
67.205.186.155	32	BMP	None	2021-03-27 00:00:00	2021-06-25 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=155,US)
67.205.58.106	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	US TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
67.205.61.30	32	dbc	None	2020-05-13 00:00:00	2021-05-13 00:00:00	None	Unaffiliated TO-S-2020-0503 Malicious Email Activity
67.205.85.243	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	CA TO-S-2021-0876 Hive Case 4166 Malware Activity
67.205.97.122	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=122,CA)
67.207.127.118	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=118,US)
67.207.80.234	32	SW	None	2021-07-15 00:00:00	2021-10-13 00:00:00	None	SERVER-WEBAPP Facade Ignition remote code execution attempt (1:57872:1) - Web Attacks (IP=234, US)
67.207.82.117	32	ZH	None	2021-08-28 00:00:00	2021-11-26 00:00:00	None	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt (1:41420:2) - Sourcefire (IP=117,US)
67.207.85.75	32	RR	None	2021-05-29 00:00:00	2021-08-27 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - SourceFire (IP=75,US)
67.207.90.47	32	ZH	None	2021-08-28 00:00:00	2021-11-26 00:00:00	None	SERVER-WEBAPP WordPress wp-config.php access via directory traversal attempt (1:41421:2) - Sourcefire (IP=47,US)
67.207.93.197	32	ZH	None	2021-06-24 00:00:00	2021-09-22 00:00:00	None	SQL injection - 6hr web attacks (IP=197,US)
67.209.114.220	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	US TO-S-2020-0303 Malicious Email Activity
67.209.122.240	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	US TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
67.210.18.178	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	US TO-S-2020-0535 Malicious Email Activity
67.211.221.123	32	DT	None	2021-03-30 00:00:00	2021-06-28 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=123,US)
67.211.221.124	32	NAB	None	2021-02-24 00:00:00	2021-05-25 00:00:00	None	HIVE Case #NA FP Security (IP=124,US)
67.212.100.158	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	US TO-S-2020-0298 Malicious Email Activity
67.212.179.162	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=162,US)
67.212.179.164	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	US TO-S-2021-1007 Malicious Email Activity
67.212.182.179	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	US TO-S-2020-0331 Malicious Email Activity
67.212.200.46	32	wmp	None	2021-01-14 00:00:00	2021-04-14 00:00:00	None	Suspicious Scan Activity (IP=46,US)
67.213.221.23	32	BMP	None	2021-02-16 00:00:00	2021-05-15 00:00:00	None	SERVER-WEBAPP Oracle Glassfish unauthenticated directory traversal attempt - 6hr Web Attacks (IP=23,US)
67.215.15.84	32	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	CA TO-S-2020-0315 Malicious Web Application Activity
67.215.233.26	32	dbc	None	2020-09-17 00:00:00	2021-09-17 00:00:00	None	US TO-S-2020-0805 Malicious Email Activity
67.215.233.30	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	US TO-S-2020-0750 Malicious Email Activity
67.215.236.58	32	BMP	None	2021-02-16 00:00:00	2021-05-15 00:00:00	None	SERVER-WEBAPP Cisco Ultra Services Framework command injection attempt - 6hr Web Attacks (IP=58,US)
67.215.238.194	32	dbc	None	2020-05-22 00:00:00	2021-05-27 00:00:00	None	Unafilliated TO-S-2020-0559 Malicious Email Activity | updated by dbc Block expiration extended with reason Unafilliated TO-S-2020-0559.01 Malicious Email Activity
67.22.6.11	32	ZH	None	2021-08-21 00:00:00	2021-11-19 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - 6hr Web Attacks (IP=11,US)
67.220.145.104	32	GED	None	2020-12-04 00:00:00	2021-03-04 00:00:00	None	HIVE Case #NA FP CIO Policy (IP=104,US)
67.222.104.218	32	NAB	None	2021-04-05 00:00:00	2021-07-04 00:00:00	None	HIVE Case #5201 TO-S-21-1209 (IP=218,US)
67.222.19.130	32	wmp	None	2020-08-26 00:00:00	2021-10-08 00:00:00	None	HIVE Case #3650 COLS-NA-TIP-20-0271 (IP=130,US) | updated by dbc Block expiration extended with reason HIVE Case #4064 TO-S-2020-0859 (IP=130,US)
67.222.39.83	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=83,US)
67.222.6.107	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	US TO-S-2020-0331 Malicious Email Activity
67.223.157.67	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	CA Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
67.225.129.149	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=149,US)
67.225.129.243	32	wmp	None	2020-09-25 00:00:00	2021-10-29 00:00:00	None	HIVE Case #3980 COLS-NA-TIP-20-0305 (IP=243,US) | updated by dbc Block expiration extended with reason US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
67.225.136.133	32	wmp	None	2020-09-14 00:00:00	2021-10-21 00:00:00	None	HIVE Case #3853 COLS-NA-TIP-20-0291 (IP=133,US) | updated by wmp Block expiration extended with reason HIVE Case #3853 TO-S-2020-0804 COLS-NA-TIP-20-0291 (IP=133,US) | updated by dbc Block expiration extended with reason US TO-S-2021-0876 Hive Case 41
67.225.136.153	32	wmp	None	2020-09-03 00:00:00	2021-10-21 00:00:00	None	HIVE Case #3770 TO-S-2020-0779 COLS-NA-TIP-20-0280 (IP=153,US) | updated by dbc Block expiration extended with reason US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
67.225.138.93	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
67.225.139.250	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
67.225.140.132	32	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	US TO-S-2020-0838 Malicious Email Activity
67.225.140.236	32	jkc	None	2021-04-21 00:00:00	2021-10-21 00:00:00	None	Case # 5273 IOC_TO-S-2021-1233 Malicious callback IP
67.225.140.29	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	US TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
67.225.160.134	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
67.225.160.246	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	US Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
67.225.160.73	32	dbc	None	2020-09-17 00:00:00	2021-09-17 00:00:00	None	US TO-S-2020-0805 Malicious Email Activity
67.225.176.49	32	TLM	None	2021-07-29 00:00:00	2021-10-27 00:00:00	None	HIVE Case #5884 TO-S-2021-1435 (IP=49,US)
67.225.178.203	32	NAB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HIVE Case #5136 TO-S-21-1197 TO-S-21-1197.01 (IP=203,US)
67.225.188.35	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	US Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
67.225.189.182	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	US TO-S-2020-0698 Malicious Email Activity
67.225.198.62	32	NAB	None	2021-01-07 00:00:00	2021-04-07 00:00:00	None	HIVE Case #NA FP Security (IP=62,US)
67.225.201.19	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malware Activity
67.225.220.158	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
67.225.220.55	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	US Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
67.225.220.95	32	TLM	None	2021-07-29 00:00:00	2021-10-27 00:00:00	None	HIVE Case #5884 TO-S-2021-1435 (IP=95,US)
67.225.249.125	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	US TO-S-2020-0750 Malicious Email Activity
67.227.134.130	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
67.227.153.24	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
67.227.153.5	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	US TO-S-2020-0331 Malicious Email Activity
67.227.154.72	32	dbc	None	2020-09-23 00:00:00	2021-09-23 00:00:00	None	US TO-S-2020-0826 Hive Case 3950 Malicious Email Activity
67.227.155.82	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	US TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
67.227.165.115	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
67.227.169.233	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	US TO-S-2020-0750 Malicious Email Activity
67.227.186.136	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	US TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
67.227.186.219	32	wmp	None	2020-06-22 00:00:00	2021-07-29 00:00:00	None	HIVE Case #3071 COLS-NA-TIP-20-0188 (IP=219,US) | updated by dbc Block expiration extended with reason US TO-S-2020-0698 Malicious Email Activity
67.227.190.35	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
67.227.199.214	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	US TO-S-2020-0750 Malicious Email Activity
67.227.199.28	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
67.227.201.240	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	US TO-S-2020-0698 Malicious Email Activity
67.227.214.175	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=175,US)
67.227.226.240	32	NAB	None	2021-03-03 00:00:00	2021-06-01 00:00:00	None	HIVE Case #NA FP Security (IP=240,US)
67.227.237.155	32	NAB	None	2020-10-30 00:00:00	2021-01-28 00:00:00	None	HIVE Case #4238 COLS-NA-TIP-20-0344 (IP=155,US)
67.227.238.47	32	JKC	None	2020-06-11 00:00:00	2021-06-11 00:00:00	None	Malicious IP Hive Case 2987 COLS-NA TIP 20-0165 CTO 20-156 (ip=47, US)
67.227.255.23	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	US Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
67.23.224.169	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
67.23.225.17	32	TLM	None	2021-07-29 00:00:00	2021-10-27 00:00:00	None	HIVE Case #5884 TO-S-2021-1435 (IP=17,US)
67.23.226.119	32	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	US TO-S-2020-0838 Malicious Email Activity
67.23.254.14	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
67.23.254.199	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
67.231.253.67	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=67,US)
67.243.48.39	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=39,US)
67.243.52.89	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=89,US)
67.243.55.224	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=224,US)
67.245.47.15	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	US TO-S-2020-0698 Malware Activity
67.247.242.247	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malware Activity
67.249.38.160	32	RW	None	2020-12-08 00:00:00	2021-03-08 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=160,US)
67.43.12.208	32	wmp	None	2020-09-25 00:00:00	2021-10-08 00:00:00	None	HIVE Case #3980 COLS-NA-TIP-20-0305 (IP=208,US) | updated by dbc Block expiration extended with reason HIVE Case #4064 TO-S-2020-0859 (IP=208,US)
67.43.228.211	32	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5629 TO-S-2021-1303 (IP=211,CA)
67.43.7.232	32	TLM	None	2021-06-17 00:00:00	2021-12-17 00:00:00	None	HIVE Case #5644 TO-S-2021-1352 (IP=232,US)
67.44.160.67	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=67,US)
67.44.240.135	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=135,US)
67.44.240.45	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=45,US)
67.45.32.104	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=104,US)
67.45.32.189	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=189,US)
67.45.32.51	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=51,US)
67.45.32.53	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=53,US)
67.48.50.126	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=126,US)
67.52.89.130	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=130,US)
67.54.146.112	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=112,US)
67.54.153.62	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=62,US)
67.54.154.135	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=135,US)
67.55.68.164	32	GED	None	2020-12-04 00:00:00	2021-03-04 00:00:00	None	HIVE Case #NA FP CIO Policy (IP=164,US)
67.60.158.172	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=172,US)
67.60.183.60	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=60,US)
67.63.94.209	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=209,US)
67.75.2.39	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
67.90.183.25	32	dbc	None	2020-04-08 00:00:00	2021-04-08 00:00:00	None	US TO-S-2020-0419 Malware Activity
68.101.23.67	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=67,US)
68.109.159.237	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=237,US)
68.114.102.37	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=37,US)
68.117.196.134	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=134,US)
68.132.136.198	32	DT	None	2020-07-05 00:00:00	2021-10-08 00:00:00	None	HTTP: Grandstream UCM6200 SQL Injection Vulnerability (CVE-2020-5722) - Web Attacks (IP=198,US) | updated by dbc Block was inactive. Reactivated on 20201008 with reason HIVE Case #4064 TO-S-2020-0859 (IP=198,US)
68.14.253.117	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	US TO-S-2020-0331 Malicious Email Activity
68.149.146.163	24	EE	None	2021-03-19 00:00:00	2021-06-17 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - Web Attacks (IP=163,CA)
68.150.109.112	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=112,CA)
68.168.117.179	32	dbc	None	2020-03-24 00:00:00	2021-03-24 00:00:00	None	CA TO-S-2020-0369 Malicious Email Activity
68.168.210.162	32	TLM	None	2021-06-25 00:00:00	2021-12-25 00:00:00	None	HIVE Case #5704 TO-S-2021-1357 (IP=162,US)
68.169.48.179	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	US TO-S-2020-0698 Malicious Email Activity
68.169.51.212	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
68.171.150.160	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	US TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
68.183.0.191	32	BB	None	2021-09-18 00:00:00	2021-12-17 00:00:00	None	HTTP: Apache Struts2 XML Deserialization Remote Code Execution (CVE-2017-9805) - IR# 21C01889 (IP=191, US)
68.183.101.156	32	RR	None	2021-06-20 00:00:00	2021-09-18 00:00:00	None	SQL injection - Web Attacks (IP=156,US)
68.183.105.103	32	RR	None	2021-06-20 00:00:00	2021-09-18 00:00:00	None	SQL injection - Web Attacks (IP=103,US)
68.183.105.53	32	RR	None	2020-10-12 00:00:00	2021-01-10 00:00:00	None	OS-OTHER Bash CGI environment variable injection attempt - Web Attacks (IP=53,US)
68.183.105.55	32	RR	None	2021-06-20 00:00:00	2021-09-18 00:00:00	None	SQL injection - Web Attacks (IP=55,US)
68.183.106.183	32	RW	None	2021-03-13 00:00:00	2021-06-13 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=183,US)
68.183.107.114	32	RR	None	2021-06-20 00:00:00	2021-09-18 00:00:00	None	SQL injection - Web Attacks (IP=114,US)
68.183.107.119	32	RR	None	2021-06-20 00:00:00	2021-09-18 00:00:00	None	SQL injection - Web Attacks (IP=119,US)
68.183.108.85	32	RW	None	2021-03-10 00:00:00	2021-06-10 00:00:00	None	SQL injection - 6hr web attacks (IP=85,US)
68.183.113.133	32	RW	None	2021-08-10 00:00:00	2021-11-08 00:00:00	None	File /etc/passwd Access Attempt Detect - FE IPS (IP=133,US)
68.183.113.16	32	RR	None	2021-05-11 00:00:00	2021-08-09 00:00:00	None	Self Report / Scanning - TT# 21C01147 (IP=16,US)
68.183.114.108	32	RB	None	2021-05-07 00:00:00	2021-08-05 00:00:00	None	SQL injection - 6hr web attack (IP=108,US)
68.183.114.154	32	RR	None	2020-10-12 00:00:00	2021-01-10 00:00:00	None	OS-OTHER Bash CGI environment variable injection attempt - Web Attacks (IP=154,US)
68.183.114.172	32	KD	None	2021-08-10 00:00:00	2021-11-08 00:00:00	None	SERVER-WEBAPP JBoss JMX console access attempt - SourceFire (IP=172,US)
68.183.115.104	32	RR	None	2021-06-11 00:00:00	2021-09-09 00:00:00	None	SQL injection - Web Attacks (IP=104,US)
68.183.115.104	32	RR	None	2021-06-11 00:00:00	2021-09-09 00:00:00	None	SQL injection - Web Attacks (IP=104,US)
68.183.12.23	32	wmp	None	2021-05-06 00:00:00	2021-08-06 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=23,NL)
68.183.120.133	32	ZH	None	2021-09-08 00:00:00	2021-12-07 00:00:00	None	SERVER-APACHE Apache Struts remote code execution attempt - POST parameter - Sourcefire Rpt (IP=133,US)
68.183.120.209	32	ZH	None	2021-09-08 00:00:00	2021-12-07 00:00:00	None	SERVER-WEBAPP Atlassian Confluence OGNL injection remote code execution attempt - Sourcefire Rpt (IP=209,US)
68.183.122.29	32	RB	None	2021-05-07 00:00:00	2021-08-05 00:00:00	None	SQL injection - 6hr web attack (IP=29,US)
68.183.127.169	32	ZH	None	2021-09-08 00:00:00	2021-12-07 00:00:00	None	SQL injection - 6hr Web Attacks (IP=169,US)
68.183.128.113	32	RR	None	2021-06-11 00:00:00	2021-09-09 00:00:00	None	SERVER-WEBAPP YouPHPTube getImage.php command injection attempt - Web Attacks (IP=113,US)
68.183.128.113	32	RR	None	2021-06-11 00:00:00	2021-09-09 00:00:00	None	SERVER-WEBAPP YouPHPTube getImage.php command injection attempt - Web Attacks (IP=113,US)
68.183.128.159	32	BMP	None	2021-08-15 00:00:00	2021-11-13 00:00:00	None	SERVER-WEBAPP YouPHPTube getImageMP4.php command injection attempt (1:51925:4) - SoureFire (IP=159,US)
68.183.128.215	32	RR	None	2021-06-11 00:00:00	2021-09-09 00:00:00	None	SQL injection - Web Attacks (IP=215,US)
68.183.128.215	32	RR	None	2021-06-11 00:00:00	2021-09-09 00:00:00	None	SQL injection - Web Attacks (IP=215,US)
68.183.128.248	32	wmp	None	2021-02-18 00:00:00	2021-05-18 00:00:00	None	Imperva Nuclei Vulnerability Scanner (IP=248,US)
68.183.128.251	32	RR	None	2021-05-11 00:00:00	2021-08-09 00:00:00	None	Self Report / Scanning - TT# 21C01150 (IP=251,US)
68.183.129.39	32	RB	None	2020-12-02 00:00:00	2021-03-02 00:00:00	None	SERVER-WEBAPP Oracle WebLogic Server command injection attempt - Sourcefire (IP=39,US)
68.183.13.46	24	GM	None	2021-03-24 00:00:00	2021-06-24 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=46,NL)
68.183.131.95	32	CR	None	2021-06-24 00:00:00	2021-09-22 00:00:00	None	Command Injection_ABC report (IP=95,US)
68.183.132.19	32	RW	None	2021-02-19 00:00:00	2021-05-19 00:00:00	None	HTTP: SQL Injection - Exploit - 6hr web attacks (IP=19,US)
68.183.133.121	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=121,US)
68.183.133.173	32	wmp	None	2021-02-18 00:00:00	2021-05-18 00:00:00	None	Imperva Nuclei Vulnerability Scanner (IP=173,US)
68.183.134.23	32	GM	None	2020-11-22 00:00:00	2021-02-22 00:00:00	None	SERVER-WEBAPP JBoss JMXInvokerServlet access attempt - Web Attacks (IP=23,US)
68.183.136.225	32	RB	None	2021-02-17 00:00:00	2021-05-17 00:00:00	None	Nuclei Vulnerability Scanner - IPS Events (IP=225,US) | updated by wmp Block expiration extended with reason FireEye IPS Nuclei Vulnerability Scanner (IP=225,US) FireEye IPS Nuclei Vulnerability Scanner (IP=225,US)
68.183.136.225	32	wmp	None	2021-02-17 00:00:00	2021-05-17 00:00:00	None	Nuclei Vulnerability Scanner - IPS Events (IP=225,US) | updated by wmp Block expiration extended with reason FireEye IPS Nuclei Vulnerability Scanner (IP=225,US) FireEye IPS Nuclei Vulnerability Scanner (IP=225,US)
68.183.136.252	32	RR	None	2021-06-11 00:00:00	2021-09-09 00:00:00	None	SQL injection - Web Attacks (IP=252,US)
68.183.136.252	32	RR	None	2021-06-11 00:00:00	2021-09-09 00:00:00	None	SQL injection - Web Attacks (IP=252,US)
68.183.137.172	32	wmp	None	2021-02-18 00:00:00	2021-05-18 00:00:00	None	Imperva Nuclei Vulnerability Scanner (IP=172,US)
68.183.137.185	32	ZH	None	2021-06-12 00:00:00	2021-09-10 00:00:00	None	Adobe ColdFusion Administrator Access Restriction - 6hr Web Attacks (IP=185,US)
68.183.137.185	32	ZH	None	2021-06-12 00:00:00	2021-09-10 00:00:00	None	Adobe ColdFusion Administrator Access Restriction - 6hr Web Attacks (IP=185,US)
68.183.137.68	32	GM	None	2021-02-19 00:00:00	2021-05-19 00:00:00	None	SQL 1 = 1 - possible sql injection attempt - Sourcefire (IP=68,US)
68.183.138.112	32	BMP	None	2021-03-08 00:00:00	2021-06-08 00:00:00	None	SERVER-WEBAPP Apache Struts remote code execution attempt - SourceFire (IP=112,US)
68.183.139.81	32	DT	None	2021-03-21 00:00:00	2021-06-19 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=81,US)
68.183.139.84	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
68.183.14.152	32	wmp	None	2021-02-11 00:00:00	2021-05-11 00:00:00	None	Firepower Suspicious Scan Activity (IP=152,NL)
68.183.14.161	32	wmp	None	2021-02-10 00:00:00	2021-05-10 00:00:00	None	Firepower Suspicious Scan Activity (IP=161,NL)
68.183.140.197	32	wmp	None	2021-02-18 00:00:00	2021-05-18 00:00:00	None	Imperva Nuclei Vulnerability Scanner (IP=197,US)
68.183.140.232	32	RR	None	2021-06-11 00:00:00	2021-09-09 00:00:00	None	HTTP: SQL Injection - Exploit - Web Attacks (IP=232,US)
68.183.140.232	32	RR	None	2021-06-11 00:00:00	2021-09-09 00:00:00	None	HTTP: SQL Injection - Exploit - Web Attacks (IP=232,US)
68.183.140.74	32	GM	None	2021-02-19 00:00:00	2021-05-19 00:00:00	None	SERVER-WEBAPP Symantec Messaging Gateway KavaChart Component directory traversal attempt - Web Attacks (IP=66,US)
68.183.140.93	32	DT	None	2021-03-30 00:00:00	2021-06-28 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=93,US)
68.183.141.119	32	wmp	None	2021-02-18 00:00:00	2021-05-18 00:00:00	None	Imperva Nuclei Vulnerability Scanner (IP=119,US)
68.183.141.191	32	DT	None	2021-07-26 00:00:00	2021-10-25 00:00:00	None	SQL 1 = 1 - possible sql injection attempt - SourceFire (IP=191,US) | updated by RR Block expiration extended with reason MULTIPLE UNRECOGNIZED TECHNIQUES; FORWARD TO DEV TEAM - Automated Block (IP=191,US) MULTIPLE UNRECOGNIZED TECHNIQUES; FORWARD TO DEV TEAM - Automated Block (IP=191,US)
68.183.141.191	32	RR	None	2021-07-27 00:00:00	2021-10-25 00:00:00	None	SQL 1 = 1 - possible sql injection attempt - SourceFire (IP=191,US) | updated by RR Block expiration extended with reason MULTIPLE UNRECOGNIZED TECHNIQUES; FORWARD TO DEV TEAM - Automated Block (IP=191,US) MULTIPLE UNRECOGNIZED TECHNIQUES; FORWARD TO DEV TEAM - Automated Block (IP=191,US)
68.183.143.46	32	ZH	None	2021-09-08 00:00:00	2021-12-07 00:00:00	None	SERVER-WEBAPP Facade Ignition remote code execution attempt - Sourcefire Rpt (IP=46,US)
68.183.143.65	32	DT	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr web attacks (IP=65,US)
68.183.143.65	32	DT	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr web attacks (IP=65,US)
68.183.146.43	32	DT	None	2021-02-20 00:00:00	2021-05-21 00:00:00	None	Unauthorized Access-Probe - TT# 21C00523 (IP=43,US)
68.183.147.132	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	US TO-S-2020-0493 Malware Activity
68.183.153.128	32	RB	None	2021-05-16 00:00:00	2021-08-14 00:00:00	None	SQL injection - 6hr web attacks (IP=128,US)
68.183.156.128	32	RR	None	2021-06-13 00:00:00	2021-09-11 00:00:00	None	SQL injection - Web Attacks (IP=128,US)
68.183.170.114	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malware Activity
68.183.178.57	24	EE SERVER-WEBAPP	None	2021-03-19 00:00:00	2021-06-17 00:00:00	None	PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=57,SG)
68.183.18.169	32	KH	None	2021-09-28 00:00:00	2021-12-27 00:00:00	None	Malicious network activity observed - Manual report (IP=169,US)
68.183.185.77	24	GM	None	2021-03-24 00:00:00	2021-06-24 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=77,SG)
68.183.188.21	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	SG Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
68.183.19.8	32	RB	None	2021-04-07 00:00:00	2021-07-06 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Sourcefire (IP=8,US)
68.183.190.199	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	SG TO-S-2021-0876 Hive Case 4166 Malware Activity
68.183.194.100	32	wmp	None	2021-06-15 00:00:00	2021-09-15 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=100,CA)
68.183.194.100	24	GM	None	2020-11-01 00:00:00	2021-02-01 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=100,CA)
68.183.195.79	32	wmp	None	2021-06-29 00:00:00	2021-09-29 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=79,CA)
68.183.197.255	32	wmp	None	2021-05-13 00:00:00	2021-08-13 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=255,CA)
68.183.198.68	32	wmp	None	2021-05-13 00:00:00	2021-08-13 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=68,CA)
68.183.199.114	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	CA TO-S-2020-0493 Malware Activity
68.183.20.226	32	BB	None	2021-08-11 00:00:00	2021-11-09 00:00:00	None	MULTIPLE UNRECOGNIZED TECHNIQUES; FORWARD TO DEV TEAM - ABC (IP=226,US)
68.183.20.69	32	CR	None	2021-05-04 00:00:00	2021-08-03 00:00:00	None	SQL injection - 6hr Web Attacks (IP=69,US)
68.183.201.105	24	GM	None	2020-11-03 00:00:00	2021-02-03 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=105,CA)
68.183.203.120	32	wmp	None	2021-05-13 00:00:00	2021-08-13 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=120,CA)
68.183.205.35	32	wmp	None	2021-06-15 00:00:00	2021-09-15 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=35,CA)
68.183.21.153	32	SW	None	2021-08-10 00:00:00	2021-11-08 00:00:00	None	SERVER-WEBAPP Symantec Messaging Gateway KavaChart Component directory traversal attempt (1:40451:2) - SourceFire (IP=153, US)
68.183.21.230	32	KD	None	2021-08-10 00:00:00	2021-11-08 00:00:00	None	SERVER-APACHE Apache Tomcat mod_jk access control bypass attempt - SourceFire (IP=230,US)
68.183.213.173	24	BMP	None	2021-05-11 00:00:00	2021-08-09 00:00:00	None	SQL injection - 6hr Web Attacks (IP=173,DE)
68.183.214.170	24	BMP	None	2021-05-11 00:00:00	2021-08-09 00:00:00	None	SQL injection - 6hr Web Attacks (IP=170,DE)
68.183.214.242	24	BMP	None	2021-05-11 00:00:00	2021-08-09 00:00:00	None	SQL injection - 6hr Web Attacks (IP=242,DE)
68.183.215.47	24	EE	None	2021-03-28 00:00:00	2021-06-26 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks(IP=47,DE)
68.183.216.204	24	RR	None	2021-05-02 00:00:00	2021-07-31 00:00:00	None	SQL injection - Web Attacks (IP=204,DE)
68.183.218.21	24	RB	None	2021-05-02 00:00:00	2021-07-31 00:00:00	None	SQL injection - 6hr web attacks (IP=21,DE)
68.183.221.236	24	RB	None	2021-05-02 00:00:00	2021-07-31 00:00:00	None	SQL injection - 6hr web attacks (IP=236,DE)
68.183.222.189	24	RR	None	2021-05-02 00:00:00	2021-07-31 00:00:00	None	SQL injection - Web Attacks (IP=189,DE)
68.183.23.237	32	ZH	None	2021-07-05 00:00:00	2021-10-03 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire Rpt (IP=237,US)
68.183.24.25	32	SW	None	2021-08-10 00:00:00	2021-11-08 00:00:00	None	SERVER-WEBAPP JBoss JMX console access attempt (1:21516:9) - SourceFire (IP=25, US)
68.183.24.70	32	SW	None	2021-08-10 00:00:00	2021-11-08 00:00:00	None	SERVER-WEBAPP Avtech IP Camera machine.cgi information disclosure attempt (1:41697:2) - SourceFire (IP=70, US)
68.183.26.70	32	GM	None	2021-04-22 00:00:00	2021-07-21 00:00:00	None	Command Injection - Web Attacks (IP=70,US)
68.183.26.70	32	EE	None	2021-04-22 00:00:00	2021-07-21 00:00:00	None	Command Injection - ABC (IP=70,US)
68.183.29.31	32	FT	None	2021-03-27 00:00:00	2021-06-25 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=31,US)
68.183.3.18	32	DT	None	2021-08-31 00:00:00	2021-11-30 00:00:00	None	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - TT# 21C01705 (IP=18,NL)
68.183.3.38	24	GM	None	2021-03-27 00:00:00	2021-06-26 00:00:00	None	SERVER-WEBAPP JBoss JMX console access attempt - Web Attacks (IP=38,NL) | updated by EE Block expiration extended with reason SERVER-WEBAPP JBoss JMX console access attempt - Web Attacks (IP=38,NL) SERVER-WEBAPP JBoss JMX console access attempt - Web A
68.183.3.38	24	EE	None	2021-03-28 00:00:00	2021-06-26 00:00:00	None	SERVER-WEBAPP JBoss JMX console access attempt - Web Attacks (IP=38,NL) | updated by EE Block expiration extended with reason SERVER-WEBAPP JBoss JMX console access attempt - Web Attacks (IP=38,NL) SERVER-WEBAPP JBoss JMX console access attempt - Web A
68.183.32.218	24	RB	None	2021-04-05 00:00:00	2021-07-04 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr web attacks (IP=218,GB)
68.183.4.179	24	EE	None	2021-04-12 00:00:00	2021-07-11 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire (IP=179,NL)
68.183.41.73	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	GB Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
68.183.48.142	32	KD	None	2021-06-08 00:00:00	2021-09-07 00:00:00	None	Adobe ColdFusion Administrator Access Restriction- Web Attacks (IP=142,US)
68.183.51.184	32	RR	None	2021-06-13 00:00:00	2021-09-11 00:00:00	None	SQL injection - Web Attacks (IP=184,US)
68.183.60.156	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	US TO-S-2020-0493 Malware Activity
68.183.62.169	32	CR	None	2021-06-08 00:00:00	2021-09-07 00:00:00	None	Apache Struts CVE-2012-0393 Arbitrary File Overwrite Vulnerability - FE IPS Events (IP=169,US)
68.183.62.169	32	KD	None	2021-06-08 00:00:00	2021-09-07 00:00:00	None	SQL union select - possible sql injection attempt - POST parameter- Web Attacks (IP=169,US)
68.183.64.210	24	DT	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=210,DE)
68.183.64.210	24	DT	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=210,DE)
68.183.65.150	24	RW	None	2021-05-02 00:00:00	2021-08-02 00:00:00	None	SQL injection - Web attacks (IP=150,DE)
68.183.65.97	24	RW	None	2021-05-02 00:00:00	2021-08-02 00:00:00	None	SQL injection - Web attacks (IP=97,DE)
68.183.68.11	24	RR	None	2021-05-02 00:00:00	2021-07-31 00:00:00	None	SQL injection - Web Attacks (IP=11,DE)
68.183.69.63	24	RW	None	2021-05-02 00:00:00	2021-08-02 00:00:00	None	HTTP SQL Injection Attempt - Web attacks (IP=63,DE)
68.183.70.171	24	RW	None	2021-05-01 00:00:00	2021-08-01 00:00:00	None	SQL injection - Web attacks (IP=171,DE)
68.183.71.51	24	DT	None	2021-03-30 00:00:00	2021-06-28 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=51,DE)
68.183.72.37	24	RR	None	2021-05-02 00:00:00	2021-07-31 00:00:00	None	SQL injection - Web Attacks (IP=37,DE)
68.183.74.155	24	CR	None	2021-04-30 00:00:00	2021-07-30 00:00:00	None	HTTP SQL injection_Web Attack Report (IP=155,DE)
68.183.75.150	32	wmp	None	2021-05-11 00:00:00	2021-08-11 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=150,DE)
68.183.76.81	24	DT	None	2021-03-23 00:00:00	2021-06-21 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=81,DE)
68.183.77.100	24	RR	None	2021-05-02 00:00:00	2021-07-31 00:00:00	None	SQL injection - Web Attacks (IP=100,DE)
68.183.79.184	24	BMP	None	2021-05-11 00:00:00	2021-08-09 00:00:00	None	SQL injection - 6hr Web Attacks (IP=184,DE)
68.183.80.0	20	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,IN)
68.183.9.222	32	RR	None	2021-08-31 00:00:00	2021-11-30 00:00:00	None	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - TT# 21C01697 (IP=222,US)
68.183.97.24	32	GM	None	2021-03-27 00:00:00	2021-06-25 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=24,US)
68.183.97.59	32	RR	None	2021-06-20 00:00:00	2021-09-18 00:00:00	None	SQL injection - Web Attacks (IP=59,US)
68.183.98.134	32	RR	None	2021-05-11 00:00:00	2021-08-09 00:00:00	None	Self Report / Scanning - TT# 21C01146 (IP=134,US)
68.183.99.54	32	RR	None	2021-06-20 00:00:00	2021-09-18 00:00:00	None	SQL injection - Web Attacks (IP=54,US)
68.186.230.55	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=55,US)
68.187.6.2	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=2,US)
68.187.6.2	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=2,US) Web (HTTP) Attacks (IP=2,US)
68.188.112.97	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malware Activity
68.189.7.45	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=45,US)
68.195.194.92	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=92,US)
68.197.33.124	32	SW	None	2021-06-09 00:00:00	2021-09-07 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Web Attacks(IP=124, US)
68.230.60.147	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=147,US)
68.235.178.32	24	EE	None	2021-07-14 00:00:00	2021-10-12 00:00:00	None	HIVE Case #5791 IOC_SolarWinds-Serv-U (IP=32,CA)
68.235.57.252	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	US TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
68.237.82.182	32	DT	None	2021-09-09 00:00:00	2021-12-08 00:00:00	None	SQL injection - Web Attacks (IP=182,US)
68.35.131.125	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=125,US)
68.44.137.144	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malware Activity
68.46.202.8	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=8,US)
68.63.50.179	32	GM	None	2020-11-21 00:00:00	2021-02-21 00:00:00	None	FTP Login Failed - Failed Logons (IP=179,US)
68.64.210.87	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	US TO-S-2020-0493 Malware Activity
68.65.120.181	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	US TO-S-2020-0303 Malware Activity
68.65.121.154	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
68.65.121.192	32	NAB	None	2021-04-05 00:00:00	2021-07-04 00:00:00	None	HIVE Case #5201 TO-S-21-1209 (IP=192,US)
68.65.122.201	32	TLM	None	2021-07-29 00:00:00	2021-10-27 00:00:00	None	HIVE Case #5884 TO-S-2021-1435 (IP=201,US)
68.65.122.216	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	US TO-S-2020-0331 Malware Activity
68.65.122.50	32	NAB	None	2021-01-11 00:00:00	2021-04-11 00:00:00	None	HIVE Case #NA FP Security (IP=50,US)
68.65.123.125	32	wmp	None	2020-07-17 00:00:00	2021-09-17 00:00:00	None	HIVE Case #3361 COLS-NA-TIP-20-0227 (IP=125,US) | updated by dbc Block expiration extended with reason US TO-S-2020-0805 Malicious Email Activity
68.65.123.156	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
68.65.123.191	32	dbc	None	2020-06-10 00:00:00	2021-06-10 00:00:00	None	Unaffiliated TO-S-2020-0601 Malicious Email Activity
68.65.123.226	32	dbc	None	2020-04-08 00:00:00	2021-04-08 00:00:00	None	US TO-S-2020-0419 Malicious Email Activity
68.65.123.232	32	NAB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HIVE Case #5136 TO-S-21-1197 TO-S-21-1197.01 (IP=232,US)
68.65.123.235	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=235,US)
68.65.22.221	32	JKC	None	2020-06-11 00:00:00	2021-06-11 00:00:00	None	Malicious IP Hive Case 2987 COLS-NA TIP 20-0165 CTO 20-156 (ip=221, US)
68.66.193.125	32	dbc	None	2020-05-13 00:00:00	2021-05-13 00:00:00	None	Unaffiliated TO-S-2020-0503 Malicious Email Activity
68.66.200.210	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
68.66.200.211	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
68.66.200.214	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
68.66.216.20	32	NAB	None	2020-10-28 00:00:00	2021-11-03 00:00:00	None	HIVE Case #4192 COLS-NA-TIP-20-0322 (IP=20,US) | updated by dbc Block expiration extended with reason US Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
68.66.216.27	32	wmp	None	2018-09-13 05:00:00	2021-01-28 00:00:00	None	COLS-NA TIP 18-0336 (IP=27,US) | updated by dbc with reason US TO-S-2018-1141 Malicious Email Activity | updated by NAB Block was inactive. Reactivated on 20201030 with reason HIVE Case #4238 COLS-NA-TIP-20-0344 (IP=27,US)
68.66.216.41	32	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	US TO-S-2020-0838 Malicious Email Activity
68.66.224.30	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=30,US)
68.66.224.40	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
68.66.224.54	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	US Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
68.66.224.54	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	US Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
68.66.224.56	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	US Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
68.66.224.56	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	US Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
68.66.226.68	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	US Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
68.66.226.73	32	dbc	None	2020-06-08 00:00:00	2021-06-08 00:00:00	None	US TO-S-2020-0592 Malicious Email Activity
68.66.226.75	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	US TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
68.66.226.80	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
68.66.226.82	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=82,US)
68.66.226.83	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	US Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
68.66.228.6	32	GLM	None	2018-11-08 06:00:00	2021-04-23 00:00:00	None	SQL 1 = 1 - possible sql injection attempt (IP=6,US) | updated by dbc Block was inactive. Reactivated on 20200423 with reason US TO-S-2020-0459 Malware Activity
68.66.248.12	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	US TO-S-2020-0303 Malicious Web Application Activity
68.66.248.16	32	dbc	None	2020-09-17 00:00:00	2021-09-17 00:00:00	None	US TO-S-2020-0805 Malicious Email Activity
68.66.248.24	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
68.66.248.36	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	US TO-S-2020-0698 Malicious Email Activity
68.67.75.66	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	US TO-S-2020-0698 Malicious Email Activity
68.70.164.19	32	wmp	None	2020-08-17 00:00:00	2021-10-08 00:00:00	None	HIVE Case #3559 COLS-NA-TIP-20-0258 (IP=19,US) | updated by dbc Block expiration extended with reason HIVE Case #4064 TO-S-2020-0859 (IP=19,US)
68.70.164.5	32	dbc	None	2020-09-17 00:00:00	2021-09-17 00:00:00	None	US TO-S-2020-0805 Malicious Email Activity
68.70.205.2	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=2,DE)
68.79.13.83	24	RW	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr web attacks (IP=83,CN)
68.80.105.179	32	BMP	None	2020-12-31 00:00:00	2021-03-31 00:00:00	None	SSH User Authentication Brute Force Attempt - 6hr Failed Logons (IP=179,US)
68.97.127.113	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=113,US)
69.1.115.10	32	UA	None	2021-07-08 00:00:00	2021-10-06 00:00:00	None	SQL injection - Web Attacks (IP=10,US)
69.1.49.165	32	RW	None	2021-01-28 00:00:00	2021-04-28 00:00:00	None	FTPP_FTP_RESPONSE_LENGTH_OVERFLOW - Sourcefire (IP=165,US)
69.10.120.81	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=81,US)
69.10.34.37	32	dbc	None	2020-09-17 00:00:00	2021-09-17 00:00:00	None	US TO-S-2020-0805 Malicious Email Activity
69.10.48.106	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
69.10.63.245	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	US TO-S-2021-1007 Malware Activity
69.11.103.191	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	CA TO-S-2020-0459 Malware Activity
69.113.103.167	32	BMP	None	2021-06-23 00:00:00	2021-09-21 00:00:00	None	SQL injection - 6hr Web Attacks (IP=167,US)
69.12.71.82	32	TLM	None	2021-06-17 00:00:00	2021-12-17 00:00:00	None	HIVE Case #5644 TO-S-2021-1352 (IP=82,US)
69.12.85.102	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=102,US)
69.13.44.164	32	wmp	None	2020-09-22 00:00:00	2021-11-03 00:00:00	None	HIVE Case #3941 TO-S-2020-0821 COLS-NA-TIP-20-0298 (IP=164,US) | updated by dbc Block expiration extended with reason US Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
69.13.47.36	32	dbc	None	2020-06-08 00:00:00	2021-06-08 00:00:00	None	US TO-S-2020-0592 Malware Activity
69.131.160.100	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
69.133.12.87	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	US TO-S-2020-0493 Malware Activity
69.133.153.72	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=72,US)
69.134.38.10	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
69.136.107.25	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=25,US)
69.137.83.17	32	BMP	None	2021-02-13 00:00:00	2021-05-13 00:00:00	None	SQL injection - 6 HR Web Attack (IP=17,US)
69.144.70.52	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	MULTIPLE UNRECOGNIZED TECHNIQUES; FORWARD TO DEV TEAM (IP=52,US)
69.145.182.187	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=187,US)
69.156.106.131	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	CA TO-S-2020-0298 Malicious Email Activity
69.16.193.166	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malware Activity
69.16.196.213	32	NAB	None	2021-07-19 00:00:00	2021-10-17 00:00:00	None	HIVE Case #NA FP Security (IP=213,US)
69.16.219.17	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
69.16.238.239	32	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	US TO-S-2020-0838 Malicious Email Activity
69.16.249.224	32	wmp	None	2020-09-16 00:00:00	2021-11-03 00:00:00	None	HIVE Case #3904 COLS-NA-TIP-20-0292 (IP=224,US) | updated by dbc Block expiration extended with reason US Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
69.16.249.73	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	US TO-S-2020-0331 Malicious Email Activity
69.16.254.206	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
69.160.6.0	24	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	MM TO-S-2020-0331 Malicious Web Application Activity
69.162.114.204	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	US TO-S-2020-0698 Malicious Email Activity
69.162.73.82	32	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	US TO-S-2020-0838 Malicious Email Activity
69.162.80.53	32	wmp	None	2020-08-26 00:00:00	2021-10-08 00:00:00	None	HIVE Case #3650 COLS-NA-TIP-20-0271 (IP=53,US) | updated by dbc Block expiration extended with reason HIVE Case #4064 TO-S-2020-0859 (IP=53,US)
69.162.80.60	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
69.162.81.50	32	GM	None	2020-10-14 00:00:00	2021-01-14 00:00:00	None	SQL union select - possible sql injection attempt - GET parameter - Web Attacks (IP=50,US)
69.162.9.81	32	dbc	None	2020-05-22 00:00:00	2021-05-27 00:00:00	None	Unafilliated TO-S-2020-0559 Malicious Email Activity | updated by dbc Block expiration extended with reason Unafilliated TO-S-2020-0559.01 Malicious Email Activity
69.162.98.70	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	US TO-S-2021-0941 Hive Case 4361 Malicious Web Application Activity
69.162.98.84	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=84,GB)
69.163.152.143	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	US TO-S-2020-0493 Malware Activity
69.163.155.229	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	US TO-S-2020-0698 Malicious Email Activity
69.163.178.74	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=74,US)
69.163.215.247	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	US TO-S-2020-0493 Malware Activity
69.163.219.159	32	dbc	None	2020-09-23 00:00:00	2021-09-23 00:00:00	None	US TO-S-2020-0826 Hive Case 3950 Malicious Email Activity
69.163.224.52	32	TLM	None	2021-06-17 00:00:00	2021-12-17 00:00:00	None	HIVE Case #5644 TO-S-2021-1352 (IP=52,US)
69.163.224.57	32	TLM	None	2021-06-17 00:00:00	2021-12-17 00:00:00	None	HIVE Case #5644 TO-S-2021-1352 (IP=57,US)
69.163.224.62	32	TLM	None	2021-06-17 00:00:00	2021-12-17 00:00:00	None	HIVE Case #5644 TO-S-2021-1352 (IP=62,US)
69.163.224.64	32	TLM	None	2021-06-17 00:00:00	2021-12-17 00:00:00	None	HIVE Case #5644 TO-S-2021-1352 (IP=64,US)
69.163.226.255	32	TLM	None	2021-06-17 00:00:00	2021-12-17 00:00:00	None	HIVE Case #5644 TO-S-2021-1352 (IP=255,US)
69.163.228.128	32	TLM	None	2021-06-17 00:00:00	2021-12-17 00:00:00	None	HIVE Case #5644 TO-S-2021-1352 (IP=128,US)
69.163.238.9	32	dbc	None	2020-03-24 00:00:00	2021-03-24 00:00:00	None	US TO-S-2020-0369 Malicious Email Activity
69.164.202.142	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	US TO-S-2020-0298 Malware Activity
69.164.210.169	32	BMP	None	2021-06-04 00:00:00	2021-09-02 00:00:00	None	HTTP: SQL Injection - Exploit - 6hr Web Attacks (IP=169,US)
69.164.211.151	32	DT	None	2021-08-16 00:00:00	2021-11-14 00:00:00	None	HTTP: Apache Struts2 Remote Command Execution Vulnerability - TT# 21C01563 (IP=151,US)
69.164.211.205	32	KH	None	2021-08-17 00:00:00	2021-11-15 00:00:00	None	HTTP: Apache Struts2 XML Deserialization Remote Code Execution (CVE-2017-9805) - IR# 21C01567 (IP=205,US)
69.164.211.23	32	BB	None	2021-08-23 00:00:00	2021-11-21 00:00:00	None	SERVER-APACHE Apache Struts2 blacklisted method redirect - SourceFire (IP=23,US)
69.164.211.236	24	BB	None	2021-08-23 00:00:00	2021-11-21 00:00:00	None	SERVER-APACHE Apache Struts2 blacklisted method redirect - SourceFire (IP=236,US)
69.164.211.242	32	KH	None	2021-08-17 00:00:00	2021-11-15 00:00:00	None	HTTP: Apache Struts2 XML Deserialization Remote Code Execution (CVE-2017-9805) - IR# 21C01567 (IP=242,US)
69.164.211.249	32	KH	None	2021-08-17 00:00:00	2021-11-15 00:00:00	None	HTTP: Apache Struts2 XML Deserialization Remote Code Execution (CVE-2017-9805) - IR# 21C01567 (IP=249,US)
69.164.211.6	32	KH	None	2021-08-17 00:00:00	2021-11-15 00:00:00	None	HTTP: Apache Struts2 XML Deserialization Remote Code Execution (CVE-2017-9805) - IR# 21C01567 (IP=6,US)
69.164.211.71	32	KH	None	2021-08-17 00:00:00	2021-11-15 00:00:00	None	HTTP: Apache Struts2 XML Deserialization Remote Code Execution (CVE-2017-9805) - IR# 21C01567 (IP=71,US)
69.164.212.25	32	ZH	None	2021-07-19 00:00:00	2021-10-17 00:00:00	None	HTTP Request Brute Force Attack - 6hr Failed Logons (IP=25,US)
69.164.215.100	32	AR	None	2021-08-29 00:00:00	2021-11-27 00:00:00	None	SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1272 attack attempt - 6hr Web Attack (IP=100,US)
69.164.215.19	32	ZH	None	2021-07-20 00:00:00	2021-10-18 00:00:00	None	SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1272 attack attempt - 6hr Web Attacks (IP=19,US)
69.164.216.31	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	US TO-S-2020-0493 Malware Activity
69.164.217.152	32	RW	None	2021-09-01 00:00:00	2021-11-30 00:00:00	None	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - TT# 21C01716 (IP=152,US)
69.164.217.156	32	RW	None	2021-09-01 00:00:00	2021-11-30 00:00:00	None	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - TT# 21C01720 (IP=156,US)
69.164.217.160	32	RT	None	2021-09-01 00:00:00	2021-11-30 00:00:00	None	Multiple IP Block/HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - TT# 21C01731 (IP=160,US)
69.164.217.167	32	RT	None	2021-09-01 00:00:00	2021-11-30 00:00:00	None	Multiple IP Block/HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - TT# 21C01731 (IP=167,US)
69.164.217.173	32	RT	None	2021-09-01 00:00:00	2021-11-30 00:00:00	None	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - TT# 21C01726 (IP=173,US)
69.166.233.250	32	BMP	None	2020-10-30 00:00:00	2021-01-30 00:00:00	None	Unauthorized Access-Probe // UDP: Host Sweep - TT# 21C00195 (IP=250,US)
69.167.136.153	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=153,US)
69.167.137.215	32	wmp	None	2020-09-16 00:00:00	2021-10-29 00:00:00	None	HIVE Case #3909 COLS-NA-TIP-20-0296 (IP=215,US) | updated by dbc Block expiration extended with reason US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
69.167.139.164	32	dbc	None	2020-06-10 00:00:00	2021-06-10 00:00:00	None	Unaffiliated TO-S-2020-0601 Malicious Email Activity
69.167.151.209	32	dbc	None	2020-06-08 00:00:00	2021-06-08 00:00:00	None	US TO-S-2020-0592 Malware Activity
69.167.161.84	32	dbc	None	2020-03-24 00:00:00	2021-03-24 00:00:00	None	US TO-S-2020-0369 Malicious Email Activity
69.167.169.157	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	US Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
69.167.175.226	32	dbc	None	2020-09-23 00:00:00	2021-09-23 00:00:00	None	US TO-S-2020-0826 Hive Case 3950 Malicious Email Activity
69.167.27.41	32	FT	None	2020-10-30 00:00:00	2021-01-30 00:00:00	None	Unauthorized Access-Probe - TT# 21C00206 (IP=41,US)
69.168.106.133	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	US TO-S-2020-0535 Malicious Email Activity
69.171.251.6	32	GM	None	2020-11-05 00:00:00	2021-02-05 00:00:00	None	SERVER-WEBAPP Ulterius web server directory traversal attempt - Web Attacks (IP=6,US)
69.172.189.156	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	CA TO-S-2020-0493 Malware Activity
69.172.201.217	32	dbc	None	2020-06-10 00:00:00	2021-06-10 00:00:00	None	Unaffiliated TO-S-2020-0601 Malicious Email Activity
69.172.64.0	20	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	HK Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
69.174.100.17	24	FT	None	2021-01-23 00:00:00	2021-04-23 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=17,NL)
69.174.115.163	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	US TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
69.175.19.112	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=112,US)
69.175.89.170	32	GM	None	2020-11-28 00:00:00	2021-02-28 00:00:00	None	SSLv2 Client Hello Request Detected - FireEye CMS (IP=170,US)
69.176.80.0	20	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	HK TO-S-2020-0750 Malicious Email Activity
69.194.236.137	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=137,US)
69.195.124.178	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
69.195.124.239	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=239,US)
69.195.43.82	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	US TO-S-2020-0331 Malware Activity
69.195.69.230	32	NAB	None	2021-03-19 00:00:00	2021-06-17 00:00:00	None	HIVE Case #NA FP Security (IP=230,US)
69.196.152.81	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	CA TO-S-2020-0303 Malicious Email Activity
69.197.143.12	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	US TO-S-2020-0298 Malware Activity
69.197.177.106	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
69.197.177.107	32	wmp	None	2020-08-17 00:00:00	2021-10-08 00:00:00	None	HIVE Case #3560 COLS-NA-TIP-20-0259 (IP=107,US) | updated by wmp Block expiration extended with reason HIVE Case #3601 COLS-NA-TIP-20-0260 (IP=107,US) | updated by dbc Block expiration extended with reason HIVE Case #4064 TO-S-2020-0859 (IP=107,US)
69.197.179.238	32	NAB	None	2020-10-30 00:00:00	2021-01-28 00:00:00	None	HIVE Case #4238 COLS-NA-TIP-20-0344 (IP=238,US)
69.20.95.4	32	EE	None	2021-04-22 00:00:00	2021-07-22 00:00:00	None	TO-S-2021-1251(1)/TELNET Attempt - TT# 21C01046 (IP=4,US)
69.226.189.86	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=86,US)
69.226.207.86	32	GM	None	2020-12-27 00:00:00	2021-03-27 00:00:00	None	SSH User Authentication Brute Force Attempt - Failed Logons (IP=86,US)
69.250.189.181	32	BB	None	2021-09-19 00:00:00	2021-12-18 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 21C01898 (IP=, 181US)
69.27.47.10	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
69.27.8.34	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=34,US)
69.30.203.214	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malware Activity
69.30.223.98	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	US TO-S-2020-0331 Malicious Email Activity
69.31.136.5	32	JKC	None	2020-06-11 00:00:00	2021-06-11 00:00:00	None	Malicious IP Hive Case 2987 COLS-NA TIP 20-0165 CTO 20-156 (ip=5, US)
69.36.170.175	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
69.4.94.19	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	NL TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
69.46.6.238	32	NAB	None	2020-11-12 00:00:00	2021-11-19 00:00:00	None	HIVE Case #4296 COLS-NA-TIP-20-0347 (IP=238,US) | updated by dbc Block expiration extended with reason US TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
69.49.228.195	32	TLM	None	2021-07-29 00:00:00	2021-10-27 00:00:00	None	HIVE Case #5884 TO-S-2021-1435 (IP=195,US)
69.49.228.200	32	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5629 TO-S-2021-1303 (IP=200,US)
69.49.228.26	32	TLM	None	2021-06-10 00:00:00	2021-12-10 00:00:00	None	HIVE CASE #5606 TO-S-2021-1338
69.49.228.35	32	TLM	None	2021-07-29 00:00:00	2021-10-27 00:00:00	None	HIVE Case #5884 TO-S-2021-1435 (IP=35,US)
69.49.229.115	32	TLM	None	2021-06-10 00:00:00	2021-12-10 00:00:00	None	HIVE CASE #5606 TO-S-2021-1338
69.49.229.171	32	TLM	None	2021-06-10 00:00:00	2021-12-10 00:00:00	None	HIVE CASE #5606 TO-S-2021-1338
69.49.230.139	32	jkc	None	2021-04-21 00:00:00	2021-10-21 00:00:00	None	Case # 5273 IOC_TO-S-2021-1233 Malicious callback IP
69.49.230.145	32	NAB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HIVE Case #5136 TO-S-21-1197 TO-S-21-1197.01 (IP=145,US)
69.49.230.158	32	NAB	None	2021-04-05 00:00:00	2021-07-04 00:00:00	None	HIVE Case #5201 TO-S-21-1209 (IP=158,US)
69.49.230.168	32	NAB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HIVE Case #5136 TO-S-21-1197 TO-S-21-1197.01 (IP=168,US)
69.49.230.177	32	NAB	None	2021-04-05 00:00:00	2021-07-04 00:00:00	None	HIVE Case #5201 TO-S-21-1209 (IP=177,US)
69.49.230.81	32	NAB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HIVE Case #5136 TO-S-21-1197 TO-S-21-1197.01 (IP=81,US)
69.49.230.82	32	TLM	None	2021-06-10 00:00:00	2021-12-10 00:00:00	None	HIVE CASE #5606 TO-S-2021-1338
69.49.231.150	32	jkc	None	2021-04-21 00:00:00	2021-10-21 00:00:00	None	Case # 5273 IOC_TO-S-2021-1233 Malicious callback IP
69.49.231.155	32	jkc	None	2021-04-21 00:00:00	2021-10-21 00:00:00	None	Case # 5273 IOC_TO-S-2021-1233 Malicious callback IP
69.49.231.245	32	NAB	None	2021-04-05 00:00:00	2021-07-04 00:00:00	None	HIVE Case #5201 TO-S-21-1209 (IP=245,US)
69.49.231.28	32	TLM	None	2021-07-29 00:00:00	2021-10-27 00:00:00	None	HIVE Case #5884 TO-S-2021-1435 (IP=28,US)
69.49.231.52	32	NAB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HIVE Case #5136 TO-S-21-1197 TO-S-21-1197.01 (IP=52,US)
69.49.231.56	32	NAB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HIVE Case #5136 TO-S-21-1197 TO-S-21-1197.01 (IP=56,US)
69.49.234.148	32	TLM	None	2021-07-29 00:00:00	2021-10-27 00:00:00	None	HIVE Case #5884 TO-S-2021-1435 (IP=148,US)
69.49.234.232	32	TLM	None	2021-06-17 00:00:00	2021-12-17 00:00:00	None	HIVE Case #5644 TO-S-2021-1352 (IP=232,US)
69.49.234.246	32	TLM	None	2021-06-14 00:00:00	2021-12-14 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=246,US)
69.49.235.127	32	TLM	None	2021-06-17 00:00:00	2021-12-17 00:00:00	None	HIVE Case #5644 TO-S-2021-1352 (IP=127,US)
69.49.235.153	32	TLM	None	2021-09-14 00:00:00	2021-12-13 00:00:00	None	HIVE Case #6164 TO-S-2021-1528 (IP=153,US)
69.49.235.159	32	TLM	None	2021-06-17 00:00:00	2021-12-17 00:00:00	None	HIVE Case #5644 TO-S-2021-1352 (IP=159,US)
69.49.235.180	32	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5629 TO-S-2021-1303 (IP=180,US)
69.49.235.186	32	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5637 TO-S-2021-1321 (IP=186,US)
69.49.235.190	32	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5637 TO-S-2021-1321 (IP=190,US)
69.49.235.194	32	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5629 TO-S-2021-1303 (IP=194,US)
69.49.235.204	32	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5629 TO-S-2021-1303 (IP=204,US)
69.49.235.224	32	TLM	None	2021-06-17 00:00:00	2021-12-17 00:00:00	None	HIVE Case #5644 TO-S-2021-1352 (IP=224,US)
69.54.29.31	32	dbc	None	2020-06-10 00:00:00	2021-06-10 00:00:00	None	US TO-S-2020-0601 Malicious Reconnaissance Activity
69.55.55.202	32	RR	None	2021-06-11 00:00:00	2021-09-09 00:00:00	None	sf8290sec2-jrss-ogdut-base-a-1 - TT# 21C01286 (IP=202,US)
69.55.59.171	32	KH	None	2021-08-06 00:00:00	2021-11-04 00:00:00	None	Possible Cross-site Scripting Attack - FE IPS (IP=171,US)
69.59.87.111	32	RR	None	2019-07-08 00:00:00	2021-04-23 00:00:00	None	SERVER-WEBAPP Linksys E-series HNAP TheMoon remote code execution attempt - SourceFire (IP=111,US) | updated by dbc Block was inactive. Reactivated on 20200423 with reason US TO-S-2020-0459 Malware Activity
69.6.31.150	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	CY TO-S-2020-0298 Malicious Email Activity
69.60.11.158	32	jkc	None	2021-04-21 00:00:00	2021-10-21 00:00:00	None	Case # 5273 IOC_TO-S-2021-1233 Malicious callback IP
69.60.160.138	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	US TO-S-2020-0331 Malicious Email Activity
69.61.26.123	32	wmp	None	2020-07-07 00:00:00	2021-08-24 00:00:00	None	HIVE Case #3255 TO-S-2020-0661 COLS-NA-TIP-20-0207 (IP=123,US) | updated by dbc Block expiration extended with reason US TO-S-2020-0750 Malicious Email Activity
69.64.41.103	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
69.64.52.22	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	US TO-S-2020-0303 Malicious Web Application Activity
69.64.56.196	32	wmp	None	2020-08-26 00:00:00	2021-10-08 00:00:00	None	HIVE Case #3650 COLS-NA-TIP-20-0271 (IP=196,US) | updated by dbc Block expiration extended with reason HIVE Case #4064 TO-S-2020-0859 (IP=196,US)
69.65.10.231	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	US TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
69.65.3.162	32	wmp	None	2020-09-25 00:00:00	2021-11-03 00:00:00	None	HIVE Case #3980 COLS-NA-TIP-20-0305 (IP=162,US) | updated by dbc Block expiration extended with reason US Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
69.71.12.185	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=185,US)
69.73.162.31	32	TLM	None	2021-06-14 00:00:00	2021-12-14 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=31,US)
69.73.182.127	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	US TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
69.75.103.150	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=150,US)
69.77.245.81	32	ZH	None	2021-07-22 00:00:00	2021-10-20 00:00:00	None	SQL injection - 6hr Web Attacks (IP=81,US)
69.80.55.0	24	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	VC TO-S-2020-0331 Malicious Web Application Activity
69.84.79.36	32	BB	None	2021-08-19 00:00:00	2021-11-17 00:00:00	None	SERVER-OTHER tcpdump ISAKMP parser buffer overflow attempt (1:44161:2) - SSH (IP=36,US)
69.84.85.226	32	dbc	None	2020-05-22 00:00:00	2021-05-27 00:00:00	None	Unafilliated TO-S-2020-0559 Malicious Email Activity | updated by dbc Block expiration extended with reason Unafilliated TO-S-2020-0559.01 Malicious Email Activity
69.89.22.173	32	dbc	None	2020-09-23 00:00:00	2021-09-23 00:00:00	None	US TO-S-2020-0826 Hive Case 3950 Malicious Email Activity
69.89.31.141	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
69.90.66.160	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	CA TO-S-2020-0459 Malware Activity
70.105.163.185	32	NAB	None	2021-04-02 00:00:00	2021-07-01 00:00:00	None	HIVE Case #NA FP Security (IP=185,US)
70.118.216.221	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=221,US)
70.119.77.204	32	GM	None	2020-12-10 00:00:00	2021-03-10 00:00:00	None	Self- Report / IP block - TT # 21C00277 (IP=204,US)
70.121.172.89	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malware Activity
70.121.179.184	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=184,US)
70.121.86.129	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	US TO-S-2020-0303 Malicious Web Application Activity
70.15.200.145	32	RR	None	2020-12-13 00:00:00	2021-03-13 00:00:00	None	SSH User Authentication Brute Force Attempt - Failed Logons (IP=145,US)
70.162.239.24	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=24,US)
70.163.10.102	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=102,US)
70.163.10.196	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=196,US)
70.164.199.102	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=102,US)
70.167.215.230	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=230,US)
70.167.215.250	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malware Activity
70.168.108.194	32	DT	None	2021-03-30 00:00:00	2021-06-28 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=194,US)
70.169.0.77	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=77,US)
70.183.210.12	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=12,US)
70.183.239.138	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=138,US)
70.185.100.210	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=210,US)
70.24.240.169	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	CA TO-S-2020-0493 Malware Activity
70.25.188.205	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	CA TO-S-2020-0303 Malicious Email Activity
70.31.217.149	24	DT	None	2021-09-06 00:00:00	2021-12-06 00:00:00	None	HTTP SQL Injection Attempt - Web Attacks (IP=149,CA) | updated by SW Block expiration extended with reason SERVER-WEBAPP Facade Ignition remote code execution attempt (1:57872:1) - SourceFire (IP=149,CA)
70.32.0.60	32	RW	None	2020-12-08 00:00:00	2021-03-08 00:00:00	None	OpenVAS Scanning Activity - Fireeye IPS(IP=60,US)
70.32.115.157	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malware Activity
70.32.23.20	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	US TO-S-2020-0535 Malware Activity
70.32.23.26	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	US TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
70.32.23.38	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=38,US)
70.32.23.41	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=41,US)
70.32.23.50	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=50,US)
70.32.23.51	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	US TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
70.32.23.64	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	US TO-S-2021-1007 Malicious Email Activity
70.32.26.183	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	US TO-S-2020-0303 Malware Activity
70.32.28.4	32	RB	None	2020-04-04 00:00:00	2021-04-23 00:00:00	None	Possible SQLi attempt / Name : HTTP: Blind SQL Injection - Timing - TT# 20C02377 (IP=4,US) | updated by dbc Block expiration extended with reason US TO-S-2020-0459 Malware Activity
70.32.68.192	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	US TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
70.32.72.208	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	US TO-S-2020-0535 Malicious Email Activity
70.32.84.74	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malware Activity
70.32.98.213	32	wmp	None	2020-08-10 00:00:00	2021-07-08 00:00:00	None	HIVE Case #3493 COLS-NA-TIP-20-0250 (IP=213,US) | updated by dbc Block expiration extended with reason US TO-S-2020-0838 Malicious Email Activity | Unblocked - IP hosts envisioncad.com which is used by CAD managers
70.35.204.237	32	RB	None	2021-04-08 00:00:00	2021-07-07 00:00:00	None	Unauthorized Access-Probe / UDP: Host Sweep - TT# 21C00988 (IP=237,US)
70.36.99.124	32	BMP	None	2021-02-03 00:00:00	2021-05-03 00:00:00	None	Unauthorized Access-Probe / UDP Host Sweep - TT# 21C00464 (IP=124,US)
70.37.106.28	32	KH	None	2021-08-16 00:00:00	2021-11-14 00:00:00	None	Command Injection - ABC Report (IP=28,US)
70.37.163.174	32	SW	None	2021-07-31 00:00:00	2021-10-29 00:00:00	None	Possible Cross-site Scripting Attack - IPS Events (IP=174, US)
70.37.90.220	32	BMP	None	2021-03-13 00:00:00	2021-06-13 00:00:00	None	SERVER-WEBAPP Liferay arbitrary Java object deserialization attempt (1:56800:2) - SourceFire (IP=220,US)
70.38.103.11	32	wmp	None	2020-09-04 00:00:00	2021-10-08 00:00:00	None	HIVE Case #3755 COLS-NA-TIP-20-0278 (IP=11,CA) | updated by dbc Block expiration extended with reason HIVE Case #4064 TO-S-2020-0859 (IP=11,CA)
70.38.12.30	32	kmw	None	2020-01-02 00:00:00	2021-01-02 00:00:00	None	CA TO-S-2020-0228 Malicious Email Activity
70.38.123.185	32	NAB	None	2020-10-30 00:00:00	2021-01-28 00:00:00	None	HIVE Case #4238 COLS-NA-TIP-20-0344 (IP=185,CA)
70.39.146.87	32	wmp	None	2020-09-22 00:00:00	2021-10-29 00:00:00	None	HIVE Case #3941 TO-S-2020-0821 COLS-NA-TIP-20-0298 (IP=87,US) | updated by dbc Block expiration extended with reason US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
70.39.147.98	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=98,US)
70.39.232.160	32	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	US TO-S-2020-0838 Malicious Email Activity
70.39.233.35	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	US TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
70.39.234.253	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	US TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
70.39.234.58	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	US TO-S-2021-1007 Malicious Email Activity
70.39.248.179	32	TLM	None	2021-07-29 00:00:00	2021-10-27 00:00:00	None	HIVE Case #5884 TO-S-2021-1435 (IP=179,US)
70.39.81.156	32	RR	None	2021-01-06 00:00:00	2021-04-06 00:00:00	None	Possible Cross-site Scripting Attack - IPS Events (IP=156,US)
70.41.21.67	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=67,US)
70.49.184.56	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	CA Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
70.52.6.137	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	CA TO-S-2020-0493 Malware Activity
70.62.73.10	32	RW	None	2021-02-18 00:00:00	2021-05-18 00:00:00	None	SSH User Authentication Brute Force Attempt - 6 hr failed logons (IP=10,US)
70.64.74.138	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	CA TO-S-2020-0303 Malicious Email Activity
70.66.166.100	24	GM	None	2021-02-15 00:00:00	2021-05-15 00:00:00	None	SSH User Authentication Brute Force Attempt - Web Attacks (IP=100,CA)
70.67.166.23	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	CA Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
70.73.140.92	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	CA TO-S-2020-0493 Malware Activity
70.74.133.222	24	BMP	None	2020-12-31 00:00:00	2021-03-31 00:00:00	None	SSH User Authentication Brute Force Attempt - 6hr Failed Logons (IP=222,CA)
70.74.143.16	24	GM	None	2021-03-11 00:00:00	2021-06-11 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=16,CA)
70.83.39.177	24	DT	None	2021-03-13 00:00:00	2021-06-13 00:00:00	None	SERVER-WEBAPP Liferay arbitrary Java object deserialization attempt - Web Attacks (IP=177,CA)
70.95.63.117	32	BMP	None	2020-02-15 00:00:00	2021-05-07 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - SourceFire (IP=117,US) | updated by dbc Block expiration extended with reason US TO-S-2020-0493 Malware Activity
7051181900.elmatea.net	---	TLM	None	2021-06-15 00:00:00	2021-09-13 00:00:00	2023-01-19 22:57:28	HIVE Case #5605 TO-S-2021-1338
71.1.96.155	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=155,US)
71.127.167.5	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=5,US)
71.166.182.110	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=110,US)
71.169.185.69	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	US TO-S-2020-0331 Malware Activity
71.173.89.102	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=102,US)
71.173.92.76	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	US TO-S-2020-0331 Malware Activity
71.181.74.23	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	US TO-S-2020-0331 Malware Activity
71.186.235.209	32	ZH	None	2021-07-24 00:00:00	2021-10-22 00:00:00	None	SSH2 Failed Login Attempt - 6hr Failed Logons (IP=209,US)
71.19.146.189	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	US TO-S-2021-1007 Malware Activity
71.19.189.34	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	CA TO-S-2020-0331 Malicious Web Application Activity
71.19.249.231	32	dbc	None	2020-09-17 00:00:00	2021-09-17 00:00:00	None	CA TO-S-2020-0805 Malicious Email Activity
71.209.64.121	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=121,US)
71.220.34.228	32	ABC	None	2021-03-27 00:00:00	2021-06-25 00:00:00	None	MULTIPLE UNRECOGNIZED TECHNIQUES; FORWARD TO DEV TEAM (IP=228,US)
71.231.109.36	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=36,US)
71.235.149.226	32	RW	None	2021-09-16 00:00:00	2021-12-15 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - Web Attacks (IP=226, US)
71.246.215.2	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=2,US)
71.255.131.72	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	DE TO-S-2020-0303 Malicious Email Activity
71.46.224.50	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=50,US)
71.57.180.213	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malware Activity
71.57.97.119	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=119,US)
71.59.127.136	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=136,US)
71.6.135.131	32	CR	None	2021-05-11 00:00:00	2021-08-30 00:00:00	None	Suspicious to PostgreSQL 5432 (IP=131, US) | updated by CR Block was inactive. Reactivated on 20210511 with reason SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt_Sourcefire (IP=131,US) SERVER-OTHER limited RSA cip
71.6.135.131	32	RR	None	2021-05-23 00:00:00	2021-08-30 00:00:00	None	Suspicious to PostgreSQL 5432 (IP=131, US) | updated by CR Block was inactive. Reactivated on 20210511 with reason SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt_Sourcefire (IP=131,US) SERVER-OTHER limited RSA cip
71.6.135.131	32	dbc	None	2015-03-27 05:00:00	2021-08-30 00:00:00	None	Suspicious to PostgreSQL 5432 (IP=131, US) | updated by CR Block was inactive. Reactivated on 20210511 with reason SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt_Sourcefire (IP=131,US) SERVER-OTHER limited RSA cip
71.6.135.131	32	RW	None	2021-05-20 00:00:00	2021-08-30 00:00:00	None	Suspicious to PostgreSQL 5432 (IP=131, US) | updated by CR Block was inactive. Reactivated on 20210511 with reason SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt_Sourcefire (IP=131,US) SERVER-OTHER limited RSA cip
71.6.135.131	32	ZH	None	2021-06-01 00:00:00	2021-08-30 00:00:00	None	Suspicious to PostgreSQL 5432 (IP=131, US) | updated by CR Block was inactive. Reactivated on 20210511 with reason SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt_Sourcefire (IP=131,US) SERVER-OTHER limited RSA cip
71.6.142.85	32	RR	None	2018-01-24 06:00:00	2021-06-24 00:00:00	None	ET SCAN Behavioral Unusually fast Terminal Server Traffic Potential Scan or Infection (Inbound) (IP=85,US) | updated by NAB Block was inactive. Reactivated on 20210326 with reason HIVE Case #5136 TO-S-21-1197 TO-S-21-1197.01 (IP=85,US)
71.6.146.186	32	ABC	None	2016-05-03 05:00:00	2021-11-16 00:00:00	None	ET POLICY Suspicious inbound to mySQL port 3306 (IP=186,US) | updated by BLP with reason PROTOCOL-DNS named version attempt (I | updated by CR with reason HTTP: Microsoft Windows HTTP.sys Remote Code Execution (CVE-2015-1635) - TT# 19C02082 (IP=186,U | updated by RR Block was inactive. Reactivated on 20210818 with reason HTTP: Microsoft Windows HTTP.sys Remote Code Execution (CVE-2015-1635) - TT# 21C01571 (IP=186,US)
71.6.147.254	32	GM	None	2019-04-22 00:00:00	2021-04-23 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (IP=254,US) | updated by dbc Block was inactive. Reactivated on 20200423 with reason US TO-S-2020-0459 Malware Activity
71.6.158.166	24	BMP	None	2021-05-14 00:00:00	2021-08-12 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire (IP=166,US )
71.6.167.124	32	wmp	None	2016-04-03 05:00:00	2021-08-11 00:00:00	None	Suspicious inbound to mySQL (IP=124,US) | updated by BMP Block was inactive. Reactivated on 20200923 with reason INDICATOR-SCAN FTP Login Failed - 6hr Failed Logons (IP=124,US) | updated by CR Block was inactive. Reactivated on 20210511 with reason FTP
71.6.199.23	32	ALJ	None	2018-09-14 05:00:00	2021-08-30 00:00:00	None	2rcc TT# 18C03993 (ip=23,us) | updated by RR with reason HTTP: Microsoft Windows HTTP.sys Remote Code Execution (CVE-2015-1635) | updated by RR with reason HTTP: Microsoft Windows HTTP.sys Remote Code Execution (CVE-2015-1635)- TT# 19C02348 (IP=23,US) |
71.6.232.4	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	US TO-S-2020-0298 Malicious Email Activity
71.6.232.9	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	US TO-S-2020-0298 Malicious Email Activity
71.6.233.5	24	RT	None	2021-06-08 00:00:00	2021-09-06 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire Report (IP=5,US)
71.67.40.0	21	dbc	None	2020-06-08 00:00:00	2021-06-08 00:00:00	None	KR TO-S-2020-0592 Malware Activity
71.68.141.205	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=205,US)
71.72.234.20	32	RW	None	2020-10-28 00:00:00	2021-01-28 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=20,US)
71.8.10.239	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=239,US)
71.89.89.240	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
71.90.142.22	32	GM	None	2021-01-06 00:00:00	2021-04-06 00:00:00	None	SSH User Authentication Brute Force Attempt - Failed Logons (IP=22,US)
71.92.132.106	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=106,US)
71.93.162.196	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=196,US)
72.10.35.142	32	TLM	None	2021-07-29 00:00:00	2021-10-27 00:00:00	None	HIVE Case #5884 TO-S-2021-1435 (IP=142,US)
72.11.140.134	32	RW	None	2019-08-03 00:00:00	2021-04-23 00:00:00	None	Malware.Binary.FEC2 - Malware Object Download (IP=134,US) | updated by dbc Block was inactive. Reactivated on 20200423 with reason US TO-S-2020-0459 Malware Activity
72.11.140.155	32	RW	None	2019-07-23 00:00:00	2021-04-23 00:00:00	None	HTTP: WP-EasyCart Shell Upload - TT# 19C02634 (IP=155,US) | updated by KF with reason Immediate Inbound Network Block - TT# 19C03127 (IP=155,US) | updated by dbc Block was inactive. Reactivated on 20200423 with reason US TO-S-2020-0459 Malware Activity
72.11.140.178	32	GM	None	2019-09-24 00:00:00	2021-04-23 00:00:00	None	SQL HTTP URI blind injection attempt - Web Attacks (IP=78,US) | updated by dbc Block was inactive. Reactivated on 20200423 with reason US TO-S-2020-0459 Malware Activity
72.11.141.54	32	RW	None	2019-08-03 00:00:00	2021-04-23 00:00:00	None	Malware.Binary.FEC2 - Malware Object Download (IP=54,US) | updated by dbc Block was inactive. Reactivated on 20200423 with reason US TO-S-2020-0459 Malware Activity
72.13.85.10	32	dbc	None	2020-09-17 00:00:00	2021-09-17 00:00:00	None	US TO-S-2020-0805 Malicious Email Activity
72.131.202.204	32	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	US TO-S-2020-0838 Malware Activity
72.14.181.48	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	US TO-S-2020-0535 Malicious Email Activity
72.14.188.177	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
72.14.189.210	32	TLM	None	2021-07-29 00:00:00	2021-10-27 00:00:00	None	HIVE Case #5884 TO-S-2021-1435 (IP=210,US)
72.143.45.178	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	CA TO-S-2020-0298 Malicious Email Activity
72.167.190.12	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
72.167.190.149	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	US TO-S-2020-0493 Malware Activity
72.167.190.199	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	US TO-S-2020-0493 Malware Activity
72.167.190.210	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	US TO-S-2020-0303 Malicious Web Application Activity
72.167.190.32	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
72.167.191.83	32	TLM	None	2021-07-29 00:00:00	2021-10-27 00:00:00	None	HIVE Case #5884 TO-S-2021-1435 (IP=83,US)
72.167.2.128	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=128,US)
72.167.222.109	32	wmp	None	2020-08-03 00:00:00	2021-09-29 00:00:00	None	HIVE Case #3444 COLS-NA-TIP-20-0242 (IP=109,US) | updated by dbc Block expiration extended with reason US TO-S-2020-0838 Malicious Email Activity
72.167.223.245	32	dbc	None	2020-09-17 00:00:00	2021-09-17 00:00:00	None	US TO-S-2020-0805 Malicious Email Activity
72.167.226.94	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	US TO-S-2021-1007 Malware Activity
72.167.227.158	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
72.167.39.240	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=240,US)
72.168.176.176	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=176,US)
72.173.78.147	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=147,US)
72.177.33.113	32	RW	None	2021-01-17 00:00:00	2021-04-17 00:00:00	None	Authentication Failure - 6 hr failed logons (IP=113,US)
72.18.132.109	32	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	US TO-S-2020-0838 Malicious Email Activity
72.2.241.154	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	US TO-S-2020-0493 Malware Activity
72.2.246.124	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	US TO-S-2020-0493 Malware Activity
72.2.249.245	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	US TO-S-2020-0493 Malware Activity
72.2.253.80	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	US TO-S-2020-0493 Malware Activity
72.2.255.34	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	US TO-S-2020-0493 Malware Activity
72.2.5.203	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	CA TO-S-2020-0459 Malware Activity
72.2.85.121	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
72.205.172.136	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=136,US)
72.215.38.70	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=70,US)
72.249.213.184	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	PR TO-S-2020-0298 Malicious Email Activity
72.249.68.129	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	US TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
72.255.103.142	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=142,US)
72.27.222.147	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	JM Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
72.27.8.9	32	RR	None	2020-10-21 00:00:00	2021-01-21 00:00:00	None	Known Attack Tool User Agent V2 / UDS-WhatWeb_RC8766 - TT# 21C00177 (IP=9,JM)
72.28.30.92	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=92,US)
72.32.37.39	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
72.34.44.150	32	SYM	None	2014-10-31 05:00:00	2021-08-24 00:00:00	None	Potential SSH Scan (ip=150,US) | updated by dbc Block was inactive. Reactivated on 20200824 with reason US TO-S-2020-0750 Malicious Email Activity
72.34.47.254	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	US TO-S-2020-0750 Malicious Email Activity
72.35.104.130	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=130,US)
72.35.98.238	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=238,US)
72.42.190.129	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=129,US)
72.44.24.0	22	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	BR TO-S-2020-0331 Malicious Web Application Activity
72.44.68.159	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	US TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
72.47.222.40	32	NAB	None	2021-06-03 00:00:00	2021-09-01 00:00:00	None	HIVE Case #NA FP Security (IP=40,US)
72.47.224.12	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
72.47.224.13	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
72.47.224.14	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
72.47.224.16	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
72.47.224.17	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
72.47.224.18	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
72.47.224.19	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
72.47.224.21	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	US TO-S-2020-0303 Malicious Web Application Activity
72.47.224.22	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
72.47.224.23	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
72.47.244.58	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	US TO-S-2020-0750 Malicious Email Activity
72.48.177.50	32	KD	None	2021-07-29 00:00:00	2021-10-27 00:00:00	None	SQL injection- 6Hr Web Attacks (IP=50,US)
72.5.65.111	32	wmp	None	2020-09-24 00:00:00	2021-10-29 00:00:00	None	HIVE Case #3974 COLS-NA-TIP-20-0301 (IP=111,US) | updated by dbc Block expiration extended with reason US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
72.52.101.38	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	US TO-S-2021-1007 Malware Activity
72.52.132.124	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
72.52.134.174	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	US Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
72.52.135.41	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=41,US)
72.52.138.179	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	US TO-S-2020-0698 Malicious Email Activity
72.52.178.23	32	TLM	None	2021-06-17 00:00:00	2021-12-17 00:00:00	None	HIVE Case #5644 TO-S-2021-1352 (IP=23,US)
72.52.179.175	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	US TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
72.52.197.155	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
72.52.250.148	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	US TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
72.55.140.10	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=10,CA)
72.55.140.155	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	CA TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
72.55.184.82	32	TLM	None	2021-06-17 00:00:00	2021-12-17 00:00:00	None	HIVE Case #5644 TO-S-2021-1352 (IP=82,CA)
72.55.186.18	32	NAB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HIVE Case #5136 TO-S-21-1197 TO-S-21-1197.01 (IP=18,CA)
72.70.51.5	32	DT	None	2021-03-20 00:00:00	2021-06-18 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - Web Attacks (IP=5,US)
72.84.84.192	32	RT	None	2021-09-16 00:00:00	2021-12-15 00:00:00	None	Possible SQLi attempt/HTTP: Blind SQL Injection - TIming - TT# 21C01875 (IP=192,US)
72.9.110.70	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	US TO-S-2020-0750 Malicious Email Activity
72.9.148.228	32	dbc	None	2020-09-17 00:00:00	2021-09-17 00:00:00	None	US TO-S-2020-0805 Malicious Email Activity
72.9.153.27	32	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	US TO-S-2020-0315 Malicious Email Activity
73.1.121.151	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=151,US)
73.1.149.75	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=75,US)
73.1.80.168	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=168,US)
73.10.251.127	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=127,US)
73.100.115.147	32	DT	None	2021-08-20 00:00:00	2021-11-18 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - Failed Logons (IP=147,US)
73.114.54.239	32	RW	None	2021-01-04 00:00:00	2021-04-04 00:00:00	None	Authentication Failure - 6 hr failed logons (IP=239,US)
73.116.193.136	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malware Activity
73.121.9.11	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=11,US)
73.128.1.23	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=23,US)
73.129.169.120	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=120,US)
73.130.150.115	32	BMP	None	2020-10-17 00:00:00	2021-01-15 00:00:00	None	12hr SSH Scan - Hive Case 4138 (IP=115,US)
73.143.185.179	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=179,US)
73.154.188.224	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=224,US)
73.158.172.138	32	GM	None	2021-01-12 00:00:00	2021-04-12 00:00:00	None	SSH User Authentication Brute Force Attempt - Failed Logons (IP=138,US)
73.168.240.151	32	GM	None	2020-11-21 00:00:00	2021-02-21 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - Failed Logons (IP=240,US)
73.177.204.26	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=26,US)
73.193.129.174	32	GM	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - TT # 21C01010 (IP=174,US)
73.193.129.174	32	GM	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - TT # 21C01010 (IP=174,US)
73.193.129.174	32	GM	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script Injection - TT # 21C01010 (IP=174,US)
73.194.195.153	32	dbc	None	2020-06-10 00:00:00	2021-06-10 00:00:00	None	Unaffiliated TO-S-2020-0601 Malicious Email Activity
73.20.108.186	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
73.20.211.220	32	BMP	None	2021-07-27 00:00:00	2021-10-25 00:00:00	None	SQL injection - 6hr Web Attacks (IP=220,US)
73.212.61.87	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	US TO-S-2020-0298 Malicious Email Activity
73.213.208.163	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malware Activity
73.224.245.200	32	BMP	None	2021-04-02 00:00:00	2021-07-01 00:00:00	None	APP-DETECT failed FTP login attempt - 6 hr Failed Logons (IP=,US) | updated by BMP Block was inactive. Reactivated on 20210402 with reason FTP Login Failed - 6hr Failed Logons (IP=200,US) FTP Login Failed - 6hr Failed Logons (IP=200,US)
73.224.245.200	32	RR	None	2019-05-08 00:00:00	2021-07-01 00:00:00	None	APP-DETECT failed FTP login attempt - 6 hr Failed Logons (IP=,US) | updated by BMP Block was inactive. Reactivated on 20210402 with reason FTP Login Failed - 6hr Failed Logons (IP=200,US) FTP Login Failed - 6hr Failed Logons (IP=200,US)
73.225.8.3	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=3,US)
73.226.25.226	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=226,US)
73.34.219.72	32	CW	None	2019-11-18 00:00:00	2021-03-04 00:00:00	None	Failed password for invalid user_Failed Logon (IP=72,US) | updated by dbc Block was inactive. Reactivated on 20200304 with reason IN TO-S-2020-0331 Malware Activity
73.52.95.40	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	US TO-S-2020-0298 Malicious Email Activity
73.84.221.139	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=139,US)
73.95.132.158	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=158,US)
74.102.39.43	32	DT	None	2020-05-28 00:00:00	2021-10-08 00:00:00	None	SERVER-WEBAPP DrayTek multiple products command injection attempt - Web Attacks (IP=43,US) | updated by dbc Block was inactive. Reactivated on 20201008 with reason HIVE Case #4064 TO-S-2020-0859 (IP=43,US)
74.103.221.70	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	US TO-S-2020-0298 Malicious Email Activity
74.114.154.21	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	CA TO-S-2020-0331 Malicious Email Activity
74.115.211.132	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	US TO-S-2020-0303 Malicious Email Activity
74.117.179.110	32	GED	None	2020-12-07 00:00:00	2021-03-07 00:00:00	None	HIVE Case #NA FP CIO Policy (IP=110,US)
74.117.216.0	21	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	KY Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
74.120.14.0	24	RR	None	2020-12-30 00:00:00	2021-04-01 00:00:00	None	scanning activity against our CDAP server - - TT# 21C00378 (IP=0,US)
74.120.55.163	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	CA TO-S-2021-0876 Hive Case 4166 Malware Activity
74.120.8.7	32	dbc	None	2020-01-08 00:00:00	2021-01-08 00:00:00	None	US TO-S-2020-0236 Malicious Email Activity
74.121.190.121	32	dbc	None	2020-01-08 00:00:00	2021-01-08 00:00:00	None	US TO-S-2020-0236 Malware Activity
74.121.50.4	32	wmp	None	2020-08-24 00:00:00	2021-10-08 00:00:00	None	HIVE Case #3623 COLS-NA-TIP-20-0266 (IP=4,US) | updated by dbc Block expiration extended with reason HIVE Case #4064 TO-S-2020-0859 (IP=4,US)
74.124.193.166	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	US Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
74.124.197.205	32	wmp	None	2020-08-19 00:00:00	2021-09-17 00:00:00	None	HIVE Case #3602 COLS-NA-TIP-20-0261 (IP=205,US) | updated by wmp Block expiration extended with reason HIVE Case #3723 COLS-NA-TIP-20-0275 (IP=205,US) | updated by dbc Block expiration extended with reason US TO-S-2020-0805 Malicious Email Activity
74.124.202.94	32	dbc	None	2020-09-23 00:00:00	2021-09-23 00:00:00	None	US TO-S-2020-0826 Hive Case 3950 Malicious Email Activity
74.124.211.147	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	US TO-S-2021-1007 Malicious Email Activity
74.124.217.22	32	wmp	None	2020-08-05 00:00:00	2021-09-17 00:00:00	None	HIVE Case #3479 COLS-NA-TIP-20-0246 (IP=22,US) | updated by dbc Block expiration extended with reason US TO-S-2020-0805 Malicious Email Activity
74.124.219.71	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	US TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
74.128.106.76	32	dbc	None	2020-06-08 00:00:00	2021-06-08 00:00:00	None	US TO-S-2020-0592 Malware Activity
74.131.169.158	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=158,US)
74.134.98.122	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=122,US)
74.138.141.86	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=86,US)
74.138.19.238	32	dbc	None	2020-06-08 00:00:00	2021-06-08 00:00:00	None	US TO-S-2020-0592 Malware Activity
74.138.215.115	32	dbc	None	2020-06-08 00:00:00	2021-06-08 00:00:00	None	US TO-S-2020-0592 Malware Activity
74.139.191.26	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=26,US)
74.142.232.241	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
74.187.160.63	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=63,US)
74.193.159.232	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=232,US)
74.195.29.35	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=35,US)
74.203.211.12	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	US TO-S-2020-0750 Malicious Email Activity
74.204.136.168	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=168,US)
74.205.142.154	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=154,US)
74.207.233.60	32	RR	None	2021-01-07 00:00:00	2021-04-07 00:00:00	None	File /etc/passwd Access Attempt Detect - IPS Events (IP=60,US)
74.208.128.31	32	DT	None	2021-06-21 00:00:00	2021-09-19 00:00:00	None	SQL injection - Web Attacks (IP=31,US)
74.208.128.31	24	BB	None	2021-07-05 00:00:00	2021-10-03 00:00:00	None	Command Injection - ABC Report (IP=31,DE)
74.208.131.53	32	BMP	None	2021-06-26 00:00:00	2021-09-24 00:00:00	None	SERVER-APACHE Apache Tomcat mod_jk access control bypass attempt (1:48381:1) - SourceFire (IP=53,US)
74.208.173.91	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malware Activity
74.208.181.185	24	RW	None	2021-09-16 00:00:00	2021-12-15 00:00:00	None	SERVER-WEBAPP Atlassian Confluence OGNL injection remote code execution attempt (1:58093:1) - Sourcefire (IP=185,US)
74.208.206.123	32	GM	None	2021-03-29 00:00:00	2021-06-29 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=123,US)
74.208.215.227	32	kmw	None	2020-01-02 00:00:00	2021-01-02 00:00:00	None	US TO-S-2020-0228 Malicious Email Activity
74.208.223.166	32	GED	None	2020-12-04 00:00:00	2021-03-04 00:00:00	None	HIVE Case #NA FP CIO Policy (IP=166,US)
74.208.230.102	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	US TO-S-2021-1007 Malware Activity
74.208.236.142	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	US TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
74.208.236.160	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	US TO-S-2021-1007 Malicious Email Activity
74.208.236.164	32	dbc	None	2020-03-24 00:00:00	2021-03-24 00:00:00	None	US TO-S-2020-0369 Malicious Email Activity
74.208.236.177	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	US TO-S-2020-0303 Malware Activity
74.208.236.235	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	US TO-S-2020-0535 Malicious Email Activity
74.208.236.42	32	NAB	None	2021-01-07 00:00:00	2021-10-11 00:00:00	None	HIVE Case #NA FP Security (IP=42,US) | updated by srm Block was inactive. Reactivated on 20210713 with reason HIVE Case #NA FP Security (IP=42,US) HIVE Case #NA FP Security (IP=42,US)
74.208.236.42	32	srm	None	2021-07-13 00:00:00	2021-10-11 00:00:00	None	HIVE Case #NA FP Security (IP=42,US) | updated by srm Block was inactive. Reactivated on 20210713 with reason HIVE Case #NA FP Security (IP=42,US) HIVE Case #NA FP Security (IP=42,US)
74.208.242.58	32	KD	None	2021-09-05 00:00:00	2021-12-04 00:00:00	None	SERVER-WEBAPP Atlassian Confluence OGNL injection remote code execution attempt - Web Attacks (IP=58,US)
74.208.25.20	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	US TO-S-2021-1007 Malware Activity
74.208.255.198	32	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	US TO-S-2020-0315 Malicious Email Activity
74.208.28.126	32	DT	None	2021-09-03 00:00:00	2021-12-02 00:00:00	None	SERVER-WEBAPP Atlassian Confluence OGNL injection remote code execution attempt - Web Attacks (IP=126,US)
74.208.45.104	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malware Activity
74.208.54.209	32	BMP	None	2021-09-03 00:00:00	2021-12-02 00:00:00	None	SERVER-WEBAPP Atlassian Confluence OGNL injection remote code execution attempt (1:58093:1) - SourceFire (IP=209,US)
74.208.56.181	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
74.208.56.76	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
74.208.58.87	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
74.208.59.44	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
74.208.59.73	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
74.208.59.8	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	US TO-S-2020-0493 Malware Activity
74.208.65.8	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
74.208.73.149	32	NAB	None	2021-04-20 00:00:00	2021-07-19 00:00:00	None	HIVE Case #NA FP Security (IP=149,US)
74.208.87.123	24	BB	None	2021-07-05 00:00:00	2021-10-03 00:00:00	None	Command Injection - ABC Report (IP=123,DE)
74.208.88.118	32	KD	None	2021-05-28 00:00:00	2021-08-27 00:00:00	None	SERVER-WEBAPP Atlassian OAuth plugin multiple versions server side request forgery attempt (1:46898:1) - Sourcefire (IP=118,US)
74.208.94.153	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
74.208.99.50	32	RW	None	2021-09-01 00:00:00	2021-11-30 00:00:00	None	INDICATOR-OBFUSCATION obfuscated javascript excessive fromCharCode - potential attack - IR# 21C01714 (IP=50,US)
74.213.112.52	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	PR TO-S-2020-0331 Malicious Web Application Activity
74.214.40.33	32	BMP	None	2021-02-11 00:00:00	2021-05-11 00:00:00	None	SERVER-WEBAPP generic SQL select statement possible sql injection (1:41817:2) - SourceFire (IP=33,US)
74.218.39.160	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=160,US)
74.220.203.216	32	wmp	None	2020-08-31 00:00:00	2021-10-21 00:00:00	None	HIVE Case #3723 COLS-NA-TIP-20-0275 (IP=216,US) | updated by dbc Block expiration extended with reason US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
74.220.207.109	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
74.220.215.116	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
74.220.215.52	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
74.220.215.67	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
74.220.215.74	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
74.220.215.88	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
74.220.219.102	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	US Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
74.220.219.127	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
74.220.219.177	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	US TO-S-2021-1007 Malicious Email Activity
74.220.219.201	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	US TO-S-2021-1007 Malicious Web Application Activity
74.220.219.204	32	wmp	None	2020-09-22 00:00:00	2021-10-29 00:00:00	None	HIVE Case #3941 TO-S-2020-0821 COLS-NA-TIP-20-0298 (IP=204,US) | updated by dbc Block expiration extended with reason US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
74.220.219.29	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=29,US)
74.220.219.58	32	dbc	None	2020-09-17 00:00:00	2021-09-17 00:00:00	None	US TO-S-2020-0805 Malicious Email Activity
74.221.110.254	32	JKC	None	2021-09-22 00:00:00	2021-12-21 00:00:00	None	HIVE Case #NA AC hunter Excessive TCP attacks (IP=254,US)
74.222.5.43	32	KH	None	2021-07-21 00:00:00	2021-10-19 00:00:00	None	HTTP SQL Injection Attempt - 6 hr Web Attacks (IP=43,US)
74.4.34.239	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	US TO-S-2020-0493 Malware Activity
74.50.211.226	24	SW	None	2021-09-02 00:00:00	2021-12-01 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt (1:19559:13) - SourceFire (IP=226,MM)
74.58.47.25	24	RR	None	2021-05-28 00:00:00	2021-08-26 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - Web Attacks (IP=25,CA)
74.63.244.98	32	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	US TO-S-2020-0838 Malicious Email Activity
74.63.248.153	32	wmp	None	2020-09-22 00:00:00	2021-10-29 00:00:00	None	HIVE Case #3941 TO-S-2020-0821 COLS-NA-TIP-20-0298 (IP=153,US) | updated by dbc Block expiration extended with reason US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
74.69.121.121	32	EE	None	2021-02-26 00:00:00	2021-05-27 00:00:00	None	SSH User Authentication Brute Force Attempt - 6hr Failed Logons (IP=121,US)
74.73.253.14	32	BB	None	2021-08-12 00:00:00	2021-11-10 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - ABC (IP=14,US)
74.79.100.188	32	BMP	None	2020-10-16 00:00:00	2021-01-14 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6hr Failed Logons (IP=168,US)
74.80.24.8	32	RW	None	2020-03-03 00:00:00	2021-05-07 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=8,US) | updated by dbc Block expiration extended with reason US TO-S-2020-0493 Malware Activity
74.80.28.217	32	RW	None	2020-01-18 00:00:00	2021-05-07 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr web attacks (IP=217,US) | updated by RW Block expiration extended with reason SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Sourcefire (IP=217,US) | upda
74.81.184.23	32	GED	None	2020-12-07 00:00:00	2021-03-07 00:00:00	None	HIVE Case #NA FP CIO Policy (IP=23,US)
74.81.184.25	32	TLM	None	2021-06-17 00:00:00	2021-12-17 00:00:00	None	HIVE Case #5644 TO-S-2021-1352 (IP=25,US)
74.81.88.226	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
74.85.33.171	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=171,US)
74.89.239.155	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=155,US)
74.95.145.74	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	US TO-S-2020-0493 Malware Activity
74d6b7b2.app.giftbox4u.com	---	EE	None	2021-06-29 00:00:00	2021-09-27 00:00:00	2023-01-19 22:58:17	HIVE Case #5669 IOC_Nobelium
75.101.230.127	24	BMP	None	2020-10-11 00:00:00	2021-01-09 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - SourceFire (IP=127,US)
75.103.66.4	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
75.103.92.178	32	dbc	None	2020-09-17 00:00:00	2021-09-17 00:00:00	None	US TO-S-2020-0805 Malicious Email Activity
75.104.93.165	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=165,US)
75.109.47.87	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=87,US)
75.112.113.122	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=122,US)
75.113.214.18	32	KH	None	2021-07-26 00:00:00	2021-10-24 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - Web Attacks (IP=18,US)
75.119.128.59	32	BMP	None	2021-05-26 00:00:00	2021-08-26 00:00:00	None	Adobe ColdFusion Administrator Access Restriction - 6hr Web Attacks (IP=59,US) | updated by RR Block expiration extended with reason HTTP: Blind SQL Injection - Timing - Web Attacks (IP=59,US)
75.119.128.59	24	BMP	None	2021-05-26 00:00:00	2021-09-06 00:00:00	None	HTTP Request Brute Force Attack - 6hr Failed Logon (IP=59,DE) | updated by BMP Block expiration extended with reason SQL Injection,Command Injection (IP=59,DE)
75.119.129.23	24	BB	None	2021-08-01 00:00:00	2021-10-30 00:00:00	None	OS-OTHER Bash CGI environment variable injection attempt (1:31978:5) - SourceFire (IP=23,DE)
75.119.132.127	24	DT	None	2021-08-13 00:00:00	2021-11-11 00:00:00	None	Nuclei Vulnerability Scanner - IPS Events (IP=127,DE)
75.119.133.229	24	RW	None	2021-04-02 00:00:00	2021-07-02 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Sourcefire (IP=229,DE)
75.119.136.137	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=137,DE)
75.119.139.39	32	jkc	None	2021-04-21 00:00:00	2021-10-21 00:00:00	None	Case # 5273 IOC_TO-S-2021-1233 Malicious callback IP
75.119.142.201	24	AR	None	2021-06-26 00:00:00	2021-09-24 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire (IP=201,DE)
75.119.155.237	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=237,DE)
75.119.218.246	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	US TO-S-2020-0493 Malware Activity
75.126.101.235	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	US Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
75.127.102.42	32	dbc	None	2020-06-08 00:00:00	2021-06-08 00:00:00	None	Unafiliated TO-S-2020-0592 Malicious Email Activity
75.128.120.24	32	GM	None	2021-01-05 00:00:00	2021-04-05 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - Failed Logons (IP=24,US)
75.129.63.180	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=180,US)
75.139.38.211	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malware Activity
75.142.3.129	32	ABC	None	2019-10-10 00:00:00	2021-06-08 00:00:00	None	Generic ArcSight scan attempt (IP=129,US) | updated by BMP Block was inactive. Reactivated on 20210308 with reason HTTP: MaxDB WebTools Remote Buffer Overflow - TT# 21C00562 (IP=129,US)
75.147.150.125	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	Unaffiliated TO-S-2020-0535 Malware Activity
75.149.170.178	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=178,US)
75.177.142.16	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	US TO-S-2020-0493 Malware Activity
75.185.83.255	32	dbc	None	2020-01-30 00:00:00	2021-01-30 00:00:00	None	US TO-S-2020-0285 Malware Activity
75.30.225.143	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=143,US)
75.51.10.233	32	BMP	None	2020-11-10 00:00:00	2021-02-10 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6hr Failed Logons (IP=233,US)
75.65.63.14	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=14,US)
75.70.116.66	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=66,US)
75.87.59.55	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=55,US)
75.98.175.105	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
75.98.175.105	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
75.98.175.93	32	dbc	None	2020-09-23 00:00:00	2021-09-23 00:00:00	None	US TO-S-2020-0826 Hive Case 3950 Malicious Email Activity
75.98.175.99	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
7565738807.adollarchange.com	---	TLM	None	2021-06-15 00:00:00	2021-09-13 00:00:00	2023-01-19 22:57:32	HIVE Case #5605 TO-S-2021-1338
76.115.160.93	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=93,US)
76.126.90.15	32	BMP	None	2021-01-04 00:00:00	2021-04-04 00:00:00	None	SSH User Authentication Brute Force Attempt - 6hr Failed Logons (IP=15,US)
76.168.130.248	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	US TO-S-2020-0698 Malware Activity
76.173.24.43	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	US TO-S-2020-0493 Malware Activity
76.177.124.155	32	dbc	None	2020-06-08 00:00:00	2021-06-08 00:00:00	None	US TO-S-2020-0592 Malware Activity
76.177.184.144	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=144,US)
76.185.198.136	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=136,US)
76.190.33.242	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=242,US)
76.223.86.4	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	US TO-S-2020-0750 Malicious Email Activity
76.241.33.24	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=24,US)
76.64.89.8	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	CA TO-S-2020-0298 Malicious Email Activity
76.66.181.89	32	jkc	None	2020-06-26 00:00:00	2021-06-26 00:00:00	None	Case # 3146 - IOC_ CTO 20-172 malicious callback IP (ip=89,CA)
76.72.242.227	24	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=227,PR)
76.73.134.176	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=176,US)
76.76.189.5	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	AI Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
76.76.252.29	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	US TO-S-2020-0493 Malware Activity
76.79.114.180	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=180,US)
77.10.91.116	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	DE TO-S-2020-0298 Malicious Email Activity
77.104.130.232	32	dbc	None	2020-06-08 00:00:00	2021-06-08 00:00:00	None	GB TO-S-2020-0592 Malware Activity
77.104.168.236	32	dbc	None	2020-06-08 00:00:00	2021-06-08 00:00:00	None	Unafiliated TO-S-2020-0592 Malicious Email Activity
77.105.107.108	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	FI TO-S-2020-0331 Malicious Web Application Activity
77.105.128.0	20	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	RU TO-S-2020-0331 Malicious Web Application Activity
77.107.29.214	24	BMP	None	2021-02-17 00:00:00	2021-05-16 00:00:00	None	SSH User Authentication Brute Force Attempt - 6hr Failed Logons (IP=214,SE)
77.107.51.105	24	GM	None	2020-12-01 00:00:00	2021-03-01 00:00:00	None	SSH User Authentication Brute Force Attempt - Failed Logons (IP=105,SE)
77.111.240.188	32	dbc	None	2020-06-10 00:00:00	2021-06-10 00:00:00	None	Unaffiliated TO-S-2020-0601 Malicious Email Activity
77.111.244.67	32	kmw	None	2020-01-02 00:00:00	2021-01-02 00:00:00	None	NL TO-S-2020-0228 Malicious Email Activity
77.121.72.0	21	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	UA TO-S-2020-0298 Malicious Email Activity
77.133.222.240	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	FR TO-S-2020-0298 Malicious Email Activity
77.134.172.196	24	FT	None	2021-04-24 00:00:00	2021-07-24 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - 6hr web attacks (IP=196,FR)
77.157.15.232	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	FR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
77.157.49.249	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	FR TO-S-2020-0303 Malicious Email Activity
77.157.9.101	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	FR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
77.159.74.127	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	FR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
77.159.87.169	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	FR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
77.159.90.201	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	FR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
77.173.214.163	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	NL TO-S-2020-0459 Malware Activity
77.182.150.210	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	DE TO-S-2020-0303 Malicious Email Activity
77.195.102.116	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	FR TO-S-2020-0459 Malware Activity
77.20.73.81	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	DE TO-S-2020-0298 Malicious Email Activity
77.220.198.3	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	BG TO-S-2020-0303 Malicious Email Activity
77.221.157.106	32	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	RU TO-S-2020-0322 Malware Activity
77.221.157.109	32	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	RU TO-S-2020-0322 Malware Activity
77.221.41.88	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	HU TO-S-2020-0298 Malicious Email Activity
77.222.109.213	32	wmp	None	2021-06-17 00:00:00	2021-09-17 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=213,RU)
77.232.160.0	21	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	RU TO-S-2020-0298 Malicious Email Activity
77.232.98.0	24	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	SA TO-S-2021-0989 Hive Case # 4493 Malware Activity
77.233.160.0	19	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	RU TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
77.233.217.8	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	RU TO-S-2020-0331 Malicious Web Application Activity
77.233.8.0	22	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	RU Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
77.234.46.220	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	US TO-S-2020-0303 Malicious Web Application Activity
77.234.46.221	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	US TO-S-2020-0303 Malicious Web Application Activity
77.234.46.222	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	US TO-S-2020-0303 Malicious Web Application Activity
77.235.0.0	19	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	KG TO-S-2020-0838 Malware Activity
77.235.223.0	24	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	RU TO-S-2020-0331 Malicious Web Application Activity
77.235.54.109	32	wmp	None	2020-07-17 00:00:00	2021-09-17 00:00:00	None	HIVE Case #3353 TO-S-2020-0682 COLS-NA-TIP-20-0223 (IP=109,NL) | updated by dbc Block expiration extended with reason NL TO-S-2020-0805 Malicious Email Activity
77.237.251.0	24	TLM	None	2021-07-29 00:00:00	2021-10-27 00:00:00	None	HIVE Case #5884 TO-S-2021-1435 (IP=0,GB)
77.238.120.0	22	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	IR TO-S-2020-0315 Malicious Email Activity
77.238.136.0	21	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	RU Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
77.238.200.0	21	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	BA TO-S-2020-0303 Malicious Web Application Activity
77.240.144.0	20	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	RU Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
77.240.16.0	23	dbc	None	2020-03-24 00:00:00	2021-03-24 00:00:00	None	FI TO-S-2020-0369 Malicious Email Activity
77.240.18.0	23	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	FI TO-S-2020-0838 Malicious Email Activity
77.242.21.156	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	AL Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
77.242.21.158	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	AL Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
77.243.38.7	32	dbc	None	2020-06-10 00:00:00	2021-06-10 00:00:00	None	DK TO-S-2020-0601 Malware Activity
77.243.96.0	20	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	RU Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
77.244.64.0	20	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	RU Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
77.246.159.163	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=163,RU)
77.246.191.192	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	ES TO-S-2020-0459 Malware Activity
77.247.108.223	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	EE Hive Case 4237 TO-S-2021-0910 Malicious Reconnaissance Activity
77.247.108.241	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	EE Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
77.247.108.77	24	BMP	None	2021-05-25 00:00:00	2021-08-23 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt (1:48837:6) - SourceFire (IP=77,ES)
77.247.108.77	24	WR	None	2021-05-25 00:00:00	2021-08-23 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability- 6 hr web attacks (IP=77,NL)
77.247.109.232	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	NL TO-S-2020-0298 Malicious Email Activity
77.247.109.82	24	CR	None	2021-05-31 00:00:00	2021-08-29 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt - Sourcefire (IP=82,NL)
77.247.179.176	32	GED	None	2020-12-04 00:00:00	2021-03-04 00:00:00	None	HIVE Case #NA FP CIO Policy (IP=176,NL)
77.247.181.163	32	RR	None	2021-03-09 00:00:00	2021-06-07 00:00:00	None	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00584 (IP=163,NL)
77.247.181.55	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	NL TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
77.247.94.247	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	US TO-S-2020-0303 Malicious Email Activity
77.248.8.88	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	NL TO-S-2020-0459 Malware Activity
77.28.201.108	24	ZH	None	2021-09-08 00:00:00	2021-12-07 00:00:00	None	SERVER-WEBAPP Atlassian Confluence OGNL injection remote code execution attempt - Sourcefire Rpt (IP=108,MK)
77.29.148.197	24	SW	None	2021-09-07 00:00:00	2021-12-06 00:00:00	None	SERVER-WEBAPP Atlassian Confluence OGNL injection remote code execution attempt - WebAttacks (IP=197,MK)
77.34.163.109	24	EE	None	2021-01-30 00:00:00	2021-04-30 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6 HR Failed Logon (IP=109,RU)
77.40.3.240	24	KH	None	2021-09-12 00:00:00	2021-12-11 00:00:00	None	Nmap Scanner Traffic Detected - FE IPS (IP=240,RU)
77.43.124.72	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	IT Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
77.43.143.84	24	DT	None	2021-01-30 00:00:00	2021-04-30 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - 6hr Web Attacks (IP=84,RU)
77.45.224.0	19	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5629 TO-S-2021-1303 (IP=0,RU)
77.45.247.5	24	DT	None	2021-01-24 00:00:00	2021-04-24 00:00:00	None	HTTP: Apache HTTPD Cookie Handling Denial Of Service (CVE-2012-0021) - TT# 21C00432 (IP=5,RU)
77.46.138.44	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	RS Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
77.49.128.29	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	GR TO-S-2020-0303 Malicious Email Activity
77.49.135.243	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	GR TO-S-2020-0298 Malicious Email Activity
77.49.165.245	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	GR TO-S-2020-0303 Malicious Email Activity
77.49.4.128	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	GR TO-S-2020-0303 Malicious Email Activity
77.50.241.225	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	RU TO-S-2020-0298 Malicious Email Activity
77.52.185.59	32	srm	None	2021-04-30 00:00:00	2021-07-30 00:00:00	None	Firepower Suspicious Scan Activity (IP=59,UA)
77.53.116.27	24	GM	None	2020-12-20 00:00:00	2021-03-20 00:00:00	None	SSH User Authentication Brute Force Attempt - Failed Logons (IP=27,ES)
77.53.121.50	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	SE TO-S-2020-0459 Malware Activity
77.54.116.246	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	PT TO-S-2020-0298 Malicious Email Activity
77.55.211.77	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	PL TO-S-2021-0876 Hive Case 4166 Malware Activity
77.68.115.57	24	KD	None	2021-09-05 00:00:00	2021-12-04 00:00:00	None	SERVER-WEBAPP Atlassian Confluence OGNL injection remote code execution attempt- Web Attacks (IP=57,GB)
77.68.2.136	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	GB TO-S-2020-0298 Malware Activity
77.68.2.167	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	GB TO-S-2020-0298 Malware Activity
77.68.2.189	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	GB TO-S-2020-0298 Malware Activity
77.68.2.204	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	GB TO-S-2020-0298 Malware Activity
77.68.2.217	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	GB TO-S-2020-0298 Malware Activity
77.68.2.234	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	GB TO-S-2020-0298 Malware Activity
77.68.2.89	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	GB TO-S-2020-0298 Malware Activity
77.68.3.211	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	GB TO-S-2020-0298 Malware Activity
77.68.3.247	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	GB TO-S-2020-0298 Malware Activity
77.68.36.130	32	wmp	None	2020-08-26 00:00:00	2021-10-21 00:00:00	None	HIVE Case #3650 COLS-NA-TIP-20-0271 (IP=130,GB) | updated by dbc Block expiration extended with reason GB TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
77.68.64.21	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	GB TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
77.68.8.76	24	RR	None	2021-05-30 00:00:00	2021-08-28 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - SourceFire (IP=76,GB)
77.68.81.88	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	GB TO-S-2020-0459 Malware Activity
77.68.86.82	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	GB TO-S-2020-0459 Malware Activity
77.68.94.173	32	wmp	None	2020-09-04 00:00:00	2021-10-08 00:00:00	None	HIVE Case #3755 COLS-NA-TIP-20-0278 (IP=173,GB) | updated by dbc Block expiration extended with reason HIVE Case #4064 TO-S-2020-0859 (IP=173,GB)
77.69.230.35	24	BMP	None	2021-08-05 00:00:00	2021-11-03 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6hr Failed Logons (IP=35,BH)
77.69.251.187	24	RB	None	2021-03-24 00:00:00	2021-06-22 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr web attacks (IP=187 BH)
77.72.0.146	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	GB TO-S-2020-0750 Malicious Email Activity
77.72.0.174	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=174,GB)
77.72.4.162	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	GB TO-S-2021-1007 Malicious Email Activity
77.72.7.146	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	GB TO-S-2020-0331 Malicious Email Activity
77.73.240.0	21	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	CH TO-S-2020-0322 Malware Activity
77.73.64.0	21	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	RU TO-S-2020-0303 Malicious Reconnaissance Activity
77.74.24.0	21	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	RU TO-S-2020-0303 Malicious Email Activity
77.74.78.0	24	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	RU TO-S-2021-0876 Hive Case 4166 Malware Activity
77.75.144.0	21	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,UA)
77.75.249.102	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	DE Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
77.79.128.0	19	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,RU)
77.79.137.29	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	RU TO-S-2020-0303 Malicious Email Activity
77.81.139.90	24	BMP	None	2021-02-16 00:00:00	2021-05-16 00:00:00	None	SERVER-WEBAPP Cisco Ultra Services Framework command injection attempt - 6hr Web Attacks (IP=90,RO) | updated by RW Block expiration extended with reason SERVER-WEBAPP Cisco Ultra Services Framework command injection attempt - Sourcefire (IP=90,IE)
77.82.80.0	21	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	RU Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
77.83.159.15	32	NAB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HIVE Case #5136 TO-S-21-1197 TO-S-21-1197.01 (IP=15,HK)
77.83.247.81	24	EE	None	2021-07-01 00:00:00	2021-09-29 00:00:00	None	HIVE Case #5743 IOC_ Russian GRU Conducting Global Brute Force (IP=81,IL)
77.83.36.101	32	wmp	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=101,UA)
77.86.251.215	32	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	FI TO-S-2020-0838 Malicious Email Activity
77.87.192.0	21	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	UA TO-S-2020-0750 Malicious Email Activity
77.89.199.166	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	MD TO-S-2020-0331 Malicious Web Application Activity
77.89.239.38	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	US TO-S-2020-0303 Malicious Email Activity
77.91.218.176	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	SE TO-S-2020-0535 Malware Activity
77.91.54.237	32	srm	None	2021-04-27 00:00:00	2021-07-26 00:00:00	None	Firepower Suspicious Scan Activity (IP=237,PL)
77.92.90.190	32	wmp	None	2020-08-25 00:00:00	2021-10-08 00:00:00	None	HIVE Case #3649 COLS-NA-TIP-20-0268 (IP=190,GB) | updated by dbc Block expiration extended with reason HIVE Case #4064 TO-S-2020-0859 (IP=190,GB)
77.93.249.97	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	IT TO-S-2020-0459 Malware Activity
77.94.249.15	32	dbc	None	2020-06-10 00:00:00	2021-06-10 00:00:00	None	Unaffiliated TO-S-2020-0601 Malicious Email Activity
77.98.148.36	24	GM	None	2021-02-24 00:00:00	2021-06-24 00:00:00	None	SERVER-WEBAPP LifeRay arbitrary Java object deserialization attempt - Web Attacks (IP=36,PT)
77.99.231.76	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	GB Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
78.100.160.0	20	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	QA TO-S-2020-0298 Malicious Email Activity
78.100.240.0	20	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	QA TO-S-2020-0298 Malicious Email Activity
78.108.105.112	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	CZ TO-S-2020-0331 Malicious Web Application Activity
78.108.96.0	20	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	CZ TO-S-2020-0331 Malicious Web Application Activity
78.11.151.216	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	PL TO-S-2020-0298 Malicious Email Activity
78.111.199.184	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	US TO-S-2020-0303 Malicious Email Activity
78.111.240.0	20	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	RU Hive Case 4187 TO-S-2021-0898 Malware Activity
78.111.53.67	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	AZ Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
78.114.135.224	24	DT	None	2021-08-20 00:00:00	2021-11-18 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - Web Attacks (IP=224,FR)
78.115.211.53	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	FR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
78.12.153.11	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	IT TO-S-2020-0298 Malicious Email Activity
78.123.63.50	24	SW	None	2021-06-17 00:00:00	2021-09-15 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt (1:19559:13) - Source Fire (IP=50,FR)
78.128.60.222	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	BG TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
78.129.138.235	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	GB Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
78.129.80.0	20	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	BE TO-S-2020-0331 Malicious Web Application Activity
78.130.128.106	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	BG TO-S-2020-0298 Malicious Email Activity
78.130.20.83	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	PT TO-S-2020-0331 Malicious Web Application Activity
78.134.246.97	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	HR TO-S-2020-0331 Malicious Web Application Activity
78.134.68.128	32	DT	None	2021-04-23 00:00:00	2021-07-23 00:00:00	None	EOLO 4rd Dynamic User Block - IR# 21C01053 (IP=128,IT)
78.135.112.21	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	HIVE Case #3650 COLS-NA-TIP-20-0271 (IP=21,TR)
78.135.114.214	32	dbc	None	2020-09-23 00:00:00	2021-09-23 00:00:00	None	TR TO-S-2020-0826 Hive Case 3950 Malicious Email Activity
78.137.1.146	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	UA TO-S-2020-0535 Malicious Email Activity
78.137.72.0	21	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	YE TO-S-2020-0331 Malicious Web Application Activity
78.137.74.15	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	US TO-S-2020-0303 Malicious Email Activity
78.137.78.60	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	US TO-S-2020-0303 Malicious Email Activity
78.138.135.122	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	RU TO-S-2020-0303 Malicious Email Activity
78.138.43.43	24	WR	None	2021-05-18 00:00:00	2021-08-16 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - Web Attacks (IP=43,CN)
78.138.99.210	24	RW	None	2021-09-28 00:00:00	2021-12-27 00:00:00	None	Unauthorized Access-Probe - TT# 21C01977 (IP=210,FR)
78.140.223.0	24	dbc	None	2020-09-23 00:00:00	2021-09-23 00:00:00	None	RU TO-S-2020-0826 Hive Case 3950 Malicious Email Activity
78.141.198.124	24	RW	None	2021-04-17 00:00:00	2021-07-17 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=124,UK)
78.141.210.40	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	US TO-S-2020-0698 Malicious Web Application Activity
78.141.214.99	24	RT	None	2021-08-25 00:00:00	2021-11-23 00:00:00	None	SERVER-WEBAPP TRUFFLEHUNTER TALOS-2021-1272 attack attempt - Sourcefire Report (IP=99,NL)
78.141.70.242	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	SK TO-S-2020-0331 Malicious Web Application Activity
78.142.209.93	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	TR TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
78.142.210.144	32	dbc	None	2020-06-10 00:00:00	2021-06-10 00:00:00	None	Unaffiliated TO-S-2020-0601 Malicious Email Activity
78.142.210.164	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	TR TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
78.142.35.7	32	wmp	None	2021-05-21 00:00:00	2021-08-21 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=7,BG)
78.152.160.0	19	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	UA TO-S-2021-0941 Hive Case 4361 Malware Activity
78.155.192.0	20	jky	None	2018-02-23 06:00:00	2021-07-04 00:00:00	None	RU TO-S-2018-0491 Malware activity | updated by NAB Block was inactive. Reactivated on 20210405 with reason HIVE Case #5201 TO-S-21-1209 (IP=0,RU)
78.156.233.214	24	EE	None	2021-04-12 00:00:00	2021-07-11 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt (1:19559:13) - Sourcefire (IP=214,RU)
78.157.178.141	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	CZ TO-S-2020-0298 Malicious Email Activity
78.158.192.174	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	UA TO-S-2020-0298 Malicious Email Activity
78.160.235.59	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	TR TO-S-2020-0303 Malicious Email Activity
78.162.35.143	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	TR TO-S-2020-0331 Malicious Web Application Activity
78.163.145.135	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	TR TO-S-2020-0298 Malicious Email Activity
78.164.8.189	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	TR TO-S-2020-0331 Malicious Web Application Activity
78.165.106.195	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	TR TO-S-2020-0298 Malicious Email Activity
78.165.109.149	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	TR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
78.165.120.155	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	TR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
78.165.137.249	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	TR TO-S-2020-0303 Malicious Email Activity
78.165.164.175	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	TR TO-S-2020-0303 Malicious Email Activity
78.165.233.102	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	TR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
78.165.99.162	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	TR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
78.166.103.39	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	TR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
78.167.233.119	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	TR TO-S-2020-0303 Malicious Email Activity
78.170.222.20	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	TR TO-S-2020-0331 Malicious Web Application Activity
78.170.99.164	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	TR TO-S-2020-0331 Malicious Web Application Activity
78.171.43.90	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	TR TO-S-2020-0298 Malicious Email Activity
78.173.134.97	32	jkc	None	2021-04-21 00:00:00	2021-10-21 00:00:00	None	Case # 5273 IOC_TO-S-2021-1233 Malicious callback IP
78.175.154.198	32	srm	None	2021-04-27 00:00:00	2021-07-26 00:00:00	None	Firepower Suspicious Scan Activity (IP=198,TR)
78.176.240.222	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	TR TO-S-2020-0303 Malicious Email Activity
78.177.44.108	32	dbc	None	2020-06-10 00:00:00	2021-06-10 00:00:00	None	TR TO-S-2020-0601 Malware Activity
78.178.59.105	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	TR TO-S-2020-0331 Malicious Web Application Activity
78.179.6.78	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	TR TO-S-2020-0303 Malicious Email Activity
78.180.36.227	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	TR Hive Case 4187 TO-S-2021-0898 Malware Activity
78.180.53.241	24	GM	None	2021-01-14 00:00:00	2021-04-14 00:00:00	None	SSLv2 Client Hello Request Detected - FireEye CMS (IP=241,TR)
78.180.59.39	24	RR	None	2021-05-29 00:00:00	2021-08-27 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - SourceFire (IP=39,TR)
78.180.61.216	32	BMP	None	2020-11-19 00:00:00	2021-02-19 00:00:00	None	Unauthorized Access-Probe - TT# 21C00244 (IP=216,TR)
78.181.172.205	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	TR TO-S-2020-0303 Malicious Email Activity
78.182.121.146	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	TR TO-S-2020-0331 Malicious Web Application Activity
78.183.110.196	24	GM	None	2020-10-01 00:00:00	2021-01-01 00:00:00	None	SERVER-WEBAPP Oracle Business Intelligence directory traversal attempt - Web Attacks (IP=196,TR)
78.183.212.244	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	TR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
78.183.33.219	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	TR TO-S-2020-0331 Malicious Web Application Activity
78.183.97.132	24	BMP	None	2021-02-23 00:00:00	2021-05-24 00:00:00	None	HTTP: SQL Injection - Exploit - 6hr Web Attacks (IP=132,TR)
78.186.114.182	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	TR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
78.186.13.53	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	TR TO-S-2020-0331 Malicious Web Application Activity
78.186.138.47	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	TR TO-S-2020-0303 Malicious Email Activity
78.186.157.101	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	TR Hive Case 4237 TO-S-2021-0910 Malware Activity
78.186.205.162	24	FT	None	2020-11-09 00:00:00	2021-02-09 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=162,TR)
78.186.206.50	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	TR TO-S-2020-0298 Malicious Email Activity
78.186.216.101	32	srm	None	2021-01-29 00:00:00	2021-04-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=101,TR)
78.186.6.62	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	TR TO-S-2020-0303 Malicious Email Activity
78.186.60.157	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	TR TO-S-2020-0298 Malicious Email Activity
78.186.61.116	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	TR TO-S-2020-0303 Malicious Email Activity
78.186.66.147	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	TR TO-S-2020-0331 Malicious Web Application Activity
78.187.16.244	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	TR Hive Case 4237 TO-S-2021-0910 Malware Activity
78.187.195.16	32	srm	None	2021-01-29 00:00:00	2021-04-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=16,TR)
78.187.200.95	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	TR TO-S-2020-0303 Malicious Email Activity
78.187.207.63	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	TR TO-S-2020-0331 Malicious Web Application Activity
78.187.238.13	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	TR TO-S-2020-0303 Malicious Email Activity
78.187.3.191	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	TR TO-S-2020-0303 Malicious Email Activity
78.187.60.150	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=150,TR)
78.187.7.92	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	TR TO-S-2020-0303 Malicious Email Activity
78.187.79.253	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	TR TO-S-2020-0331 Malicious Web Application Activity
78.187.93.71	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=71,TR)
78.188.140.135	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	TR Hive Case 4237 TO-S-2021-0910 Malware Activity
78.188.2.14	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	TR TO-S-2020-0298 Malicious Email Activity
78.188.204.187	24	RB	None	2021-01-27 00:00:00	2021-04-27 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6hr failed logons (IP=187,TR)
78.188.22.9	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	TR TO-S-2020-0303 Malicious Email Activity
78.188.39.179	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	TR TO-S-2021-0876 Hive Case 4166 Malware Activity
78.188.41.178	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=178,TR)
78.188.50.242	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	TR TO-S-2020-0303 Malicious Email Activity
78.188.70.163	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	TR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
78.188.82.27	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	TR Hive Case 4237 TO-S-2021-0910 Malware Activity
78.189.108.8	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	TR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
78.189.176.90	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	TR TO-S-2020-0303 Malicious Email Activity
78.189.184.100	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	TR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
78.189.188.144	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	TR TO-S-2020-0331 Malicious Web Application Activity
78.189.190.196	32	srm	None	2021-01-29 00:00:00	2021-04-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=196,TR)
78.189.207.47	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	TR TO-S-2020-0303 Malicious Email Activity
78.189.208.49	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	TR TO-S-2020-0298 Malicious Email Activity
78.189.213.11	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	TR Hive Case 4237 TO-S-2021-0910 Malware Activity
78.189.215.195	32	TLM	None	2021-06-17 00:00:00	2021-12-17 00:00:00	None	HIVE Case #5644 TO-S-2021-1352 (IP=195,TR)
78.189.26.13	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	TR TO-S-2020-0303 Malicious Email Activity
78.189.45.229	32	srm	None	2021-01-29 00:00:00	2021-04-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=229,TR)
78.189.48.20	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	TR TO-S-2021-0876 Hive Case 4166 Malware Activity
78.189.60.109	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	TR TO-S-2021-0876 Hive Case 4166 Malware Activity
78.193.48.41	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	FR TO-S-2020-0493 Malware Activity
78.196.124.149	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	HIVE Case #Firepower Firepower (IP=149,FR)
78.202.107.81	24	BB	None	2021-09-19 00:00:00	2021-12-18 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=81,FR)
78.204.52.203	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	FR TO-S-2020-0303 Malicious Email Activity
78.206.72.122	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	FR TO-S-2020-0459 Malware Activity
78.211.240.194	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	FR TO-S-2020-0459 Malware Activity
78.213.225.116	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	FR TO-S-2020-0459 Malware Activity
78.216.98.162	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	FR TO-S-2020-0303 Malicious Email Activity
78.228.73.155	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	FR TO-S-2020-0459 Malware Activity
78.228.84.123	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	FR TO-S-2020-0459 Malware Activity
78.23.172.81	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=81,BE)
78.230.208.54	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	FR TO-S-2020-0298 Malicious Email Activity
78.230.75.133	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	FR TO-S-2020-0493 Malware Activity
78.233.172.153	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	FR TO-S-2020-0331 Malicious Web Application Activity
78.234.37.213	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	FR TO-S-2020-0331 Malicious Web Application Activity
78.238.195.83	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	FR TO-S-2020-0459 Malware Activity
78.239.116.67	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	FR TO-S-2020-0459 Malware Activity
78.239.116.67	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	FR TO-S-2020-0459 Malware Activity
78.24.191.72	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	HU Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
78.24.216.129	24	BB	None	2021-07-13 00:00:00	2021-10-11 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=129,RU)
78.245.106.138	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	FR TO-S-2020-0459 Malware Activity
78.247.6.88	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	FR TO-S-2020-0298 Malicious Email Activity
78.25.128.0	19	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	RU Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
78.29.74.83	32	jkc	None	2020-06-26 00:00:00	2021-06-26 00:00:00	None	Case # 3146 - IOC_ CTO 20-172 malicious callback IP (ip=83,RU)
78.31.205.158	32	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	GB TO-S-2020-0322 Malware Activity
78.31.67.30	32	dbc	None	2020-09-17 00:00:00	2021-09-17 00:00:00	None	DE TO-S-2020-0805 Malicious Web Application Activity
78.36.11.209	24	RR	None	2021-02-26 00:00:00	2021-05-27 00:00:00	None	FTP Login Failed - Failed Logons (IP=209,RU)
78.40.216.0	22	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	RU Hive Case 4187 TO-S-2021-0898 Malware Activity
78.40.219.152	32	wmp	None	2020-10-22 00:00:00	2021-01-20 00:00:00	None	HIVE Case #4172 CTO-20-295 (IP=152,RU)
78.40.219.213	32	wmp	None	2020-10-22 00:00:00	2021-01-20 00:00:00	None	HIVE Case #4172 CTO-20-295 (IP=213,RU)
78.41.204.32	32	dbc	None	2020-09-23 00:00:00	2021-09-23 00:00:00	None	NL TO-S-2020-0826 Hive Case 3950 Malicious Email Activity
78.41.204.33	32	dbc	None	2020-09-23 00:00:00	2021-09-23 00:00:00	None	NL TO-S-2020-0826 Hive Case 3950 Malicious Email Activity
78.41.204.35	32	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	NL TO-S-2020-0838 Malicious Email Activity
78.46.105.102	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	DE TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
78.46.145.66	32	dbc	None	2020-09-17 00:00:00	2021-09-17 00:00:00	None	DE TO-S-2020-0805 Malicious Email Activity
78.46.209.96	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	DE TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
78.46.7.81	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	DE Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
78.47.71.23	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	DE TO-S-2020-0331 Malware Activity
78.47.72.137	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	DE TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
78.47.72.222	32	kmw	None	2020-01-02 00:00:00	2021-01-02 00:00:00	None	DE TO-S-2020-0228 Malicious Web Application Activity
78.57.192.253	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	US TO-S-2020-0303 Malicious Web Application Activity
78.58.182.110	24	KH	None	2021-09-04 00:00:00	2021-12-03 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - Failed Logons (IP=110,LT)
78.72.138.96	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	SE Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
78.73.196.171	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=171,SE)
78.8.225.77	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	PL TO-S-2020-0298 Malicious Email Activity
78.8.58.117	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	PL TO-S-2020-0331 Malicious Web Application Activity
78.80.198.208	24	GM	None	2021-02-14 00:00:00	2021-05-14 00:00:00	None	SERVER-WEBAPP LifeRay arbitrary Java object deserialization attempt - Web Attacks (IP=208,CZ)
78.82.132.28	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	SE TO-S-2020-0493 Malware Activity
78.83.112.0	20	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	BG TO-S-2020-0331 Malicious Web Application Activity
78.92.200.56	32	TLM	None	2021-06-10 00:00:00	2021-12-10 00:00:00	None	HIVE CASE #5606 TO-S-2021-1338
79.1.154.59	24	KH	None	2021-09-12 00:00:00	2021-12-11 00:00:00	None	Drupal Core CVE-2018-7600 Form Rendering Post_render RCE - FE IPS (IP=59,IT)
79.1.255.86	24	KH	None	2021-09-22 00:00:00	2021-12-21 00:00:00	None	Drupal Core CVE-2018-7600 Form Rendering Post_render RCE - Sourcefire (IP=86,IT)
79.103.61.78	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	GR TO-S-2020-0303 Malicious Email Activity
79.106.26.146	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	AL TO-S-2020-0493 Malware Activity
79.106.35.130	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	AL TO-S-2020-0298 Malicious Email Activity
79.107.114.119	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	GR TO-S-2020-0298 Malicious Email Activity
79.107.188.99	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	GR TO-S-2020-0298 Malicious Email Activity
79.107.212.133	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	GR TO-S-2020-0298 Malicious Email Activity
79.107.217.115	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	GR TO-S-2020-0303 Malicious Email Activity
79.107.229.211	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	GR TO-S-2020-0298 Malicious Email Activity
79.107.234.226	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	GR TO-S-2020-0303 Malicious Email Activity
79.107.242.224	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	GR TO-S-2020-0298 Malicious Email Activity
79.107.248.165	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	GR TO-S-2020-0298 Malicious Email Activity
79.107.252.129	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	GR TO-S-2020-0303 Malicious Email Activity
79.107.252.82	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	GR TO-S-2020-0331 Malicious Web Application Activity
79.107.89.184	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	GR TO-S-2020-0298 Malicious Email Activity
79.110.24.226	32	dbc	None	2020-09-01 00:00:00	2021-09-01 00:00:00	None	NL HIVE Case #3744 TO-S-2020-0772 Malicious Email Activity
79.110.24.4	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	NL TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
79.110.52.14	32	wmp	None	2021-02-12 00:00:00	2021-05-12 00:00:00	None	Palo Alto Remote Command Injection Vuln (IP=14,NL)
79.110.52.228	24	KD	None	2021-08-26 00:00:00	2021-11-24 00:00:00	None	SQL injection - 6HR Web Attacks (IP=228,NL)
79.115.60.241	24	GM	None	2021-01-22 00:00:00	2021-04-22 00:00:00	None	OS-OTHER Bash CGI environment variable injection attempt - Web Attacks (IP=241,RO)
79.124.56.247	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	BG TO-S-2020-0298 Malicious Email Activity
79.124.59.82	32	NAB	None	2020-10-30 00:00:00	2021-01-28 00:00:00	None	HIVE Case #4238 COLS-NA-TIP-20-0344 (IP=82,BG)
79.124.59.84	32	NAB	None	2020-10-30 00:00:00	2021-01-28 00:00:00	None	HIVE Case #4238 COLS-NA-TIP-20-0344 (IP=84,BG)
79.124.60.40	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	BG TO-S-2020-0303 Malicious Email Activity
79.124.62.10	32	NAB	None	2021-05-04 00:00:00	2021-11-04 00:00:00	None	HIVE Case #5344 TO-S-21-1245 (IP=10,BG)
79.124.62.14	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	BG Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
79.124.8.120	32	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	GB TO-S-2020-0838 Malicious Email Activity
79.125.160.0	19	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	MK Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
79.129.105.225	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	GR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
79.129.58.217	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	GR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
79.132.10.94	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	BG TO-S-2020-0303 Malicious Email Activity
79.132.9.73	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	BG TO-S-2020-0303 Malicious Email Activity
79.134.234.247	32	jky	None	2017-01-06 06:00:00	2021-06-14 00:00:00	None	TO-S-2017-0381 GRIZZLY STEPPE indicators from JAR 16-20296A | updated by DT Block was inactive. Reactivated on 20210314 with reason HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00682 (IP=247,CH)
79.135.64.0	20	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	RU TO-S-2020-0331 Malicious Web Application Activity
79.137.105.77	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	FR TO-S-2020-0459 Malware Activity
79.137.126.100	24	BMP	None	2020-11-06 00:00:00	2021-02-05 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6hr Failed Logons (IP=100,FR)
79.137.32.179	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	FR TO-S-2020-0493 Malware Activity
79.137.33.56	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	FR TO-S-2020-0459 Malware Activity
79.137.37.62	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	FR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
79.137.73.163	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	FR TO-S-2020-0459 Malware Activity
79.137.79.167	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	FR TO-S-2021-1007 Malware Activity
79.140.0.0	20	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	UA TO-S-2020-0331 Malicious Web Application Activity
79.140.144.0	20	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	US TO-S-2020-0303 Malicious Email Activity
79.142.95.0	24	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	KZ TO-S-2020-0331 Malicious Web Application Activity
79.143.186.114	32	GM	None	2020-03-07 00:00:00	2021-10-29 00:00:00	None	Known Attack Tool User Agent - TT# 20C02042 (IP=114,US) | updated by dbc Block was inactive. Reactivated on 20201029 with reason DE Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
79.143.62.0	24	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,DE)
79.148.237.33	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=33,ES)
79.150.249.94	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	ES TO-S-2020-0535 Malware Activity
79.151.200.247	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	ES TO-S-2020-0303 Malicious Email Activity
79.158.239.183	24	RB	None	2021-03-18 00:00:00	2021-06-16 00:00:00	None	HTTP: SQL Injection - Exploit - 6hr web attacks (IP=183,ES)
79.166.124.62	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	GR TO-S-2020-0331 Malicious Web Application Activity
79.166.155.37	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	GR TO-S-2020-0298 Malicious Email Activity
79.166.32.125	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	GR TO-S-2020-0298 Malicious Email Activity
79.166.94.207	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	GR TO-S-2020-0303 Malicious Email Activity
79.167.185.196	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	GR TO-S-2020-0331 Malicious Web Application Activity
79.167.230.145	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	GR TO-S-2020-0331 Malicious Web Application Activity
79.170.198.81	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=81,GB)
79.170.31.173	24	BB	None	2021-09-10 00:00:00	2021-12-09 00:00:00	None	Malicious.LIVE.DTI.URL - CMS (IP=173,RU)
79.170.40.36	32	kmw	None	2020-01-02 00:00:00	2021-01-02 00:00:00	None	GB TO-S-2020-0228 Malicious Email Activity
79.170.40.53	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	GB TO-S-2021-1007 Malicious Email Activity
79.170.44.106	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	DE TO-S-2020-0459 Malware Activity
79.170.44.85	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	DE TO-S-2020-0459 Malware Activity
79.171.39.13	32	dbc	None	2020-03-24 00:00:00	2021-03-24 00:00:00	None	GB TO-S-2020-0369 Malicious Email Activity
79.172.212.132	24	BMP	None	2021-09-07 00:00:00	2021-12-06 00:00:00	None	HTTP: Apache Struts ConversionErrorInterceptor OGNL ScriptInjection - TT# 21C01768 (IP=132,HU)
79.172.235.93	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	HU TO-S-2020-0298 Malicious Email Activity
79.172.252.112	32	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	HU TO-S-2020-0838 Malicious Email Activity
79.173.249.40	32	DT	None	2021-03-30 00:00:00	2021-06-28 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=40,US)
79.173.251.0	24	TLM	None	2021-06-10 00:00:00	2021-12-10 00:00:00	None	HIVE CASE #5606 TO-S-2021-1338
79.174.24.188	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	AL Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
79.188.188.124	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	PL TO-S-2020-0303 Malicious Email Activity
79.188.20.254	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	PL TO-S-2020-0298 Malicious Email Activity
79.2.211.133	32	srm	None	2021-01-29 00:00:00	2021-04-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=133,IT)
79.221.129.72	24	UA	None	2021-08-13 00:00:00	2021-11-11 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - 6hr Web Attacks - (IP=72,DE)
79.222.50.41	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=41,DE)
79.42.5.218	24	EE	None	2021-03-10 00:00:00	2021-06-10 00:00:00	None	SSH User Authentication Brute Force Attempt - 6 HR Failed Logon (IP=218,IT)
79.61.12.87	32	srm	None	2021-04-27 00:00:00	2021-07-26 00:00:00	None	Firepower Suspicious Scan Activity (IP=87,IT)
79.68.241.61	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	GB TO-S-2020-0459 Malware Activity
79.78.46.116	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	GB TO-S-2020-0331 Malicious Web Application Activity
79.79.24.104	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	GB Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
79.91.93.214	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	FR TO-S-2020-0459 Malware Activity
79.96.214.237	32	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	PL TO-S-2020-0838 Malicious Email Activity
79.96.29.114	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	PL TO-S-2020-0331 Malicious Email Activity
79.98.27.233	24	FT	None	2021-04-06 00:00:00	2021-07-05 00:00:00	None	SQL injection - 6hr web attacks (IP=233,LT)
79.99.184.12	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	NL Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
79.99.203.51	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	BE Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
8.129.1.203	24	UA	None	2021-05-31 00:00:00	2021-08-29 00:00:00	None	HTTP: PHPUnit Remote Code Execution - Exploit - Web Attacks (IP=203,CN)
8.129.161.76	32	TLM	None	2021-06-10 00:00:00	2021-12-10 00:00:00	None	HIVE CASE #5606 TO-S-2021-1338
8.129.173.48	24	RB	None	2021-04-10 00:00:00	2021-07-09 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr web attacks (IP=48,CN)
8.129.209.125	32	wmp	None	2020-08-20 00:00:00	2021-10-08 00:00:00	None	HIVE Case #3601 COLS-NA-TIP-20-0260 (IP=125,CN) | updated by dbc Block expiration extended with reason HIVE Case #4064 TO-S-2020-0859 (IP=125,CN)
8.129.209.71	24	GM	None	2020-11-29 00:00:00	2021-03-01 00:00:00	None	Generic URI Injection wget Attempt - FireEye CMS (IP=71,SG)
8.129.225.227	24	ZH	None	2021-08-22 00:00:00	2021-11-20 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - 6hr Web Attacks (IP=227,CN)
8.129.47.187	24	BMP	None	2021-02-20 00:00:00	2021-05-20 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - 6hr Web Attacks (IP=187,CN)
8.129.5.119	24	RB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Sourcefire (IP=119,CN)
8.131.69.203	32	TLM	None	2021-06-17 00:00:00	2021-12-17 00:00:00	None	HIVE Case #5644 TO-S-2021-1352 (IP=203,CN)
8.131.97.192	24	FT	None	2021-04-08 00:00:00	2021-07-07 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=192,CN)
8.133.166.62	24	GM	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=62,CN)
8.133.170.246	24	RB	None	2021-03-29 00:00:00	2021-06-27 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr web attacks (IP=246,CN)
8.133.179.231	24	BMP	None	2021-04-02 00:00:00	2021-08-10 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=231,CN) | updated by RB Block expiration extended with reason HTTP: PHPUnit Remote Code Execution Vulnerability - 6hr web attacks (IP=231,CN)
8.133.191.173	24	PS	None	2021-05-27 00:00:00	2021-08-25 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - SourceFire (1:45749:2) (IP=173,CN)
8.134.11.246	24	GM	None	2021-04-14 00:00:00	2021-07-14 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=246,SG)
8.135.96.5	24	RW	None	2021-05-02 00:00:00	2021-08-02 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web attacks (IP=5,CN)
8.135.99.5	24	KH	None	2021-07-19 00:00:00	2021-10-17 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6 hr Web Attacks (IP=5,CN)
8.136.10.10	24	PS	None	2021-06-03 00:00:00	2021-12-13 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=10,CN) | updated by KD Block was inactive. Reactivated on 20210914 with reason PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 21C01852 (IP=10,AU)
8.136.104.19	24	AR	None	2021-09-18 00:00:00	2021-12-21 00:00:00	None	Attempted Access - Inbound Brute Force - TT#21C01883 (IP=19,CN)
8.136.138.98	24	BMP	None	2021-03-25 00:00:00	2021-06-23 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=98,CN)
8.136.145.195	24	DT	None	2021-03-25 00:00:00	2021-06-23 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=195,CN)
8.14.158.226	32	BMP	None	2021-03-07 00:00:00	2021-06-07 00:00:00	None	INDICATOR-COMPROMISE PHP backdoor communication attempt (1:50950:1) - SourceFire (IP=226,US)
8.141.51.166	24	EE	None	2021-04-02 00:00:00	2021-07-01 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=166,CN)
8.141.58.148	24	RW	None	2021-03-25 00:00:00	2021-06-25 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Sourcefire (IP=148,CN)
8.142.11.3	24	ZH	None	2021-07-24 00:00:00	2021-10-22 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=3,CN)
8.142.50.138	24	EE	None	2021-03-27 00:00:00	2021-06-25 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=138,CN)
8.142.69.217	32	AR	None	2021-09-14 00:00:00	2021-12-13 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 21C01844 (IP=217,US)
8.2.72.6	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	US TO-S-2020-0303 Malicious Web Application Activity
8.208.87.209	24	RB	None	2021-07-01 00:00:00	2021-09-29 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=209,GB)
8.21.110.75	32	RR	None	2021-08-30 00:00:00	2021-11-28 00:00:00	None	SQL injection - Web Attacks (IP=75,US)
8.210.94.133	24	SW	None	2021-06-01 00:00:00	2021-08-30 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks(IP=133,SG)
8.210.94.133	24	SW	None	2021-06-01 00:00:00	2021-08-30 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks(IP=133,SG)
8.214.19.98	24	AR	None	2021-07-12 00:00:00	2021-10-10 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=181,SG)
8.214.19.98	24	KH	None	2021-07-12 00:00:00	2021-10-10 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6 hr Web Attacks (IP=98,SG)
8.26.21.117	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	US TO-S-2020-0303 Malware Activity
8.26.21.119	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	US TO-S-2020-0303 Malware Activity
8.26.21.223	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	US TO-S-2020-0303 Malware Activity
8.26.94.6	32	RB	None	2021-02-07 00:00:00	2021-05-08 00:00:00	None	Unauthorized Access-Probe / UDP: Host Sweep - TT# 21C00475 (IP=6,CA)
8.29.157.202	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	US Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
8.3.123.25	32	wmp	None	2021-03-11 00:00:00	2021-06-11 00:00:00	None	ArcSight High Attacker (IP=25,GU)
8.30.159.136	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=136,US)
8.36.217.136	24	EE	None	2021-01-15 00:00:00	2021-04-15 00:00:00	None	FTP Login Failed - 6 HR Failed Logon - (IP=136,BR)
8.36.51.64	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=64,US)
8.36.53.73	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=73,US)
8.36.53.82	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=82,US)
8.39.127.174	24	WR	None	2021-05-28 00:00:00	2021-08-27 00:00:00	None	Attempted Access - Inbound Brute Force - TT# 21C01228 (IP=174,HK)
8.40.107.6	24	DT	None	2021-08-31 00:00:00	2021-11-29 00:00:00	None	SQL injection - Web Attacks (IP=6,PL)
8.42.84.155	32	GM	None	2021-03-27 00:00:00	2021-06-25 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=155,US)
80.10.12.251	24	RW	None	2021-03-24 00:00:00	2021-06-24 00:00:00	None	FTP Login Failed - 6 hr failed logons (IP=251,JO)
80.103.176.241	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	ES TO-S-2020-0298 Malicious Email Activity
80.109.240.71	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	AT TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
80.11.165.4	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=4,FR)
80.110.34.113	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	AT Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
80.116.140.215	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	IT TO-S-2020-0303 Malicious Email Activity
80.117.1.38	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	IT TO-S-2020-0298 Malicious Email Activity
80.117.68.177	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	IT TO-S-2020-0331 Malicious Web Application Activity
80.118.243.189	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	FR TO-S-2020-0459 Malware Activity
80.12.83.99	32	dbc	None	2020-01-08 00:00:00	2021-01-08 00:00:00	None	FR TO-S-2020-0236 Malicious Email Activity
80.13.136.99	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	FR TO-S-2020-0459 Malware Activity
80.13.161.142	24	KD	None	2021-09-16 00:00:00	2021-12-15 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt - Web Attacks (IP=142,FR)
80.13.208.251	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	FR TO-S-2020-0459 Malware Activity
80.14.154.207	24	KH	None	2021-09-04 00:00:00	2021-12-03 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt - 6hr Web Attacks (IP=207,FR)
80.14.214.116	24	RW	None	2021-05-02 00:00:00	2021-08-02 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - Web attacks (IP=116,FR)
80.14.216.204	24	BMP	None	2021-04-01 00:00:00	2021-06-30 00:00:00	None	HTTP: Apache mod_cgi Bash Environment Variable Code Injection - 6hr Web Attacks (IP=204,FR)
80.147.55.96	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	DE TO-S-2020-0298 Malicious Email Activity
80.15.113.208	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	FR TO-S-2020-0459 Malware Activity
80.150.16.216	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	DE TO-S-2020-0303 Malicious Email Activity
80.150.6.143	32	dbc	None	2020-06-08 00:00:00	2021-06-08 00:00:00	None	DE TO-S-2020-0592 Malicious Email Activity
80.151.205.52	24	RW	None	2021-02-09 00:00:00	2021-05-09 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Sourcefire (IP=52,DE)
80.153.127.13	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	DE TO-S-2020-0298 Malicious Email Activity
80.16.108.222	32	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5629 TO-S-2021-1303 (IP=222,IT)
80.17.57.197	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	IT TO-S-2020-0493 Malware Activity
80.172.252.166	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	PT Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
80.179.219.10	32	dbc	None	2020-06-10 00:00:00	2021-06-10 00:00:00	None	Unaffiliated TO-S-2020-0601 Malicious Email Activity
80.18.113.223	32	RW	None	2020-04-03 00:00:00	2021-05-07 00:00:00	None	Known Attack Tool User Agent - TT# 20C02345 (IP=223,IT) | updated by dbc Block was inactive. Reactivated on 20200507 with reason IT TO-S-2020-0493 Malware Activity
80.180.176.216	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	IT TO-S-2020-0331 Malicious Web Application Activity
80.182.217.131	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	IT Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
80.185.91.246	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	FR TO-S-2020-0459 Malware Activity
80.188.225.248	24	RW	None	2021-03-25 00:00:00	2021-06-25 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=248,CZ)
80.191.196.0	24	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5637 TO-S-2021-1321 (IP=0,IR)
80.194.117.83	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=83,GB)
80.2.221.214	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	GB TO-S-2020-0331 Malicious Web Application Activity
80.209.224.0	20	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	LT TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
80.209.241.4	32	NAB	None	2021-05-11 00:00:00	2021-11-11 00:00:00	None	HIVE Case #5422 DARKSIDE Ransomware (IP=4,US)
80.21.170.254	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	IT Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
80.21.75.143	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	IT TO-S-2020-0493 Malware Activity
80.210.32.0	19	dbc	None	2020-09-17 00:00:00	2021-09-17 00:00:00	None	IR TO-S-2020-0805 Malware Activity
80.211.13.247	32	wmp	None	2021-04-19 00:00:00	2021-07-19 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=247,IT)
80.211.14.166	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	IT TO-S-2020-0303 Malicious Email Activity
80.211.141.169	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	IT Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
80.211.141.169	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	IT Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
80.211.142.163	32	wmp	None	2020-09-25 00:00:00	2021-10-29 00:00:00	None	HIVE Case #3980 COLS-NA-TIP-20-0305 (IP=163,IT) | updated by dbc Block expiration extended with reason IT Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
80.211.21.116	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	IT TO-S-2020-0535 Malware Activity
80.211.212.182	24	KD	None	2021-09-14 00:00:00	2021-12-13 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Sourcefire Report (IP=182,CZ)
80.211.6.136	32	CR	None	2019-12-27 00:00:00	2021-10-29 00:00:00	None	Known Attack Tool User Agent/28744: HTTP: MASSCAN Tool Usage - TT# 20C01248 (IP=136,US) | updated by dbc Block was inactive. Reactivated on 20201029 with reason IT Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
80.211.8.127	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	IT Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
80.211.86.25	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	IT Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
80.216.197.32	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	SE TO-S-2020-0331 Malicious Web Application Activity
80.217.145.56	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	SE Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
80.219.133.94	24	RR	None	2021-05-22 00:00:00	2021-08-20 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - Web Attacks (IP=94,CH)
80.22.178.53	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	IT TO-S-2020-0493 Malware Activity
80.22.8.239	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	IT TO-S-2020-0493 Malware Activity
80.22.8.239	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	IT TO-S-2020-0493 Malware Activity
80.227.32.0	19	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	AE TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
80.229.182.64	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	GB Hive Case 4237 TO-S-2021-0910 Malware Activity
80.23.129.77	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	IT Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
80.232.171.241	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	LV Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
80.232.249.134	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	LV TO-S-2020-0331 Malicious Web Application Activity
80.235.53.155	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	EE TO-S-2020-0331 Malicious Web Application Activity
80.24.102.133	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	ES Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
80.240.25.98	32	dbc	None	2019-10-25 00:00:00	2021-08-24 00:00:00	None	DE TO-S-2020-0065 Malicious Web Application Activity | updated by dbc Block expiration extended with reason DE TO-S-2020-0750 Malicious Email Activity
80.240.48.0	20	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	RU TO-S-2020-0298 Malicious Email Activity
80.241.211.186	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	DE TO-S-2020-0298 Malicious Email Activity
80.241.218.189	32	TLM	None	2021-07-29 00:00:00	2021-10-27 00:00:00	None	HIVE Case #5884 TO-S-2021-1435 (IP=189,DE)
80.241.220.17	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	DE TO-S-2020-0303 Malicious Email Activity
80.242.33.201	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	SK Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
80.243.160.0	20	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	AT TO-S-2020-0331 Malicious Email Activity
80.246.81.18	32	srm	None	2021-04-20 00:00:00	2021-07-19 00:00:00	None	Firepower Suspicious Scan Activity (IP=18,RU)
80.246.81.23	32	srm	None	2021-04-23 00:00:00	2021-07-22 00:00:00	None	Firepower Suspicious Scan Activity (IP=23,RU)
80.247.175.21	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	NL TO-S-2021-1007 Malicious Email Activity
80.247.235.139	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	FR TO-S-2020-0493 Malware Activity
80.249.176.0	20	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	RU TO-S-2021-0876 Hive Case 4166 Malware Activity
80.250.114.239	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	EE TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
80.253.16.0	20	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5637 TO-S-2021-1321 (IP=0,RU)
80.255.3.116	32	kmw	None	2020-01-02 00:00:00	2021-01-02 00:00:00	None	DE TO-S-2020-0228 Malicious Email Activity
80.255.3.90	32	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	DE TO-S-2020-0315 Malicious Email Activity
80.26.18.76	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	ES TO-S-2021-1007 Unknown Malicious Activity
80.27.4.113	24	KH	None	2021-09-22 00:00:00	2021-12-21 00:00:00	None	Drupal Core CVE-2018-7600 Form Rendering Post_render RCE - Sourcefire (IP=113,ES)
80.28.153.238	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=238,ES)
80.33.31.188	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	ES TO-S-2020-0331 Malicious Web Application Activity
80.41.140.191	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	GB TO-S-2020-0331 Malicious Web Application Activity
80.41.159.84	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	GB TO-S-2020-0331 Malicious Web Application Activity
80.41.170.15	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	GB TO-S-2020-0298 Malicious Email Activity
80.41.201.210	32	TLM	None	2021-07-29 00:00:00	2021-10-27 00:00:00	None	HIVE Case #5884 TO-S-2021-1435 (IP=210,GB)
80.41.90.251	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	GB TO-S-2020-0331 Malicious Web Application Activity
80.44.36.22	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	GB TO-S-2020-0298 Malicious Email Activity
80.48.191.129	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	PL TO-S-2020-0303 Malicious Email Activity
80.57.198.112	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	NL TO-S-2020-0303 Malicious Email Activity
80.57.69.249	24	KD	None	2021-09-05 00:00:00	2021-12-04 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - Web Attacks (IP=249,NL)
80.67.17.168	32	dbc	None	2020-05-13 00:00:00	2021-05-13 00:00:00	None	Unaffiliated TO-S-2020-0503 Malicious Email Activity
80.67.180.249	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	FR TO-S-2020-0459 Malware Activity
80.67.32.66	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=66,NL)
80.73.80.0	20	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	RU TO-S-2020-0298 Malicious Email Activity
80.74.128.0	20	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	CH TO-S-2020-0322 Malware Activity
80.74.144.0	20	kmw	None	2020-01-02 00:00:00	2021-01-02 00:00:00	None	CH TO-S-2020-0228 Malicious Email Activity
80.78.132.204	24	KH	None	2021-06-29 00:00:00	2021-09-27 00:00:00	None	SERVER-WEBAPP VMWare vSphere Client remote code execution attempt - 6hr web attacks (IP=204,DE)
80.78.240.110	24	EE	None	2021-03-27 00:00:00	2021-06-25 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=110,RU)
80.78.255.244	32	srm	None	2021-04-07 00:00:00	2021-07-07 00:00:00	None	Firepower Suspicious Scan Activity (IP=244,RU)
80.79.115.130	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	EE Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
80.80.112.0	20	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	RU TO-S-2020-0331 Malicious Web Application Activity
80.82.222.247	24	BMP	None	2021-03-13 00:00:00	2021-06-13 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=247,DE)
80.82.222.247	24	DT	None	2021-03-13 00:00:00	2021-06-13 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=247,DE)
80.82.67.138	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	NL TO-S-2020-0303 Malicious Reconnaissance Activity
80.82.67.184	32	kmw	None	2020-01-02 00:00:00	2021-01-02 00:00:00	None	NL TO-S-2020-0228 Malware Activity
80.82.67.209	32	kmw	None	2020-01-02 00:00:00	2021-01-02 00:00:00	None	NL TO-S-2020-0228 Malware Activity
80.82.68.18	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	NL Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
80.82.68.68	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	NL Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
80.82.68.70	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	NL Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
80.82.68.72	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	NL Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
80.82.69.71	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	NL Hive Case 4237 TO-S-2021-0910 Malware Activity
80.82.70.228	32	wmp	None	2021-06-15 00:00:00	2021-09-15 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=228,SC)
80.82.75.154	24	EE	None	2021-03-27 00:00:00	2021-06-25 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=154,NL)
80.82.76.132	24	EE	None	2021-01-15 00:00:00	2021-04-15 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt (1:28556:3) - SourceFire (IP=132,NL)
80.82.76.85	24	KD	None	2021-08-03 00:00:00	2021-11-01 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt (1:28556:3) - Sourcefire (IP=85,NL)
80.82.77.139	24	ZH	None	2021-06-18 00:00:00	2021-09-16 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire Rpt (IP=139,NL)
80.82.78.39	32	wmp	None	2021-06-24 00:00:00	2021-09-24 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=39,NL)
80.82.79.12	32	dbc	None	2020-03-24 00:00:00	2021-03-24 00:00:00	None	DE TO-S-2020-0369 Malicious Email Activity
80.83.22.152	24	RB	None	2021-03-30 00:00:00	2021-06-28 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6hr failed logons (IP=152,CN)
80.85.86.175	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	GB TO-S-2020-0298 Malicious Email Activity
80.86.192.0	20	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	CH TO-S-2020-0459 Malware Activity
80.86.82.135	24	RR	None	2021-03-09 00:00:00	2021-06-07 00:00:00	None	SERVER-OTHER AnyDesk Discovery Feature crafted hostname remote code execution attempt ) - SourceFire (IP=135,DE)
80.87.144.0	20	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	RU TO-S-2020-0298 Malicious Email Activity
80.87.192.0	23	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	RU Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
80.87.200.0	23	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,RU)
80.87.210.42	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	SK TO-S-2020-0298 Malicious Email Activity
80.88.87.240	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	IT TO-S-2020-0459 Malware Activity
80.90.87.67	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	US TO-S-2020-0303 Malicious Email Activity
80.94.225.42	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	Unaffiliated TO-S-2020-0535 Malicious Email Activity
80.94.93.16	32	GM	None	2021-01-12 00:00:00	2021-04-12 00:00:00	None	Unauthorized Access-Probe//UDP: Host Sweep - TT # 21C00403 (IP=16,NL)
80.94.93.19	32	RR	None	2020-12-30 00:00:00	2021-04-01 00:00:00	None	Unauthorized Access-Probe/UDP: Host Sweep - IR# 21C00375 (IP=19,NL)
80.94.93.69	32	BMP	None	2020-12-16 00:00:00	2021-03-16 00:00:00	None	Unauthorized Access-Probe / UDP: Host Sweep - TT# 21C00295 (IP=69,NL)
80.94.93.71	32	BMP	None	2020-12-16 00:00:00	2021-03-16 00:00:00	None	Unauthorized Access-Probe / UDP: Host Sweep - TT# 21C00292 (IP=71,NL)
80.94.93.74	32	BMP	None	2020-12-16 00:00:00	2021-03-16 00:00:00	None	Unauthorized Access-Probe / UDP: Host Sweep - TT# 21C00296 (IP=74,NL)
80.98.148.184	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	HU TO-S-2020-0331 Malicious Web Application Activity
80.99.230.146	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	HU Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
8009314123.adollarchange.com	---	TLM	None	2021-06-15 00:00:00	2021-09-13 00:00:00	2023-01-19 22:57:32	HIVE Case #5605 TO-S-2021-1338
804gtd.com	---	jkc	None	2020-07-20 00:00:00	2021-07-21 00:00:00	2023-01-19 22:42:03	hive case # 3387 CTO 20-199 Malicious Domain
81.0.104.142	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=142,HU)
81.0.64.6	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	HU Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
81.139.213.68	24	FT	None	2021-03-27 00:00:00	2021-06-25 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=,GB)
81.141.180.28	24	RB	None	2021-03-16 00:00:00	2021-06-16 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - Sourcefire (IP=28,GB)
81.15.197.58	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	PL TO-S-2020-0331 Malicious Web Application Activity
81.16.141.0	24	wmp	None	2020-09-01 00:00:00	2021-09-01 00:00:00	None	HIVE Case #3708 TO-S-2020-0766 (IP=0,RU) | updated by dbc Block expiration extended with reason RU HIVE Case #3744 TO-S-2020-0772 Malicious Email Activity
81.16.240.0	20	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	GE TO-S-2020-0298 Malicious Email Activity
81.16.28.112	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	DE Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
81.16.28.115	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	DE TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
81.16.29.140	32	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	NL TO-S-2020-0838 Malicious Email Activity
81.16.33.31	32	RW	None	2021-03-10 00:00:00	2021-06-10 00:00:00	None	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00663 (IP=31,AT)
81.161.63.100	32	NAB	None	2021-05-04 00:00:00	2021-11-04 00:00:00	None	HIVE Case #5344 TO-S-21-1245 (IP=100,CN)
81.163.32.0	19	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	RU Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
81.163.42.194	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	RU TO-S-2020-0303 Malicious Email Activity
81.163.56.158	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	RU TO-S-2020-0303 Malicious Email Activity
81.165.99.58	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	BE TO-S-2020-0298 Malicious Email Activity
81.166.131.227	24	GM	None	2021-02-12 00:00:00	2021-05-12 00:00:00	None	OS-OTHER Bash CGI environment variable injection attempt - Web Attacks (IP=227,NO)
81.169.145.119	32	RR	None	2021-05-04 00:00:00	2021-08-02 00:00:00	None	INDICATOR-OBFUSCATION obfuscated javascript excessive - TT# 21C01120 (IP=119,DE)
81.169.145.148	32	tjh	None	2014-05-02 05:00:00	2021-11-03 00:00:00	None	DE TO-S-2014-0668 | updated by dbc Block was inactive. Reactivated on 20201103 with reason DE Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
81.169.145.148	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	DE Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
81.169.145.151	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	DE TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
81.169.145.156	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	DE TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
81.169.145.157	32	dbc	None	2014-02-12 06:00:00	2021-10-29 00:00:00	None	Malware.archive (ip=157, DE) | updated by dbc Block was inactive. Reactivated on 20201029 with reason DE Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
81.169.145.160	32	tpr	None	2014-01-03 06:00:00	2021-10-29 00:00:00	None	C2 callout tracking.zip | updated by dbc Block was inactive. Reactivated on 20201029 with reason DE Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
81.169.145.162	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	DE TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
81.169.145.164	32	tjh	None	2014-05-02 05:00:00	2021-10-08 00:00:00	None	DE TO-S-2014-0668 | updated by dbc Block was inactive. Reactivated on 20201008 with reason HIVE Case #4064 TO-S-2020-0859 (IP=164,DE)
81.169.145.167	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	DE Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
81.169.145.167	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	DE Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
81.169.145.170	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	DE TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
81.169.145.171	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	DE TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
81.169.145.66	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=66,DE)
81.169.145.72	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	DE Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
81.169.145.73	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	DE TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
81.169.145.74	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	DE TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
81.169.145.76	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	DE TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
81.169.145.77	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=77,DE)
81.169.145.82	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=82,DE)
81.169.145.92	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	DE Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
81.169.145.92	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	DE Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
81.169.145.93	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	DE TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
81.169.192.6	32	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	DE TO-S-2020-0315 Malicious Email Activity
81.169.238.199	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	DE TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
81.169.246.175	24	RB	None	2021-03-29 00:00:00	2021-06-27 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=175,DE)
81.17.16.149	32	DT	None	2021-03-14 00:00:00	2021-06-14 00:00:00	None	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00678 (IP=149,CH)
81.17.16.149	32	DT	None	2021-03-14 00:00:00	2021-06-14 00:00:00	None	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00678 (IP=149,CH) HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00678 (IP=149,CH)
81.17.80.0	20	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	AZ TO-S-2021-0876 Hive Case 4166 Malware Activity
81.174.25.195	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	IT TO-S-2020-0303 Malicious Email Activity
81.177.141.211	24	GL	None	2020-11-18 00:00:00	2021-11-18 00:00:00	None	HIVE Case #4354 Suspicious Domain (IP=211,RU)
81.177.48.13	32	jkc	None	2020-06-26 00:00:00	2021-06-26 00:00:00	None	Case # 3146 - IOC_ CTO 20-172 malicious callback IP (ip=13,RU)
81.18.16.0	20	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	CH TO-S-2020-0322 Malware Activity
81.18.59.251	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	RS Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
81.180.112.0	20	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	OM Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
81.180.84.246	32	RR	None	2021-09-15 00:00:00	2021-12-14 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - TT# 21C01868 (IP=246,MD)
81.180.84.246	24	RB	None	2021-04-06 00:00:00	2021-08-20 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr web attacks (IP=246,MD) | updated by RR Block expiration extended with reason SERVER-WEBAPP PHPUnit PHP remote code execution attempt - SourceFire (IP=246,MD)
81.182.166.108	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	HU TO-S-2020-0303 Malicious Email Activity
81.183.122.63	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	HU TO-S-2020-0298 Malicious Email Activity
81.183.241.61	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	HU Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
81.185.72.140	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	FR TO-S-2020-0459 Malware Activity
81.185.77.84	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	FR TO-S-2020-0331 Malicious Web Application Activity
81.19.211.2	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=2,GB)
81.19.215.11	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	GB TO-S-2020-0459 Malware Activity
81.19.215.20	32	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	GB TO-S-2020-0838 Malicious Email Activity
81.19.215.8	24	JKC	None	2020-06-11 00:00:00	2021-06-11 00:00:00	None	Malicious IP Hive Case 2987 COLS-NA TIP 20-0165 Sharkseer TIP20-2751 (ip=8,
81.19.215.8	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	GB TO-S-2021-1007 Malicious Web Application Activity
81.19.223.180	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	GB TO-S-2020-0750 Malicious Service Distruption Activity
81.19.223.4	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	GB Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
81.190.34.173	32	srm	None	2021-01-29 00:00:00	2021-04-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=173,PL)
81.192.192.254	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=254,MA)
81.200.116.0	24	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	RU TO-S-2020-0322 Malware Activity
81.200.54.50	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	CZ TO-S-2020-0298 Malicious Email Activity
81.200.60.78	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	CZ TO-S-2020-0331 Malicious Web Application Activity
81.201.62.117	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	CZ TO-S-2020-0331 Malicious Web Application Activity
81.201.62.190	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	CZ TO-S-2020-0298 Malicious Email Activity
81.208.42.145	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	IT TO-S-2020-0493 Malware Activity
81.21.75.18	32	wmp	None	2020-08-26 00:00:00	2021-10-08 00:00:00	None	HIVE Case #3650 COLS-NA-TIP-20-0271 (IP=18,DE) | updated by dbc Block expiration extended with reason HIVE Case #4064 TO-S-2020-0859 (IP=18,DE)
81.21.82.225	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	AZ Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
81.21.86.11	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=11,AZ)
81.213.140.99	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	TR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
81.213.151.92	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	TR TO-S-2020-0331 Malicious Web Application Activity
81.213.233.171	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	TR TO-S-2020-0303 Malicious Email Activity
81.214.127.89	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	TR TO-S-2020-0303 Malicious Email Activity
81.214.143.47	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	TR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
81.214.162.15	24	DT	None	2021-08-20 00:00:00	2021-11-18 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - Failed Logons (IP=15,TR)
81.214.164.182	24	AR	None	2021-08-13 00:00:00	2021-11-11 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt (IP=182,TR)
81.214.244.67	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	TR TO-S-2020-0298 Malicious Email Activity
81.214.253.80	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	TR TO-S-2021-0876 Hive Case 4166 Malware Activity
81.214.255.249	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	TR TO-S-2020-0303 Malicious Email Activity
81.214.54.115	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	TR Hive Case 4187 TO-S-2021-0898 Malware Activity
81.214.99.136	24	BMP	None	2021-05-04 00:00:00	2021-08-03 00:00:00	None	HTTP: Grandstream UCM6200 SQL Injection Vulnerability (CVE-2020-5722) - 6hr Web Attacks (IP=136,TR)
81.215.204.75	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	TR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
81.215.205.129	24	RW	None	2021-02-03 00:00:00	2021-05-03 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Sourcefire (IP=129,TR)
81.215.217.127	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	TR TO-S-2020-0303 Malicious Email Activity
81.215.220.0	22	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	TR Hive Case 4187 TO-S-2021-0898 Malware Activity
81.218.0.0	19	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	IL TO-S-2020-0750 Malicious Email Activity
81.218.32.0	19	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	IL TO-S-2020-0750 Malicious Email Activity
81.219.1.1	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	PL TO-S-2020-0298 Malicious Email Activity
81.219.174.76	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	PL TO-S-2020-0331 Malicious Web Application Activity
81.22.240.0	20	dbc	None	2020-06-10 00:00:00	2021-06-10 00:00:00	None	FI TO-S-2020-0601 Malicious Web Application Activity
81.223.238.247	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	AT Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
81.225.154.142	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	SE TO-S-2020-0493 Malware Activity
81.227.25.219	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	SE TO-S-2020-0493 Malware Activity
81.228.25.6	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	SE TO-S-2020-0459 Malware Activity
81.230.62.21	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=21,SE)
81.235.206.37	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	SE TO-S-2020-0535 Malware Activity
81.237.128.200	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=200,SE)
81.241.207.133	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	BE TO-S-2020-0493 Malware Activity
81.244.247.101	24	GM	None	2021-02-12 00:00:00	2021-05-12 00:00:00	None	HTTP: Apache mod_cgi Bash Environment Variable Code Injection - Web Attack (IP=101,BE)
81.247.86.131	24	KH	None	2021-09-05 00:00:00	2021-12-04 00:00:00	None	Drupal Core CVE-2018-7600 Form Rendering Post_render RCE - FE IPS (IP=131,BE)
81.248.68.112	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	MQ TO-S-2020-0331 Malicious Web Application Activity
81.252.199.252	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	FR TO-S-2020-0298 Malicious Email Activity
81.33.176.87	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	ES TO-S-2020-0459 Malware Activity
81.4.111.88	24	CR	None	2021-05-31 00:00:00	2021-08-29 00:00:00	None	SSH User Authentication Brute Force Attempt - 6 hr Failed Logon (IP=88,NL)
81.4.122.101	32	RKM	None	2020-06-29 00:00:00	2021-06-29 00:00:00	None	Hive 3176 APT infrastructure
81.4.122.101	24	RKM	None	2020-06-29 00:00:00	2021-09-29 00:00:00	None	APT Infrastructure - Hive 3176 (IP=101,NL)
81.4.228.164	32	jkc	None	2020-06-26 00:00:00	2021-06-26 00:00:00	None	Case # 3146 - IOC_ CTO 20-172 malicious callback IP (ip=164,RU)
81.45.181.186	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	ES TO-S-2020-0298 Malicious Email Activity
81.52.230.43	32	srm	None	2021-05-17 00:00:00	2021-08-15 00:00:00	None	Firepower Suspicious Scan Activity (IP=43,JO)
81.6.43.167	32	GM	None	2021-03-09 00:00:00	2021-06-07 00:00:00	None	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00634 (IP=167,CH)
81.67.105.119	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	FR TO-S-2020-0303 Malicious Email Activity
81.68.103.98	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=98,CN)
81.68.113.240	24	RB	None	2021-07-27 00:00:00	2021-10-25 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - 6hr web attacks (IP=240,CN)
81.68.122.25	24	GM	None	2021-03-29 00:00:00	2021-06-29 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=25,CN)
81.68.137.216	24	RR	None	2021-05-31 00:00:00	2021-08-29 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=216,CN)
81.68.139.22	24	RR	None	2021-06-13 00:00:00	2021-09-11 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Web Attacks (IP=22,CN)
81.68.143.68	24	GM	None	2020-10-06 00:00:00	2021-01-06 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - Web Attacks (IP=68,CN)
81.68.146.18	24	EE	None	2021-03-27 00:00:00	2021-06-25 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=18,CN)
81.68.147.6	24	AR	None	2021-09-23 00:00:00	2021-12-22 00:00:00	None	Attempted Access - Inbound Brute Force - TT# 21C01926 (IP=6,CN)
81.68.159.121	32	GM	None	2020-10-14 00:00:00	2021-01-14 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT # 21C00122 (IP=121,CN)
81.68.166.245	24	FT	None	2020-10-18 00:00:00	2021-01-18 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=245,CN)
81.68.172.148	24	KD	None	2021-06-15 00:00:00	2021-09-14 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841)- Web Attacks (IP=148,CN)
81.68.179.203	24	GM	None	2020-12-08 00:00:00	2021-03-08 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Web Attacks (IP=203,CN)
81.68.182.2	24	DT	None	2021-06-25 00:00:00	2021-09-23 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt (1:48837:6) - Source Fire (IP=2,CN)
81.68.183.158	24	RR	None	2020-12-29 00:00:00	2021-03-29 00:00:00	None	SSH User Authentication Brute Force Attempt - Failed Logons (IP=158,CN)
81.68.201.114	24	BMP	None	2021-01-14 00:00:00	2021-04-14 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt (1:51395:1) - FirePower (IP=114,CN)
81.68.205.74	24	FT	None	2021-03-30 00:00:00	2021-06-28 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=74,US)
81.68.211.26	24	GM	None	2020-12-17 00:00:00	2021-03-17 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Web Attacks (IP=26,CN)
81.68.229.2	24	RB	None	2021-03-30 00:00:00	2021-06-28 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Sourcefire (IP=2,CN)
81.68.248.98	24	EE	None	2021-03-12 00:00:00	2021-06-10 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=98,CN)
81.68.64.36	24	RW	None	2020-10-03 00:00:00	2021-01-03 00:00:00	None	PHP Webshell Access Detection - Palo Alto (IP=36,CN)
81.68.72.120	24	BMP	None	2021-04-02 00:00:00	2021-07-01 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=120,CN)
81.68.73.26	24	EE	None	2021-03-27 00:00:00	2021-06-25 00:00:00	None	SERVER WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=26,CN)
81.68.77.156	24	EE	None	2021-01-14 00:00:00	2021-04-14 00:00:00	None	HTTP SQL Injection Attempt Detected - 6 HR Web Attack (IP=156,CN)
81.68.98.8	24	DT	None	2021-02-21 00:00:00	2021-05-22 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=159,CN)
81.68.99.128	24	ZH	None	2021-05-26 00:00:00	2021-08-24 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - 6hr Web Attacks (IP=128,CN)
81.69.191.124	24	BMP	None	2021-04-29 00:00:00	2021-07-28 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt (1:48837:6) - SourceFire (IP=124,CN)
81.69.201.11	24	BB	None	2021-07-24 00:00:00	2021-10-22 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=11,CN)
81.69.222.199	24	FT	None	2020-11-23 00:00:00	2021-02-23 00:00:00	None	SERVER-WEBAPP vBulletin pre-authenticated command injection attempt - 6hr web attacks (IP=199,CN)
81.69.228.218	24	FT	None	2021-03-15 00:00:00	2021-06-15 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=218,US)
81.69.233.249	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=249,CN)
81.69.241.88	24	RW	None	2020-11-30 00:00:00	2021-03-02 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Sourcefire (IP=88,CN)
81.70.101.44	24	GM	None	2021-03-20 00:00:00	2021-06-18 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=44,CN)
81.70.119.106	24	DT	None	2021-04-24 00:00:00	2021-07-24 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=106,CN)
81.70.143.176	24	GM	None	2021-03-27 00:00:00	2021-06-25 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=176,CN)
81.70.144.143	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	HIVE Case #Firepower Firepower (IP=143,CN)
81.70.161.242	24	RT	None	2021-09-20 00:00:00	2021-12-19 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire Report (IP=242,CN)
81.70.168.51	24	RW	None	2020-12-11 00:00:00	2021-03-11 00:00:00	None	Authentication Failed - 6hr Failed Logon(IP=51,CN)
81.70.192.196	32	wmp	None	2021-04-21 00:00:00	2021-07-21 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=196,CN)
81.70.208.254	24	EE	None	2021-04-02 00:00:00	2021-07-01 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attack (IP=254,CN)
81.70.218.189	24	RT	None	2021-08-25 00:00:00	2021-11-23 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Sourcefire Report (IP=189,CN)
81.70.235.75	24	EE	None	2021-04-22 00:00:00	2021-07-21 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attack (IP=75,CN)
81.70.247.41	24	RB	None	2021-03-29 00:00:00	2021-06-27 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=41,CN)
81.70.3.199	24	AR	None	2021-06-26 00:00:00	2021-09-24 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - 6HR Web Attack (IP=199,CN)
81.70.35.55	24	EE	None	2021-01-10 00:00:00	2021-04-10 00:00:00	None	SSH User Authentication Brute Force Attempt - 6 HR Failed Logon (IP=55,CN)
81.70.4.52	24	FT	None	2020-11-01 00:00:00	2021-02-01 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=200,CN)
81.70.6.65	24	BB	None	2021-08-01 00:00:00	2021-10-30 00:00:00	None	SERVER-APACHE Apache Struts remote code execution attempt (1:49377:1) - SourceFire (IP=65,CN)
81.71.120.65	24	EE	None	2020-12-09 00:00:00	2021-03-09 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - SourceFire (IP=65,CN)
81.71.129.100	24	RR	None	2021-03-08 00:00:00	2021-06-06 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=100,CN)
81.71.16.159	24	DT	None	2021-04-09 00:00:00	2021-07-08 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=159,CN)
81.71.27.47	24	EE	None	2021-04-02 00:00:00	2021-07-01 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attack (IP=47,CN)
81.71.33.126	24	BMP	None	2021-03-13 00:00:00	2021-06-11 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=126,CN)
81.71.39.243	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=243,CN)
81.71.6.180	24	RW	None	2021-01-28 00:00:00	2021-04-28 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt - Sourcefire (IP=180,CN)
81.71.7.144	24	BMP	None	2021-07-04 00:00:00	2021-10-02 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - 6hr Web Attacks (IP=144,CN)
81.71.88.53	24	RB	None	2020-11-26 00:00:00	2021-09-04 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - 6hr web attacks (IP=53,CN) | updated by RR Block was inactive. Reactivated on 20210606 with reason SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - Web Attacks (IP=53,CN)
81.71.93.51	24	EE	None	2021-04-02 00:00:00	2021-07-01 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=51,CN)
81.91.177.54	32	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5629 TO-S-2021-1303 (IP=54,NL)
81.91.190.72	24	srm	None	2020-12-23 00:00:00	2021-03-21 00:00:00	None	HIVE Case #4623 (IP=72,RU)
81.92.202.147	24	EE	None	2021-08-18 00:00:00	2021-11-15 00:00:00	None	HIVE Case #5918 IOC_LOKIBOT (IP=147,GB)
81.92.202.147	24	EE	None	2021-08-18 00:00:00	2021-11-15 00:00:00	None	HIVE Case #5918 IOC_LOKIBOT (IP=147,GB)
81.92.58.91	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	GR TO-S-2020-0303 Malicious Email Activity
81.93.205.107	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	HU TO-S-2020-0331 Malicious Web Application Activity
82.1.121.131	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	GB TO-S-2020-0303 Malicious Email Activity
82.10.170.202	24	RR	None	2021-05-23 00:00:00	2021-08-21 00:00:00	None	SERVER-WEBAPP Terramaster TOS command injection attempt - SourceFire (IP=202,GB)
82.102.137.130	24	DT	None	2021-04-24 00:00:00	2021-08-10 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr FAILED lOGONS (IP=130,IL) | updated by RW Block expiration extended with reason FTP Login Failed - 6 hr failed logons (IP=130,IL)
82.102.16.196	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	DE Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
82.102.160.0	19	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	IL TO-S-2021-0876 Hive Case 4166 Malicious Web Application Activity
82.102.17.122	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	ES TO-S-2021-1007 Malware Activity
82.102.173.78	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	IL TO-S-2020-0459 Malware Activity
82.102.173.94	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	IL TO-S-2020-0459 Malware Activity
82.102.23.178	24	RB	None	2021-01-09 00:00:00	2021-04-09 00:00:00	None	SERVER-ORACLE Oracle WebLogic Server remote code execution attempt - Sourcefire (IP=178,BG)
82.102.24.0	24	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	CH TO-S-2021-0876 Hive Case 4166 Malicious Web Application Activity
82.103.140.87	24	RW	None	2021-06-12 00:00:00	2021-09-10 00:00:00	None	Malicious Denmark IP - Hive Case 5446 (IP=87,DK)
82.113.106.52	24	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=52,DE)
82.113.142.91	24	BMP	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=91,GB)
82.114.85.63	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	AL TO-S-2020-0298 Malicious Email Activity
82.114.89.102	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	AL TO-S-2020-0298 Malicious Email Activity
82.117.177.154	32	dbc	None	2020-05-22 00:00:00	2021-05-27 00:00:00	None	Unafilliated TO-S-2020-0559 Malicious Email Activity | updated by dbc Block expiration extended with reason Unafilliated TO-S-2020-0559.01 Malicious Email Activity
82.118.23.32	32	GM	None	2021-03-09 00:00:00	2021-06-07 00:00:00	None	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00625 (IP=32,UA)
82.12.98.9	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	GB TO-S-2020-0331 Malicious Web Application Activity
82.121.73.97	24	KD	None	2021-09-04 00:00:00	2021-12-03 00:00:00	None	HTTP: WordPress Portable php MyAdminPlugin Authentication Bypass Vulnerability - Web Attacks (IP=97,FR)
82.125.137.87	24	GM	None	2020-11-27 00:00:00	2021-02-27 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - Web Attacks (IP=87,FR)
82.127.219.204	24	RT	None	2021-09-06 00:00:00	2021-12-06 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt - 6HR Web Attack (IP=204,FR) | updated by RR Block expiration extended with reason SERVER-WEBAPP Drupal 8 remote code execution attempt - SourceFire (IP=204,FR)
82.127.49.141	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	FR TO-S-2020-0298 Malicious Email Activity
82.137.16.0	20	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	OM Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
82.139.186.148	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	PL TO-S-2020-0298 Malicious Email Activity
82.14.35.51	24	EE	None	2020-12-01 00:00:00	2021-03-01 00:00:00	None	Failed keyboard-interactive - Failed Logons (IP=51,GB)
82.140.240.0	21	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	RU TO-S-2020-0298 Malicious Email Activity
82.142.28.23	24	BB	None	2021-07-16 00:00:00	2021-10-14 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - Web Attacks (IP=23,FR)
82.144.205.35	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	GB TO-S-2020-0303 Malicious Email Activity
82.146.56.139	24	DT	None	2021-03-21 00:00:00	2021-06-19 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=139,RU)
82.151.123.231	32	dbc	None	2020-01-08 00:00:00	2021-01-08 00:00:00	None	RU TO-S-2020-0236 Malicious Email Activity
82.151.96.0	19	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	RU Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
82.153.30.73	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	GB Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
82.156.105.254	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=254,CN)
82.156.109.87	24	DT	None	2021-03-14 00:00:00	2021-06-14 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=87,CN)
82.156.110.165	24	BMP	None	2021-03-08 00:00:00	2021-06-08 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - 6hr Web Attacks (IP=165,CN)
82.156.124.22	24	DT	None	2021-04-23 00:00:00	2021-07-23 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - 6hr Web Attacks (IP=22,CN)
82.156.128.27	24	FT	None	2021-03-20 00:00:00	2021-06-18 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=27,CN)
82.156.18.65	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=65,CN)
82.156.216.26	24	RB	None	2021-05-07 00:00:00	2021-08-12 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability - Sourcefire (IP=26,CN) | updated by RB Block expiration extended with reason HTTP: PHPUnit Remote Code Execution Vulnerability - 6hr web attacks (IP=26,CN) | updated by RB Block expiration extended wi
82.156.26.80	24	RR	None	2021-04-01 00:00:00	2021-06-30 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=80,CN)
82.156.47.84	24	RB	None	2021-04-01 00:00:00	2021-06-30 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=84,CN)
82.156.52.120	24	EE	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=120,CN)
82.156.89.156	32	srm	None	2021-04-07 00:00:00	2021-07-07 00:00:00	None	Firepower Suspicious Scan Activity (IP=156,CN)
82.157.16.42	24	GM	None	2021-04-02 00:00:00	2021-07-02 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=42,CN)
82.157.46.51	24	BMP	None	2021-04-10 00:00:00	2021-07-09 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=51,CN)
82.159.245.202	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	ES TO-S-2020-0459 Malware Activity
82.163.176.104	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	GB TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
82.163.245.38	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	GB TO-S-2021-0876 Hive Case 4166 Malware Activity
82.165.108.198	24	RT	None	2021-08-11 00:00:00	2021-11-09 00:00:00	None	SERVER-OTHER Adobe ColdFusion unauthenticated file upload attempt - 6HR Web Attack (IP=198,DE)
82.165.113.226	24	RR	None	2021-03-16 00:00:00	2021-06-14 00:00:00	None	SERVER-OTHER Adobe ColdFusion unauthenticated file upload attempt - Sourcefire (IP=226,DE)
82.165.158.104	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	DE TO-S-2020-0298 Malware Activity
82.165.158.111	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	DE TO-S-2020-0298 Malware Activity
82.165.158.130	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	DE TO-S-2020-0298 Malware Activity
82.165.158.19	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	DE TO-S-2020-0298 Malware Activity
82.165.158.53	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	DE TO-S-2020-0298 Malware Activity
82.165.158.60	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	DE TO-S-2020-0298 Malware Activity
82.165.190.52	24	KD	None	2021-09-05 00:00:00	2021-12-04 00:00:00	None	SERVER-WEBAPP Atlassian Confluence OGNL injection remote code execution attempt- Web Attacks (IP=52,DE)
82.165.249.72	24	DT	None	2021-06-25 00:00:00	2021-09-23 00:00:00	None	SERVER-APACHE Apache Tomcat mod_jk access control bypass attempt (1:48381:1) - Source Fire (IP=72,DE)
82.165.53.111	24	RT	None	2021-06-18 00:00:00	2021-09-16 00:00:00	None	SERVER-OTHER Adobe ColdFusion unauthenticated file upload attempt - 6HR Web Attacks (IP=111,DE)
82.165.54.172	24	BMP	None	2021-02-08 00:00:00	2021-05-09 00:00:00	None	SERVER-WEBAPP RevSlider information disclosure attempt - 6hr Web Attacks (IP=172,DE)
82.165.86.246	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	DE TO-S-2020-0303 Malicious Web Application Activity
82.166.192.22	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	IL Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
82.18.125.212	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	GB TO-S-2020-0298 Malicious Email Activity
82.185.94.187	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	IT TO-S-2020-0493 Malware Activity
82.191.134.50	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	IT TO-S-2020-0493 Malware Activity
82.192.82.227	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	NL TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
82.194.160.0	20	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	RU TO-S-2020-0331 Malicious Web Application Activity
82.194.18.122	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	AZ TO-S-2020-0303 Malicious Email Activity
82.194.20.94	24	RT	None	2021-06-29 00:00:00	2021-09-27 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6 HR Failed Logons (IP=94,AZ)
82.194.88.131	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	ES TO-S-2020-0459 Malware Activity
82.196.15.205	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	NL TO-S-2021-0876 Hive Case 4166 Malware Activity
82.197.242.52	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	US TO-S-2020-0303 Malicious Email Activity
82.199.136.201	24	EE	None	2021-03-27 00:00:00	2021-06-25 00:00:00	None	SERVER-WEBAPP JBoss JMX console access attempt Web Attacks (IP=201,CH)
82.200.142.22	32	srm	None	2021-01-29 00:00:00	2021-04-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=22,KZ)
82.200.237.10	24	FT	None	2021-03-21 00:00:00	2021-06-19 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=10,KZ)
82.202.190.0	24	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	RU TO-S-2020-0322 Malware Activity
82.202.220.82	32	wmp	None	2021-03-08 00:00:00	2021-06-08 00:00:00	None	McAfee Suspicious Scan Activity (IP=82,RU)
82.208.149.161	32	srm	None	2021-01-29 00:00:00	2021-04-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=161,RO)
82.209.201.0	24	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	BY TO-S-2020-0331 Malicious Web Application Activity
82.213.199.126	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	ES TO-S-2020-0493 Malware Activity
82.215.103.77	24	RR	None	2021-01-05 00:00:00	2021-04-05 00:00:00	None	FTP Login Failed - Failed Logons (IP=77,UZ)
82.221.105.7	32	BMP	None	2021-03-16 00:00:00	2021-06-14 00:00:00	None	mySQL scans (ip=7, IS) | updated by BMP Block was inactive. Reactivated on 20210316 with reason HTTP: Microsoft Windows HTTP.sys Remote Code Execution (CVE-2015-1635) - TT# 21C00697 (IP=7,IS) HTTP: Microsoft Windows HTTP.sys Remote Code Execution (CVE-2
82.221.105.7	32	tpr	None	2014-02-18 06:00:00	2021-06-14 00:00:00	None	mySQL scans (ip=7, IS) | updated by BMP Block was inactive. Reactivated on 20210316 with reason HTTP: Microsoft Windows HTTP.sys Remote Code Execution (CVE-2015-1635) - TT# 21C00697 (IP=7,IS) HTTP: Microsoft Windows HTTP.sys Remote Code Execution (CVE-2
82.221.136.4	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	IS Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
82.221.139.222	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	IS TO-S-2021-1007 Malicious Email Activity
82.223.1.49	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	ES TO-S-2020-0459 Malware Activity
82.223.10.183	24	KH	None	2021-09-05 00:00:00	2021-12-04 00:00:00	None	SERVER-WEBAPP Atlassian Confluence OGNL injection remote code execution attempt (1:58093:1) - Sourcefire (IP=183,ES)
82.223.101.103	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	ES TO-S-2020-0298 Malware Activity
82.223.101.129	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	ES TO-S-2020-0298 Malware Activity
82.223.101.156	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	ES TO-S-2020-0298 Malware Activity
82.223.101.159	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	ES TO-S-2020-0298 Malware Activity
82.223.101.188	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	ES TO-S-2020-0298 Malware Activity
82.223.101.20	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	ES TO-S-2020-0298 Malware Activity
82.223.101.215	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	ES TO-S-2020-0298 Malware Activity
82.223.101.237	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	ES TO-S-2020-0298 Malware Activity
82.223.101.32	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	ES TO-S-2020-0298 Malware Activity
82.223.101.43	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	ES TO-S-2020-0298 Malware Activity
82.223.101.79	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	ES TO-S-2020-0298 Malware Activity
82.223.101.99	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	ES TO-S-2020-0298 Malware Activity
82.223.102.106	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	ES TO-S-2020-0298 Malware Activity
82.223.102.143	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	ES TO-S-2020-0298 Malware Activity
82.223.102.201	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	ES TO-S-2020-0298 Malware Activity
82.223.102.218	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	ES TO-S-2020-0298 Malware Activity
82.223.102.39	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	ES TO-S-2020-0298 Malware Activity
82.223.107.151	24	BMP	None	2021-03-13 00:00:00	2021-06-11 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=151,ES)
82.223.12.89	24	BMP	None	2021-06-26 00:00:00	2021-09-24 00:00:00	None	SERVER-APACHE Apache Tomcat mod_jk access control bypass attempt (1:48381:1) - SourceFire (IP=89,ES)
82.223.13.171	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	ES TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
82.223.19.242	24	KD	None	2021-09-05 00:00:00	2021-12-04 00:00:00	None	SERVER-WEBAPP Atlassian Confluence OGNL injection remote code execution attempt- Web Attacks (IP=242,ES)
82.223.197.33	24	BB	None	2021-07-24 00:00:00	2021-10-22 00:00:00	None	SERVER-WEBAPP Atlassian OAuth plugin multiple versions server side request forgery attempt (1:46898:1) - SourceFire (IP=33,PT)
82.223.27.124	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	ES Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
82.223.29.150	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	ES TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
82.223.67.151	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	ES TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
82.223.73.138	24	RW	None	2020-12-11 00:00:00	2021-03-11 00:00:00	None	SERVER-WEBAPP ZyXEL P660HN ADSL Router viewlog.asp command injection attempt - Sourcefire (IP=138,ES)
82.223.8.170	24	RR	None	2021-06-07 00:00:00	2021-09-05 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=170,ES)
82.223.83.47	32	NAB	None	2020-10-30 00:00:00	2021-01-28 00:00:00	None	HIVE Case #4238 COLS-NA-TIP-20-0344 (IP=47,ES)
82.227.232.1	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	FR TO-S-2020-0459 Malware Activity
82.236.115.124	32	kmw	None	2020-01-02 00:00:00	2021-01-02 00:00:00	None	FR TO-S-2020-0228 Malicious Email Activity
82.244.171.168	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	FR TO-S-2020-0298 Malicious Email Activity
82.247.168.87	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	FR TO-S-2020-0459 Malware Activity
82.252.141.244	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	FR TO-S-2020-0459 Malware Activity
82.252.141.244	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	FR TO-S-2020-0459 Malware Activity
82.254.46.127	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	FR TO-S-2020-0331 Malware Activity
82.254.84.213	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	FR TO-S-2020-0331 Malicious Web Application Activity
82.26.240.240	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	GB TO-S-2020-0298 Malicious Email Activity
82.28.149.60	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	GB TO-S-2020-0331 Malicious Web Application Activity
82.29.63.247	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	GB TO-S-2020-0331 Malicious Web Application Activity
82.41.40.14	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	GB TO-S-2020-0331 Malicious Web Application Activity
82.45.82.203	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	IT TO-S-2020-0303 Malicious Email Activity
82.48.14.229	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	IT TO-S-2020-0303 Malicious Email Activity
82.49.173.103	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	IT TO-S-2020-0298 Malicious Email Activity
82.50.125.10	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	IT TO-S-2020-0331 Malicious Web Application Activity
82.50.125.149	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	IT TO-S-2020-0303 Malicious Email Activity
82.51.15.144	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	IT TO-S-2020-0493 Malware Activity
82.53.133.46	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	IT TO-S-2020-0331 Malicious Web Application Activity
82.54.168.161	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	IT Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
82.56.197.201	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	IT TO-S-2020-0298 Malicious Email Activity
82.56.218.27	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	IT TO-S-2020-0493 Malware Activity
82.57.142.251	32	dbc	None	2020-05-22 00:00:00	2021-05-27 00:00:00	None	Unafilliated TO-S-2020-0559 Malicious Email Activity | updated by dbc Block expiration extended with reason Unafilliated TO-S-2020-0559.01 Malicious Email Activity
82.61.147.226	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	IT TO-S-2020-0493 Malware Activity
82.62.141.254	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	IT Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
82.62.232.235	32	srm	None	2021-04-27 00:00:00	2021-07-26 00:00:00	None	Firepower Suspicious Scan Activity (IP=235,IT)
82.63.40.20	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	IT TO-S-2020-0298 Malicious Email Activity
82.64.189.69	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	FR TO-S-2020-0493 Malware Activity
82.64.45.6	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	FR TO-S-2020-0303 Malicious Email Activity
82.64.80.109	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	FR TO-S-2020-0459 Malware Activity
82.64.99.139	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	FR TO-S-2020-0298 Malicious Email Activity
82.65.186.157	24	RR HTTP:	None	2021-04-23 00:00:00	2021-07-23 00:00:00	None	WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - Web Attacks (IP=157,US)
82.72.154.55	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	NL TO-S-2020-0459 Malware Activity
82.74.24.121	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	NL TO-S-2020-0298 Malicious Email Activity
82.76.147.99	24	GM	None	2020-10-29 00:00:00	2021-01-29 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=99,RO)
82.78.157.50	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=50,RO)
82.78.157.50	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=50,RO)
82.79.75.239	32	srm	None	2021-01-29 00:00:00	2021-04-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=239,RO)
82.80.144.0	20	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	IL TO-S-2021-0876 Hive Case 4166 Malware Activity
82.80.48.0	20	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	IL Hive Case 4237 TO-S-2021-0910 Malware Activity
82.81.234.0	23	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	IL TO-S-2020-0331 Malicious Web Application Activity
82.81.7.109	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	IL Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
82.81.73.245	32	srm	None	2021-01-29 00:00:00	2021-04-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=245,IL)
82.84.176.86	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	IT TO-S-2020-0298 Malicious Email Activity
82.97.214.0	23	NAB	None	2021-04-05 00:00:00	2021-07-04 00:00:00	None	HIVE Case #5201 TO-S-21-1209 (IP=0,SY)
83.114.120.158	32	RB	None	2021-09-23 00:00:00	2021-12-22 00:00:00	None	ColdFusion Error - IR# 21C01938 (IP=158,FR)
83.114.123.166	24	EE	None	2021-04-12 00:00:00	2021-12-12 00:00:00	None	SQL injection - Web Attack (IP=166,FR) | updated by SW Block was inactive. Reactivated on 20210913 with reason ColdFusion Error Reporting TT# 21C01836 (IP=166,FR)
83.12.109.74	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	PL TO-S-2020-0331 Malicious Web Application Activity
83.12.141.242	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	PL Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
83.125.22.211	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	DE TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
83.137.53.23	24	RR	None	2021-04-01 00:00:00	2021-07-01 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt -SourceFire (IP=23,RU) | updated by BMP Block expiration extended with reason HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=23,RU)
83.142.52.0	22	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	RU Hive Case 4237 TO-S-2021-0910 Malware Activity
83.142.53.182	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	US TO-S-2020-0303 Malicious Web Application Activity
83.146.116.0	22	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	RU TO-S-2020-0750 Malicious Email Activity
83.146.70.0	23	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	RU Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
83.150.213.216	32	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	TR TO-S-2020-0838 Malicious Email Activity
83.150.213.222	32	NAB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HIVE Case #5136 TO-S-21-1197 TO-S-21-1197.01 (IP=222,TR)
83.150.63.208	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=208,CH)
83.156.86.93	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	FR TO-S-2020-0459 Malware Activity
83.166.138.100	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	CH TO-S-2020-0303 Malicious Email Activity
83.166.138.28	32	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	CH TO-S-2020-0322 Malware Activity
83.167.224.179	32	TLM	None	2021-07-29 00:00:00	2021-10-27 00:00:00	None	HIVE Case #5884 TO-S-2021-1435 (IP=179,CZ)
83.17.35.186	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	PL TO-S-2020-0298 Malicious Email Activity
83.171.237.173	32	TLM	None	2021-06-10 00:00:00	2021-12-10 00:00:00	None	HIVE CASE #5606 TO-S-2021-1338
83.171.237.173	24	EE	None	2021-06-29 00:00:00	2021-09-27 00:00:00	None	HIVE Case #5669 IOC_ Nobelium (IP=173,DE)
83.171.237.87	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	DE TO-S-2020-0331 Malware Activity
83.171.252.0	22	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	RU Hive Case 4237 TO-S-2021-0910 Malware Activity
83.172.80.31	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	SE TO-S-2020-0459 Malware Activity
83.179.234.2	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	HR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
83.191.166.8	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	SE TO-S-2020-0331 Malicious Web Application Activity
83.193.192.230	24	KD	None	2021-06-03 00:00:00	2021-09-04 00:00:00	None	SQL injection - Web Attacks (IP=230,FR)
83.198.211.136	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	RE TO-S-2020-0298 Malicious Email Activity
83.20.186.27	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	PL TO-S-2020-0303 Malicious Email Activity
83.209.210.196	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	SE TO-S-2020-0459 Malware Activity
83.209.251.8	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	SE TO-S-2020-0493 Malware Activity
83.211.215.148	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	IT TO-S-2020-0298 Malicious Email Activity
83.212.32.140	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	GR TO-S-2020-0331 Malicious Email Activity
83.212.73.213	24	BMP	None	2021-03-07 00:00:00	2021-06-07 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=213,GR)
83.212.76.131	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	GR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
83.212.76.203	24	BMP	None	2021-03-27 00:00:00	2021-06-25 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - 6hr Web Attacks (IP=203,GR)
83.212.97.115	24	GM	None	2020-12-25 00:00:00	2021-03-25 00:00:00	None	Apache Struts 2 ConversionErrorInterceptor OGNL Script Injection - FireEye CMS (IP=115,GR)
83.217.64.0	20	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	BE TO-S-2020-0459 Malware Activity
83.217.70.51	32	dbc	None	2020-04-08 00:00:00	2021-04-08 00:00:00	None	BE TO-S-2020-0419 Malicious Email Activity
83.22.103.212	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	PL Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
83.220.240.0	20	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,RU)
83.224.148.74	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	IT TO-S-2020-0331 Malicious Web Application Activity
83.229.85.231	24	FT	None	2021-03-20 00:00:00	2021-06-18 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=231,FR)
83.233.93.146	32	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	SE TO-S-2020-0315 Malicious Web Application Activity
83.235.16.173	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	GR TO-S-2020-0298 Malicious Email Activity
83.238.231.10	24	EE	None	2021-04-20 00:00:00	2021-07-19 00:00:00	None	Adobe ColdFusion Administrator Access Restriction - Web Attack (IP=10,PL)
83.240.161.228	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	PT TO-S-2020-0303 Malicious Email Activity
83.244.113.226	24	KH	None	2021-09-05 00:00:00	2021-12-04 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6hr Failed Logons (IP=226,PS)
83.248.57.106	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	SE TO-S-2020-0303 Malicious Email Activity
83.25.26.167	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	PL TO-S-2020-0331 Malicious Web Application Activity
83.250.115.8	24	BMP	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	SSH User Authentication Brute Force Attempt - 6hr Failed Logons (IP=8,SE)
83.252.118.44	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	SE TO-S-2020-0493 Malware Activity
83.252.120.0	21	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	SE TO-S-2020-0303 Malicious Email Activity
83.253.254.78	24	RR	None	2020-10-22 00:00:00	2021-01-20 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - SourceFire (IP=78,SE)
83.253.41.0	24	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	SE TO-S-2020-0331 Malicious Web Application Activity
83.254.16.16	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	SE TO-S-2020-0459 Malware Activity
83.254.234.5	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	SE TO-S-2020-0459 Malware Activity
83.26.72.19	24	GM	None	2021-01-07 00:00:00	2021-04-07 00:00:00	None	Generic URI Injection wget Attempt - FireEye CMS (IP=19,PL)
83.38.184.128	24	RR	None	2021-02-27 00:00:00	2021-05-28 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - Failed Logons (IP=128,ES)
83.38.248.131	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	ES TO-S-2020-0303 Malicious Email Activity
83.41.123.192	32	wmp	None	2021-06-08 00:00:00	2021-09-08 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=192,ES)
83.52.249.73	24	BMP	None	2021-04-17 00:00:00	2021-07-17 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - 6hr Web Attacks (IP=73,ES)
83.58.195.94	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	ES Hive Case 4187 TO-S-2021-0898 Malware Activity
83.66.86.238	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	TR TO-S-2020-0303 Malicious Email Activity
83.81.11.62	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	NL TO-S-2020-0459 Malware Activity
83.96.20.106	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=106,KW)
83.96.200.43	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	NL Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
83.96.54.165	32	dbc	None	2020-05-22 00:00:00	2021-05-27 00:00:00	None	Unafilliated TO-S-2020-0559 Malicious Email Activity | updated by dbc Block expiration extended with reason Unafilliated TO-S-2020-0559.01 Malicious Email Activity
83.97.228.225	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	ES TO-S-2020-0535 Malware Activity
84.1.176.38	32	srm	None	2021-04-23 00:00:00	2021-07-22 00:00:00	None	Firepower Suspicious Scan Activity (IP=38,HU)
84.1.251.131	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	HU TO-S-2020-0750 Malicious Email Activity
84.110.106.22	24	RR	None	2020-12-05 00:00:00	2021-03-05 00:00:00	None	SERVER-WEBAPP Zeroshell Linux Router command injection attempt- SourceFire (IP=22,IS)
84.111.104.120	24	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=120,IL)
84.112.250.35	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	AT Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
84.117.51.179	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	RO TO-S-2020-0298 Malicious Email Activity
84.117.94.121	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	RO TO-S-2020-0331 Malicious Web Application Activity
84.124.45.198	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	ES TO-S-2020-0331 Malicious Web Application Activity
84.124.52.29	32	wmp	None	2020-09-22 00:00:00	2021-11-03 00:00:00	None	HIVE Case #3941 TO-S-2020-0821 COLS-NA-TIP-20-0298 (IP=29,ES) | updated by dbc Block expiration extended with reason ES Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
84.13.185.56	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	GB TO-S-2020-0298 Malicious Email Activity
84.14.129.100	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	FR TO-S-2020-0331 Malicious Web Application Activity
84.16.241.139	32	NAB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HIVE Case #5136 TO-S-21-1197 TO-S-21-1197.01 (IP=139,DE)
84.16.248.170	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	HIVE Case #Firepower Firepower (IP=170,DE)
84.16.68.210	32	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	CH TO-S-2020-0322 Malware Activity
84.17.46.154	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	NL TO-S-2020-0331 Malware Activity
84.17.46.156	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	NL TO-S-2020-0331 Malware Activity
84.17.46.160	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	NL Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
84.17.46.176	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	NL TO-S-2020-0331 Malware Activity
84.17.46.178	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	NL TO-S-2020-0331 Malware Activity
84.17.46.228	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	NL TO-S-2020-0331 Malware Activity
84.17.46.249	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	NL TO-S-2020-0331 Malware Activity
84.18.96.0	19	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	RU Hive Case 4237 TO-S-2021-0910 Malware Activity
84.19.169.26	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=26,DE)
84.19.89.38	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	CZ Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
84.196.82.201	24	KH	None	2021-07-21 00:00:00	2021-10-19 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt (1:19559:13) - SourceFire (IP=201,BE)
84.198.11.154	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	BE TO-S-2020-0459 Malware Activity
84.2.61.33	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	HU Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
84.200.223.39	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	DE TO-S-2020-0698 Malicious Email Activity
84.200.223.41	32	dbc	None	2020-06-10 00:00:00	2021-06-10 00:00:00	None	Unaffiliated TO-S-2020-0601 Malicious Email Activity
84.200.255.28	32	dbc	None	2020-05-13 00:00:00	2021-05-13 00:00:00	None	Unaffiliated TO-S-2020-0503 Malicious Email Activity
84.201.154.16	24	RB	None	2021-03-29 00:00:00	2021-06-27 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr web attacks (IP=16,RU)
84.201.185.119	24	RR	None	2021-05-02 00:00:00	2021-07-31 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=119,RU)
84.201.240.0	20	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	RU TO-S-2020-0298 Malicious Email Activity
84.205.235.9	32	dbc	None	2020-01-08 00:00:00	2021-01-08 00:00:00	None	GR TO-S-2020-0236 Malicious Email Activity
84.209.60.46	32	srm	None	2021-01-29 00:00:00	2021-04-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=46,NO)
84.210.219.213	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=213,NO)
84.212.169.133	24	GM	None	2021-01-26 00:00:00	2021-04-26 00:00:00	None	Generic URI Injection wget Attempt - FireEye CMS (IP=133,NO)
84.214.103.73	32	srm	None	2021-01-29 00:00:00	2021-04-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=73,NO)
84.216.211.86	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	SE TO-S-2020-0459 Malware Activity
84.219.137.124	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	SE TO-S-2020-0459 Malware Activity
84.22.115.40	32	dbc	None	2020-09-23 00:00:00	2021-09-23 00:00:00	None	NL TO-S-2020-0826 Hive Case 3950 Malicious Email Activity
84.228.225.7	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	IL Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
84.228.64.0	19	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	IL TO-S-2021-0876 Hive Case 4166 Malicious Web Application Activity
84.232.4.97	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	ES TO-S-2020-0459 Malware Activity
84.234.48.0	20	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	MD TO-S-2020-0331 Malicious Web Application Activity
84.235.88.0	22	TLM	None	2021-06-17 00:00:00	2021-12-17 00:00:00	None	HIVE Case #5644 TO-S-2021-1352 (IP=0,SA)
84.236.170.106	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	ES TO-S-2020-0459 Malware Activity
84.236.188.226	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	ES TO-S-2020-0298 Malicious Email Activity
84.237.200.46	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=46,LV)
84.237.224.179	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	LV TO-S-2020-0331 Malicious Web Application Activity
84.238.81.186	24	KH	None	2021-09-22 00:00:00	2021-12-21 00:00:00	None	Generic URI Injection wget Attempt - Sourcefire (IP=186,DK)
84.240.247.59	32	dbc	None	2020-05-22 00:00:00	2021-05-27 00:00:00	None	Unafilliated TO-S-2020-0559 Malicious Email Activity | updated by dbc Block expiration extended with reason Unafilliated TO-S-2020-0559.01 Malicious Email Activity
84.245.121.121	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	SK TO-S-2020-0303 Malicious Email Activity
84.246.231.100	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	ES TO-S-2020-0459 Malware Activity
84.247.12.136	24	FT	None	2020-11-11 00:00:00	2021-02-11 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - 6hr web attacks (IP=136,NL)
84.247.48.3	24	RW	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=3,IR)
84.247.50.250	32	wmp	None	2021-05-04 00:00:00	2021-08-04 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=250,NO)
84.252.142.158	24	UA	None	2021-05-31 00:00:00	2021-08-29 00:00:00	None	HTTP: PHPUnit Remote Code Execution - Exploit - Web Attacks (IP=158,RU)
84.252.95.244	32	jkc	None	2021-04-21 00:00:00	2021-10-21 00:00:00	None	Case # 5273 IOC_TO-S-2021-1233 Malicious callback IP
84.253.164.89	24	DT	None	2021-09-11 00:00:00	2021-12-10 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt (1:46316:5) - Source Fire (IP=89,IT)
84.254.53.55	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	GR TO-S-2020-0298 Malicious Email Activity
84.255.243.177	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	SK TO-S-2020-0331 Malicious Web Application Activity
84.255.42.243	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	MT Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
84.3.100.186	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	HIVE Case #Firepower Firepower (IP=186,HU)
84.33.101.47	24	RR	None	2020-12-14 00:00:00	2021-03-14 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt (1:19559:13) - SourceFire (IP=47,IT)
84.33.124.223	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	IT Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
84.33.99.23	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	IT TO-S-2020-0493 Malware Activity
84.38.176.0	20	dbc	None	2020-09-17 00:00:00	2021-09-17 00:00:00	None	RU TO-S-2020-0805 Malicious Email Activity
84.39.225.211	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	ES TO-S-2020-0298 Malicious Email Activity
84.39.241.0	24	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	RU TO-S-2020-0331 Malicious Web Application Activity
84.40.106.62	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	BG TO-S-2020-0298 Malicious Email Activity
84.41.56.60	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	US TO-S-2020-0303 Malicious Email Activity
84.42.84.10	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=10,RU)
84.43.153.43	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	HIVE Case #Firepower Firepower (IP=43,BG)
84.44.14.226	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	TR Hive Case 4237 TO-S-2021-0910 Malware Activity
84.47.152.0	23	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	RU TO-S-2020-0535 Malware Activity
84.47.160.0	22	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	RU TO-S-2020-0331 Malicious Web Application Activity
84.48.235.163	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	NO Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
84.51.59.118	24	KD	None	2021-07-20 00:00:00	2021-10-18 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - Failed Logons (IP=118, TR)
84.53.198.227	32	wmp	None	2021-05-14 00:00:00	2021-08-14 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=227,RU)
84.54.118.0	24	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,UZ)
84.54.153.120	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	BG TO-S-2020-0331 Malicious Web Application Activity
84.54.95.42	24	EE	None	2021-01-09 00:00:00	2021-04-09 00:00:00	None	FTP Login Failed - 6 HR Failed Logons (IP=42,UZ)
84.79.68.203	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	ES TO-S-2020-0303 Malicious Email Activity
84.9.237.92	24	RW	None	2021-04-11 00:00:00	2021-07-11 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - Sourcefire (IP=92,UK)
84.96.22.25	32	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5637 TO-S-2021-1321 (IP=25,FR)
85.10.15.80	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	SI TO-S-2020-0298 Malicious Email Activity
85.10.192.106	32	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	DE TO-S-2020-0322 Malware Activity
85.10.200.69	32	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	DE TO-S-2020-0315 Malicious Email Activity
85.105.213.23	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=23,TR)
85.105.233.241	24	RB	None	2021-05-02 00:00:00	2021-07-31 00:00:00	None	HTTP: Grandstream UCM6200 SQL Injection Vulnerability (CVE-2020-5722) - 6hr web attacks (IP=241,TR)
85.105.25.190	32	srm	None	2021-01-29 00:00:00	2021-04-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=190,TR)
85.106.105.41	24	BMP	None	2020-12-06 00:00:00	2021-03-06 00:00:00	None	OS-OTHER Bash CGI environment variable injection attempt - SourceFire (IP=41,TR)
85.106.110.20	24	RB	None	2020-12-07 00:00:00	2021-03-07 00:00:00	None	OS-OTHER Bash CGI environment variable injection attempt - 6hr web attacks (IP=20,TR)
85.106.222.163	24	RR	None	2021-07-02 00:00:00	2021-09-30 00:00:00	None	SERVER-WEBAPP Ulterius web server directory traversal attempt - SourceFire (IP=163,TR)
85.106.224.18	24	RR	None	2021-03-30 00:00:00	2021-06-28 00:00:00	None	SERVER-WEBAPP JBoss JMXInvokerServlet access attempt -SourceFire (IP=18,TR)
85.106.236.255	24	EE	None	2021-02-15 00:00:00	2021-05-15 00:00:00	None	SERVER-WEBAPP Ulterius web server directory traversal attempt (1:45721:2) - SourceFire (IP=255,TR)
85.106.237.245	24	RB	None	2021-01-10 00:00:00	2021-04-10 00:00:00	None	SERVER-WEBAPP Ulterius web server directory traversal attempt - Sourcefire (IP=245,TR)
85.106.239.21	24	GM	None	2021-02-04 00:00:00	2021-05-04 00:00:00	None	SERVER-WEBAPP Ulterius web server directory traversal attempt - Web Attacks (IP=21,TR)
85.106.239.21	32	wmp	None	2021-02-05 00:00:00	2021-05-05 00:00:00	None	Firepower Suspicious Scan Activity (IP=21,TR)
85.106.248.70	24	RB	None	2021-02-17 00:00:00	2021-05-16 00:00:00	None	SERVER-WEBAPP Ulterius web server directory traversal attempt - 6hr Web Attacks (IP=70,TR)
85.106.253.58	24	RR	None	2021-04-01 00:00:00	2021-06-30 00:00:00	None	SERVER-WEBAPP Ulterius web server directory traversal attempt -SourceFire (IP=58,TR)
85.108.197.196	24	BMP	None	2021-04-27 00:00:00	2021-07-26 00:00:00	None	SERVER-WEBAPP Atlassian OAuth plugin multiple versions server side request forgery attempt (1:46898:1) - SourceFire (IP=196,TR)
85.108.205.58	24	GM	None	2021-01-22 00:00:00	2021-04-22 00:00:00	None	SERVER-WEBAPP Ulterius web server directory traversal attempt - Web Attacks (IP=58,TR)
85.108.206.76	24	DT	None	2021-02-10 00:00:00	2021-05-10 00:00:00	None	SERVER-WEBAPP Ulterius web server directory traversal attempt - SourceFire (IP=76,TR)
85.108.207.136	24	RB	None	2021-03-30 00:00:00	2021-06-28 00:00:00	None	Nuclei Vulnerability Scanner - FireEye IPS Events (IP=136,TR)
85.108.214.59	24	GM	None	2021-01-22 00:00:00	2021-04-22 00:00:00	None	SERVER-WEBAPP Ulterius web server directory traversal attempt - Web Attacks (IP=59,TR)
85.108.216.112	24	EE	None	2021-02-27 00:00:00	2021-05-27 00:00:00	None	SERVER-WEBAPP F5 BIG-IP Traffic Management User Interface remote code execution attempt - 6hr Web Attack (IP=112,TR)
85.108.219.251	24	RB	None	2021-07-01 00:00:00	2021-09-29 00:00:00	None	SERVER-WEBAPP Ulterius web server directory traversal attempt - 6hr web attacks (IP=251,TR)
85.108.246.145	24	RB	None	2021-04-10 00:00:00	2021-07-09 00:00:00	None	SERVER-WEBAPP Ulterius web server directory traversal attempt - 6hr web attacks (IP=145,TR)
85.108.249.100	24	RW	None	2020-10-03 00:00:00	2021-01-03 00:00:00	None	SERVER-WEBAPP Linksys WVBR0-25 Wireless Video Bridge command injection attempt - Sourcefire (IP=100,TR)
85.108.99.167	24	GM	None	2021-03-03 00:00:00	2021-06-03 00:00:00	None	SERVER-WEBAPP Ulterius web server directory traversal attempt - Sourcefire (IP=167,TR)
85.11.48.196	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	SE TO-S-2020-0493 Malware Activity
85.112.159.71	24	RW	None	2021-09-27 00:00:00	2021-12-26 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=71,NO)
85.113.0.138	24	EE	None	2020-12-15 00:00:00	2021-03-15 00:00:00	None	FTP Login Failed - 6 HR Failed Logons (IP=138, KG)
85.113.24.209	24	CR	None	2021-05-13 00:00:00	2021-08-11 00:00:00	None	FTP Login Failed - Failed Logons (IP=92,KG)
85.114.102.0	24	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	PS Hive Case 4237 TO-S-2021-0910 Malicious Reconnaissance Activity
85.114.107.230	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	PS TO-S-2020-0331 Malicious Web Application Activity
85.115.232.0	23	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	RU Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
85.115.25.26	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	DE TO-S-2020-0303 Malicious Email Activity
85.115.53.201	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	GB Hive Case 4187 TO-S-2021-0898 Malicious Web Application Activity
85.117.121.0	24	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	KZ TO-S-2021-0876 Hive Case 4166 Malware Activity
85.117.233.0	24	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	RU TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
85.118.105.20	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	GE TO-S-2020-0331 Malicious Web Application Activity
85.118.128.30	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	CZ TO-S-2020-0331 Malicious Email Activity
85.126.241.61	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	AT Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
85.128.151.189	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	PL TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
85.128.165.21	32	NAB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HIVE Case #5136 TO-S-21-1197 TO-S-21-1197.01 (IP=21,PL)
85.128.192.26	32	NAB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HIVE Case #5136 TO-S-21-1197 TO-S-21-1197.01 (IP=26,PL)
85.128.57.146	24	BMP	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=146,PL)
85.13.129.182	32	dbc	None	2020-03-24 00:00:00	2021-03-24 00:00:00	None	DE TO-S-2020-0369 Malicious Email Activity
85.13.130.208	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	DE Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
85.13.130.219	32	dbc	None	2020-03-24 00:00:00	2021-03-24 00:00:00	None	DE TO-S-2020-0369 Malicious Email Activity
85.13.134.0	24	TLM	None	2021-07-29 00:00:00	2021-10-27 00:00:00	None	HIVE Case #5884 TO-S-2021-1435 (IP=0,DE)
85.13.135.230	32	dbc	None	2020-06-08 00:00:00	2021-06-08 00:00:00	None	Unafiliated TO-S-2020-0592 Malicious Email Activity
85.13.142.116	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	DE TO-S-2021-1007 Malicious Email Activity
85.13.146.0	24	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5629 TO-S-2021-1303 (IP=0,DE)
85.13.152.160	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	DE TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
85.13.163.140	32	dbc	None	2020-05-13 00:00:00	2021-05-13 00:00:00	None	Unaffiliated TO-S-2020-0503 Malicious Email Activity
85.13.221.202	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	GB TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
85.132.12.0	24	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	AZ TO-S-2020-0331 Malicious Web Application Activity
85.132.6.0	24	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	AZ Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
85.138.75.232	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	PT TO-S-2020-0698 Malware Activity
85.140.3.162	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	RU TO-S-2020-0698 Malicious Email Activity
85.140.3.162	32	dbc	None	2020-06-10 00:00:00	2021-06-10 00:00:00	None	RU TO-S-2020-0601 Malicious Email Activity
85.142.148.188	24	EE	None	2021-01-09 00:00:00	2021-04-09 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6 HR Web Attack (IP=188,RU)
85.147.152.143	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	NL TO-S-2020-0459 Malware Activity
85.148.236.67	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	NL Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
85.152.162.105	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	ES TO-S-2021-0876 Hive Case 4166 Malware Activity
85.158.248.84	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	NL Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
85.159.214.167	24	RW	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=167,UK)
85.159.215.154	24	RT	None	2021-05-27 00:00:00	2021-08-25 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire Report (IP=154,UK)
85.165.196.222	24	GM	None	2020-11-28 00:00:00	2021-02-28 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - Failed Logons (IP=222,NO)
85.168.60.210	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	FR TO-S-2020-0303 Malicious Email Activity
85.172.10.95	24	KF	None	2020-06-21 00:00:00	2021-08-17 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=95,RU) | updated by RR Block was inactive. Reactivated on 20210511 with reason HTTP: SQL Injection Attempt Detected - Web Attacks (IP=95,RU) | updated by RR Block expiration ex
85.172.189.1	24	RW	None	2021-03-07 00:00:00	2021-06-07 00:00:00	None	SERVER-WEBAPP LifeRay arbitrary Java object deserialization attempt - 6 hr failed logons (IP=1,RU)
85.173.126.26	24	RW	None	2021-03-07 00:00:00	2021-06-07 00:00:00	None	FTP Login Failed - 6 hr failed logons (IP=26,RU)
85.187.128.14	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
85.187.128.22	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=22,US)
85.187.128.27	32	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	US TO-S-2020-0315 Malicious Web Application Activity
85.187.128.29	32	NAB	None	2020-10-30 00:00:00	2021-01-28 00:00:00	None	HIVE Case #4238 COLS-NA-TIP-20-0344 (IP=29,US)
85.187.128.30	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=30,US)
85.187.128.32	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	US Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
85.187.132.177	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
85.187.145.237	32	dbc	None	2020-01-08 00:00:00	2021-01-08 00:00:00	None	NL TO-S-2020-0236 Malicious Email Activity
85.187.7.222	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	BG Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
85.191.216.145	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	DK TO-S-2020-0298 Malicious Email Activity
85.191.249.51	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	DK TO-S-2020-0459 Malware Activity
85.192.186.2	32	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5629 TO-S-2021-1303 (IP=2,RU)
85.193.125.155	24	KD	None	2021-08-03 00:00:00	2021-11-01 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt- SSH Scan Report (IP=155,KZ)
85.197.178.49	24	GM	None	2021-02-15 00:00:00	2021-05-15 00:00:00	None	SERVER-WEBAPP LifeRay arbitrary Java object deserialization attempt - Sourcefire (IP=49,SE)
85.202.192.0	22	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	RU Hive Case 4237 TO-S-2021-0910 Malware Activity
85.202.194.141	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	DE Hive Case 4237 TO-S-2021-0910 Malware Activity
85.202.194.95	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	DE Hive Case 4237 TO-S-2021-0910 Malware Activity
85.202.32.10	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	PL Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
85.203.15.36	24	RW	None	2021-05-20 00:00:00	2021-08-19 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Sourcefire (IP=36,DE)
85.204.116.0	24	dbc	None	2020-09-17 00:00:00	2021-09-17 00:00:00	None	RO TO-S-2020-0805 Malware Activity
85.208.210.156	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	US TO-S-2020-0493 Malware Activity
85.208.252.0	24	dbc	None	2020-09-23 00:00:00	2021-09-23 00:00:00	None	IR TO-S-2020-0826 Hive Case 3950 Malicious Email Activity
85.208.87.65	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	US TO-S-2020-0493 Malware Activity
85.209.0.0	22	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	RU TO-S-2020-0331 Command and Control Exploit
85.209.150.56	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	US TO-S-2020-0493 Malware Activity
85.209.89.205	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	NL Hive Case 4237 TO-S-2021-0910 Malware Activity
85.209.89.241	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	NL Hive Case 4237 TO-S-2021-0910 Malware Activity
85.214.139.136	24	DT	None	2021-01-06 00:00:00	2021-04-06 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - SourceFire (IP=136,DE)
85.214.153.47	24	GM	None	2021-03-11 00:00:00	2021-06-11 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=47,DE)
85.214.170.148	24	DT	None	2021-02-21 00:00:00	2021-05-22 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - 6hr Web Attacks (IP=148,DE)
85.214.20.215	32	wmp	None	2021-05-21 00:00:00	2021-08-21 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=215,DE)
85.214.206.134	32	NAB	None	2020-11-09 00:00:00	2021-02-07 00:00:00	None	HIVE Case #4283 COLS-NA-TIP-20-0346 (IP=134,DE)
85.214.208.49	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	HIVE Case #Firepower Firepower (IP=49,DE)
85.214.213.211	32	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	DE TO-S-2020-0838 Malicious Email Activity
85.214.224.103	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	DE TO-S-2020-0698 Malicious Email Activity
85.214.224.129	32	wmp	None	2020-09-25 00:00:00	2021-10-29 00:00:00	None	HIVE Case #3980 COLS-NA-TIP-20-0305 (IP=129,DE) | updated by dbc Block expiration extended with reason DE Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
85.214.240.19	32	NAB	None	2020-10-30 00:00:00	2021-01-28 00:00:00	None	HIVE Case #4238 COLS-NA-TIP-20-0344 (IP=19,DE)
85.214.28.199	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	DE TO-S-2020-0331 Malicious Web Application Activity
85.214.44.193	24	GM	None	2020-12-19 00:00:00	2021-03-19 00:00:00	None	HTTP: Apache mod_cgi Bash Environment Variable Code Injection - Web Attacks (IP=193,DE)
85.214.49.130	24	EE	None	2021-03-28 00:00:00	2021-06-26 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=130,DE)
85.214.49.185	32	dbc	None	2020-09-23 00:00:00	2021-09-23 00:00:00	None	DE TO-S-2020-0826 Hive Case 3950 Malicious Email Activity
85.214.65.254	24	GM	None	2021-03-24 00:00:00	2021-06-24 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=254,DE)
85.214.85.206	32	wmp	None	2021-05-28 00:00:00	2021-08-28 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=206,DE)
85.215.86.216	24	RW	None	2020-12-27 00:00:00	2021-03-27 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Sourcefire (IP=216,DE)
85.217.194.34	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	BG Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
85.222.65.254	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	PL TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
85.234.128.124	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	GB TO-S-2020-0698 Malicious Email Activity
85.235.32.0	19	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	RU Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
85.236.0.0	19	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,RU)
85.236.51.71	24	RR	None	2021-03-30 00:00:00	2021-06-28 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt -SourceFire (IP=71,DE)
85.238.98.75	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	GB Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
85.239.32.0	19	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	RU TO-S-2021-1007 Malicious Email Activity
85.246.127.175	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=175,PT)
85.249.84.0	22	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,RU)
85.25.177.42	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	DE TO-S-2020-0303 Malicious Email Activity
85.25.185.197	24	DT	None	2021-08-20 00:00:00	2021-11-18 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt (1:28556:3) - Sourcefire (IP=197,FR)
85.25.207.108	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	FR TO-S-2021-0876 Hive Case 4166 Malware Activity
85.25.252.199	24	RB	None	2020-10-06 00:00:00	2021-01-04 00:00:00	None	Hive Case #4009 (IP=199,FR)
85.31.176.0	21	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	RU TO-S-2020-0303 Malicious Email Activity
85.33.36.165	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	IT TO-S-2020-0493 Malware Activity
85.33.39.225	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	IT TO-S-2020-0493 Malware Activity
85.45.77.34	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	IT Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
85.48.65.54	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	ES Hive Case 4237 TO-S-2021-0910 Malware Activity
85.51.149.32	32	KF	None	2019-11-03 00:00:00	2021-04-23 00:00:00	None	Immediate Inbound Network Block - TT# 20C00817 (IP=32,US) | updated by dbc Block was inactive. Reactivated on 20200423 with reason ES TO-S-2020-0459 Malware Activity
85.57.101.37	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=37,ES)
85.62.96.185	32	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5629 TO-S-2021-1303 (IP=185,ES)
85.66.181.138	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	HU TO-S-2021-0876 Hive Case 4166 Malware Activity
85.67.65.6	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	HU TO-S-2020-0298 Malicious Email Activity
85.75.228.83	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	GR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
85.75.66.75	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	GR TO-S-2020-0303 Malicious Email Activity
85.75.68.201	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	GR TO-S-2020-0459 Malware Activity
85.75.68.201	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	GR TO-S-2020-0459 Malware Activity
85.8.92.202	24	GM	None	2021-03-27 00:00:00	2021-06-25 00:00:00	None	SERVER-WEBAPP JBoss JMX console access attempt - Web Attacks (IP=202,DE)
85.89.188.97	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	PL Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
85.9.63.132	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	OM TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
85.90.182.120	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	HU TO-S-2020-0298 Malicious Email Activity
85.90.218.94	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	UA TO-S-2020-0298 Malicious Email Activity
85.90.247.110	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	NL TO-S-2020-0298 Malware Activity
85.90.247.155	24	EE	None	2021-04-12 00:00:00	2021-07-11 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire (IP=155,DE)
85.92.68.114	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	GB TO-S-2020-0459 Malware Activity
85.93.170.140	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	CZ TO-S-2020-0303 Malicious Email Activity
85.93.218.204	32	tpr	None	2015-03-17 05:00:00	2021-10-29 00:00:00	None	corpslocks/TOR (ip=204, LU) | updated by EDBT with reason SERVER-WEBAPP Phpcms user | updated by CR with reason OS-WINDOWS Microsoft Windows RDP MS_T120 channel bind attempt_SourceFire (IP=204,LU) | updated by dbc Block was inactive. Reactivated on
85.93.89.24	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	DE TO-S-2020-0493 Malware Activity
85.95.152.0	22	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	RU TO-S-2020-0315 Malware Activity
85.95.191.186	24	KD	None	2021-06-16 00:00:00	2021-09-14 00:00:00	None	SSH2 Failed Login Attempt - 6hr Failed Logons (IP=186,RU)
85.98.194.140	32	srm	None	2021-05-05 00:00:00	2021-08-03 00:00:00	None	Firepower Suspicious Scan Activity (IP=140,TR)
85.99.205.25	24	EE	None	2021-04-08 00:00:00	2021-07-07 00:00:00	None	SQL injection - Web Attack (IP=25,TR)
86.101.80.12	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	HU TO-S-2020-0298 Malicious Email Activity
86.104.240.0	21	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	IR TO-S-2020-0331 Malicious Web Application Activity
86.104.32.0	20	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	IR Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
86.105.152.0	23	kmw	None	2020-01-02 00:00:00	2021-01-02 00:00:00	None	RO TO-S-2020-0228 Malicious Email Activity
86.105.18.116	32	NAB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HIVE Case #5136 TO-S-21-1197 TO-S-21-1197.01 (IP=116,NL)
86.105.187.0	24	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,RO)
86.106.131.177	32	NAB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HIVE Case #5136 TO-S-21-1197 TO-S-21-1197.01 (IP=177,DE)
86.106.20.170	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	NL Hive Case 4187 TO-S-2021-0898 Malicious Web Application Activity
86.106.208.0	20	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	MD TO-S-2020-0331 Malicious Web Application Activity
86.108.13.226	32	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5637 TO-S-2021-1321 (IP=226,JO)
86.108.60.161	32	srm	None	2021-04-27 00:00:00	2021-07-26 00:00:00	None	Firepower Suspicious Scan Activity (IP=161,JO)
86.109.170.198	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	ES TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
86.110.195.0	24	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	RU TO-S-2020-0331 Malicious Web Application Activity
86.110.234.50	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	SK TO-S-2020-0331 Malicious Web Application Activity
86.111.0.0	19	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5629 TO-S-2021-1303 (IP=0,RU)
86.132.187.125	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	GB TO-S-2020-0535 Malware Activity
86.162.215.168	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	GB TO-S-2020-0331 Malicious Web Application Activity
86.182.101.10	24	BMP	None	2021-01-07 00:00:00	2021-04-07 00:00:00	None	Spoofed IP External Scanning - Hive Case 4722 (IP=10,GB)
86.182.176.28	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	GB TO-S-2020-0303 Malicious Email Activity
86.193.209.93	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	FR TO-S-2021-1007 Malware Activity
86.201.33.116	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=116,FR)
86.206.239.107	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	FR TO-S-2020-0459 Malware Activity
86.206.239.228	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	FR TO-S-2020-0459 Malware Activity
86.207.207.213	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	FR TO-S-2020-0298 Malicious Email Activity
86.221.7.152	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	FR TO-S-2020-0459 Malware Activity
86.246.28.41	24	RR	None	2021-09-13 00:00:00	2021-12-12 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - Web Attacks (IP=41,FR)
86.254.110.45	32	kmw	None	2020-01-02 00:00:00	2021-01-02 00:00:00	None	FR TO-S-2020-0228 Malicious Email Activity
86.5.78.67	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	GB TO-S-2020-0298 Malicious Email Activity
86.52.138.46	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	DK TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
86.55.191.186	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	ES TO-S-2020-0750 Malicious Email Activity
86.60.206.150	24	ZH	None	2021-08-19 00:00:00	2021-11-17 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - 6hr web attacks (IP=150,FI)
86.61.77.254	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	SI Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
86.62.66.122	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=122,RU)
86.63.127.12	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	PL TO-S-2020-0303 Malicious Email Activity
86.81.185.230	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	NL TO-S-2020-0459 Malware Activity
86.94.143.134	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	NL TO-S-2020-0331 Malicious Web Application Activity
86.97.177.181	24	KD	None	2021-09-04 00:00:00	2021-12-03 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - Failed Logons (IP=181,AE)
87.0.21.130	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	IT TO-S-2020-0331 Malicious Web Application Activity
87.1.2.75	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	IT TO-S-2020-0459 Malware Activity
87.1.201.88	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	IT TO-S-2020-0303 Malicious Email Activity
87.10.204.24	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	IT TO-S-2020-0331 Malicious Web Application Activity
87.10.3.155	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	IT TO-S-2020-0298 Malicious Email Activity
87.101.79.82	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	PL TO-S-2020-0331 Malicious Web Application Activity
87.102.30.193	24	BMP	None	2021-02-23 00:00:00	2021-05-24 00:00:00	None	SERVER-WEBAPP LifeRay arbitrary Java object deserialization attempt - SourceFire (IP=193,GB)
87.106.14.28	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	DE TO-S-2020-0331 Malware Activity
87.106.231.60	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	DE TO-S-2021-0876 Hive Case 4166 Malware Activity
87.106.46.107	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	DE TO-S-2021-0876 Hive Case 4166 Malware Activity
87.11.108.190	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	IT TO-S-2020-0459 Malware Activity
87.11.246.45	24	CR	None	2021-05-04 00:00:00	2021-08-04 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability_6 hr web attacks (IP=45,IT)
87.116.151.239	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	RS Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
87.117.225.108	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	GB Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
87.117.239.104	32	NAB	None	2020-10-30 00:00:00	2021-01-28 00:00:00	None	HIVE Case #4238 COLS-NA-TIP-20-0344 (IP=104,GB)
87.118.122.51	32	wmp	None	2021-05-06 00:00:00	2021-08-06 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=51,DE)
87.120.36.83	32	srm	None	2021-04-26 00:00:00	2021-07-25 00:00:00	None	Firepower Suspicious Scan Activity (IP=83,BG)
87.120.36.83	24	RW	None	2021-04-29 00:00:00	2021-07-29 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt - Sourcefire (IP=83,BG)
87.120.88.213	24	WR	None	2021-05-25 00:00:00	2021-08-23 00:00:00	None	HTTP: ThinkPHP CMS Getshell
87.120.99.204	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	BG Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
87.121.20.59	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	BG TO-S-2020-0331 Malicious Web Application Activity
87.121.76.0	22	dbc	None	2020-03-24 00:00:00	2021-03-24 00:00:00	None	BG TO-S-2020-0369 Malicious Email Activity
87.121.76.98	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	BG TO-S-2020-0331 Malicious Web Application Activity
87.122.160.118	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	DE TO-S-2020-0331 Malicious Web Application Activity
87.123.113.32	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	DE TO-S-2020-0298 Malicious Email Activity
87.123.180.150	24	RR	None	2021-06-06 00:00:00	2021-09-04 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - Web Attacks (IP=150,DE)
87.123.206.240	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	DE Hive Case 4187 TO-S-2021-0898 Malicious Web Application Activity
87.13.4.115	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	IT TO-S-2020-0331 Malicious Web Application Activity
87.138.243.203	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	DE TO-S-2020-0298 Malicious Email Activity
87.15.130.109	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	IT TO-S-2020-0493 Malware Activity
87.15.135.177	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	IT Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
87.15.164.87	24	AR	None	2021-07-11 00:00:00	2021-10-09 00:00:00	None	SSH User Authentication Brute Force Attempt - 6 Hr Failed Logons (IP=87,IT)
87.15.184.101	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	IT Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
87.155.227.135	24	RR	None	2021-05-01 00:00:00	2021-07-30 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - SourceFire (IP=135,DE)
87.173.13.7	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	DE TO-S-2020-0298 Malicious Email Activity
87.178.89.51	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	US TO-S-2020-0303 Malicious Email Activity
87.18.114.12	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	IT Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
87.18.209.135	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	IT Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
87.183.161.130	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	DE TO-S-2020-0303 Malicious Email Activity
87.19.0.241	24	KD	None	2021-09-05 00:00:00	2021-12-04 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt- Web Attacks (IP=241,IT)
87.19.73.8	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	IT TO-S-2020-0698 Malicious Email Activity
87.2.240.186	24	RB	None	2021-02-13 00:00:00	2021-05-14 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - 6hr web attacks (IP=42,US)
87.20.104.70	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	IT TO-S-2020-0459 Malware Activity
87.207.153.228	24	DT	None	2020-11-07 00:00:00	2021-02-07 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - 6hr Web Attacks (IP=228,PL)
87.21.245.125	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	IT Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
87.222.134.28	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	ES TO-S-2021-1007 Malware Activity
87.229.73.207	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	HU Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
87.230.26.5	32	dbc	None	2020-06-10 00:00:00	2021-06-10 00:00:00	None	Unaffiliated TO-S-2020-0601 Malicious Email Activity
87.236.24.0	21	dbc	None	2020-09-17 00:00:00	2021-09-17 00:00:00	None	RU TO-S-2020-0805 Malicious Web Application Activity
87.238.200.156	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	GB TO-S-2020-0298 Malicious Email Activity
87.239.255.25	32	wmp	None	2021-06-29 00:00:00	2021-09-29 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=25,IL)
87.241.1.186	24	RR	None	2021-05-24 00:00:00	2021-09-04 00:00:00	None	SSH2 Failed Login Attempt - Failed Logons (IP=186,IT) | updated by RR Block expiration extended with reason SSH2 Failed Login Attempt - Failed Logons (IP=186,IT)
87.241.216.0	23	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	RU TO-S-2020-0298 Malicious Email Activity
87.243.119.203	32	dbc	None	2020-01-08 00:00:00	2021-01-08 00:00:00	None	BG TO-S-2020-0236 Malicious Email Activity
87.247.136.0	22	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	BA TO-S-2020-0298 Malicious Email Activity
87.248.19.119	24	EE	None	2021-02-11 00:00:00	2021-05-11 00:00:00	None	FTP Login Failed - 6 HR Failed Logons (IP=119,NO)
87.248.191.4	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	MD TO-S-2020-0750 Malicious Email Activity
87.249.0.0	19	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,RU)
87.249.36.26	32	dbc	None	2020-01-08 00:00:00	2021-01-08 00:00:00	None	RU TO-S-2020-0236 Malicious Email Activity
87.250.154.130	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	NL TO-S-2020-0331 Malicious Email Activity
87.251.144.0	23	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	IR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
87.251.73.0	24	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,RU)
87.251.74.251	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	RU Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
87.251.74.4	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	RU Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
87.251.75.145	32	wmp	None	2021-06-22 00:00:00	2021-09-22 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=145,RU)
87.251.84.0	22	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5629 TO-S-2021-1303 (IP=0,RU)
87.26.2.130	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	IT Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
87.26.54.218	24	KH	None	2021-09-04 00:00:00	2021-12-03 00:00:00	None	Drupal Core CVE-2018-7600 Form Rendering Post_render RCE - FE IPS (IP=218,IT)
87.26.58.135	24	BMP	None	2021-02-11 00:00:00	2021-05-11 00:00:00	None	SERVER-WEBAPP LifeRay arbitrary Java object deserialization attempt (1:56800:1) - SourceFire (IP=135,IT)
87.27.150.175	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	IT TO-S-2020-0303 Malicious Email Activity
87.27.155.225	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	IT Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
87.27.182.150	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	IT Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
87.27.182.169	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	IT TO-S-2020-0331 Malicious Web Application Activity
87.27.82.13	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	IT TO-S-2020-0493 Malware Activity
87.4.246.238	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	IT TO-S-2020-0331 Malicious Web Application Activity
87.44.4.192	24	BMP	None	2021-05-14 00:00:00	2021-08-12 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=192,IE)
87.44.4.234	24	RB	None	2021-05-08 00:00:00	2021-08-06 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=234,IE)
87.50.17.105	32	wmp	None	2021-05-06 00:00:00	2021-08-06 00:00:00	None	Palo Alto Suspicious Scan Activity (IP=105,DK)
87.6.17.48	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	IT TO-S-2020-0298 Malicious Email Activity
87.66.58.107	24	KH	None	2021-09-05 00:00:00	2021-12-04 00:00:00	None	Drupal Core CVE-2018-7600 Form Rendering Post_render RCE - FE IPS (IP=107,BE)
87.69.64.0	18	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	IL Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
87.7.201.165	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	IT TO-S-2020-0298 Malicious Email Activity
87.74.119.235	24	DT	None	2021-06-21 00:00:00	2021-09-19 00:00:00	None	SERVER-WEBAPP Oracle Business Intelligence directory traversal attempt (1:49967:2) - Source Fire (IP=235,BR)
87.8.254.36	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	IT TO-S-2020-0331 Malicious Web Application Activity
87.9.214.25	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	IT TO-S-2020-0298 Malicious Email Activity
87.97.154.245	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	BG TO-S-2020-0331 Malicious Web Application Activity
87.98.154.146	32	NAB	None	2020-10-30 00:00:00	2021-01-28 00:00:00	None	HIVE Case #4238 COLS-NA-TIP-20-0344 (IP=146,FR)
87.98.231.18	32	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	FR TO-S-2020-0315 Malicious Email Activity
87.98.239.4	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	PL TO-S-2020-0698 Malware Activity
87.98.252.190	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	FR TO-S-2020-0698 Malicious Email Activity
88.100.39.132	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	CZ TO-S-2020-0298 Malicious Email Activity
88.107.185.177	24	BMP	None	2020-12-24 00:00:00	2021-03-24 00:00:00	None	APT Webshell SUPERNOVA - FireEye CMS (IP=177,GB)
88.119.152.247	24	RR	None	2021-06-06 00:00:00	2021-09-04 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=247,LT)
88.119.171.94	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	NL Hive Case 4237 TO-S-2021-0910 Malware Activity
88.119.175.104	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	Unaffiliated TO-S-2020-0698 Malicious Email Activity
88.119.55.78	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	LT TO-S-2020-0298 Malicious Email Activity
88.120.150.18	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	FR TO-S-2020-0459 Malware Activity
88.120.150.18	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	FR TO-S-2020-0459 Malware Activity
88.120.214.188	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	FR TO-S-2020-0331 Malicious Web Application Activity
88.129.117.175	24	RB	None	2020-10-30 00:00:00	2021-01-28 00:00:00	None	INDICATORSCAN SSH brute force login attempt Sourcefire (IP=175,SE)
88.132.222.62	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	HU TO-S-2020-0303 Malicious Email Activity
88.135.112.0	20	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	UA Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
88.135.192.0	19	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	UA Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
88.136.1.127	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	FR TO-S-2020-0459 Malware Activity
88.137.132.163	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	FR TO-S-2020-0331 Malicious Web Application Activity
88.138.23.192	24	AR	None	2021-07-02 00:00:00	2021-09-30 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6 Hr Failed Logons (IP=192,FR)
88.147.124.210	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	IT TO-S-2020-0459 Malware Activity
88.147.124.210	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	IT TO-S-2020-0459 Malware Activity
88.147.152.23	32	jkc	None	2020-06-26 00:00:00	2021-06-26 00:00:00	None	Case # 3146 - IOC_ CTO 20-172 malicious callback IP (ip=23,RU)
88.147.174.122	32	jkc	None	2020-06-26 00:00:00	2021-06-26 00:00:00	None	Case # 3146 - IOC_ CTO 20-172 malicious callback IP (ip=122,RU)
88.147.6.142	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	IT TO-S-2020-0535 Malware Activity
88.147.97.192	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	IT TO-S-2020-0331 Malicious Web Application Activity
88.148.21.248	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	ES TO-S-2020-0303 Malicious Email Activity
88.148.21.48	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	ES TO-S-2020-0303 Malicious Email Activity
88.148.21.61	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	ES TO-S-2020-0298 Malicious Email Activity
88.15.221.144	24	GM	None	2021-01-11 00:00:00	2021-04-11 00:00:00	None	SQL use of concat function with select - likely SQL injection - Sourcefire (IP=144,ES)
88.162.248.131	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	FR TO-S-2020-0459 Malware Activity
88.165.69.16	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	FR TO-S-2020-0459 Malware Activity
88.166.238.133	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	FR TO-S-2020-0331 Malicious Web Application Activity
88.169.70.236	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	FR TO-S-2020-0303 Malicious Email Activity
88.18.40.108	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	ES TO-S-2020-0331 Malicious Web Application Activity
88.187.184.45	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	FR TO-S-2020-0303 Malicious Email Activity
88.198.0.178	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	DE Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
88.198.150.45	32	kmw	None	2020-01-02 00:00:00	2021-01-02 00:00:00	None	DE TO-S-2020-0228 Malicious Web Application Activity
88.198.188.55	32	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	DE TO-S-2020-0315 Malicious Email Activity
88.198.216.152	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	DE TO-S-2020-0331 Malicious Email Activity
88.198.51.176	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=176,DE)
88.198.69.206	32	TLM	None	2021-07-29 00:00:00	2021-10-27 00:00:00	None	HIVE Case #5884 TO-S-2021-1435 (IP=206,DE)
88.199.42.14	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	PL Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
88.200.136.0	23	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	RU TO-S-2021-0876 Hive Case 4166 Malware Activity
88.200.200.128	25	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	RU TO-S-2020-0331 Command and Control Exploit
88.200.214.0	23	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	RU TO-S-2020-0331 Malicious Web Application Activity
88.200.223.190	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	RU Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
88.201.62.218	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	BH TO-S-2020-0303 Malicious Email Activity
88.202.179.174	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	GB TO-S-2020-0459 Malware Activity
88.202.190.132	24	RT	None	2021-06-08 00:00:00	2021-09-06 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire Report (IP=132,UK)
88.206.235.26	24	UA	None	2021-07-11 00:00:00	2021-10-09 00:00:00	None	Adobe ColdFusion Administrator Access Restriction - 6 Hr Web Attack (IP=443,SE)
88.207.143.240	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	LU TO-S-2020-0459 Malware Activity
88.207.218.36	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	US TO-S-2020-0303 Malicious Email Activity
88.207.60.27	24	BMP	None	2021-05-25 00:00:00	2021-08-23 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6hr Failed Logons (IP=27,HR)
88.208.252.203	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	GB TO-S-2020-0750 Malicious Email Activity
88.208.252.32	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	GB TO-S-2020-0459 Malware Activity
88.208.96.162	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	CZ TO-S-2020-0298 Malicious Email Activity
88.212.60.151	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	SK TO-S-2020-0331 Malicious Web Application Activity
88.214.194.53	32	GED	None	2020-12-04 00:00:00	2021-03-04 00:00:00	None	HIVE Case #NA FP CIO Policy (IP=53,GB)
88.214.207.96	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	US TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
88.214.24.55	32	jkc	None	2021-04-21 00:00:00	2021-10-21 00:00:00	None	Case # 5273 IOC_TO-S-2021-1233 Malicious callback IP
88.214.26.55	32	dbc	None	2020-03-24 00:00:00	2021-03-24 00:00:00	None	US TO-S-2020-0369 Malicious Email Activity
88.217.172.165	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	DE TO-S-2021-0876 Hive Case 4166 Malware Activity
88.218.16.177	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	NL TO-S-2021-1007 Malicious Email Activity
88.218.16.177	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	NL TO-S-2021-1007 Malicious Email Activity
88.218.16.177	32	srm	None	2020-12-10 00:00:00	2021-03-10 00:00:00	None	HIVE Case #4529 COLS-NA-TIP-20-0404 (IP=177,NL)
88.218.16.203	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	NL TO-S-2021-1007 Malicious Email Activity
88.218.16.241	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	NL TO-S-2020-0331 Malicious Email Activity
88.218.16.57	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	ES TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
88.218.16.89	32	NAB	None	2020-12-09 00:00:00	2021-03-09 00:00:00	None	HIVE Case #4509 COLS-NA-TIP-20-0396 (IP=89,NL)
88.218.17.196	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	NL TO-S-2021-1007 Malware Activity
88.219.236.170	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	FR TO-S-2020-0459 Malware Activity
88.225.209.75	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=75,TR)
88.225.212.202	24	BMP	None	2021-02-13 00:00:00	2021-05-13 00:00:00	None	HTTP: Apache mod_cgi Bash Environment Variable Code Injection - 6 HR Web Attack (IP=202,TR)
88.227.161.106	32	srm	None	2021-04-26 00:00:00	2021-07-25 00:00:00	None	Firepower Suspicious Scan Activity (IP=106,TR)
88.230.45.206	24	RB	None	2021-01-20 00:00:00	2021-04-21 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt (IP=206,TR)
88.236.64.218	32	wmp	None	2021-04-19 00:00:00	2021-07-19 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=218,TR)
88.237.216.138	24	RW	None	2021-05-02 00:00:00	2021-08-02 00:00:00	None	HTTP: Grandstream UCM6200 SQL Injection Vulnerability (CVE-2020-5722) - Web attacks (IP=138,TR)
88.241.152.76	24	EE	None	2021-04-15 00:00:00	2021-07-14 00:00:00	None	Self Report/Malicious requests - TT# 21C01012 (IP=76,TR)
88.241.42.148	24	RR	None	2021-06-19 00:00:00	2021-09-17 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - SourceFire (IP=148,TR)
88.241.53.45	24	RB	None	2021-07-27 00:00:00	2021-10-27 00:00:00	None	SERVER-WEBAPP Liferay arbitrary Java object deserialization attempt - 6hr web attacks (IP=45,TR) | updated by RR Block expiration extended with reason SERVER-WEBAPP Apache Unomi OGNL MVEL2 remote command execution attempt - SourceFire (IP=45,TR)
88.242.18.84	32	wmp	None	2021-04-15 00:00:00	2021-07-15 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=84,TR)
88.242.18.84	24	EE	None	2021-04-15 00:00:00	2021-07-14 00:00:00	None	SERVER-OTHER OpenSSL TLSv1.1 heartbeat read overrun attempt (1:30524:5) Sourcefire (IP=84,TR)
88.250.200.163	32	srm	None	2021-01-29 00:00:00	2021-04-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=163,TR)
88.34.126.169	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	IT TO-S-2020-0493 Malware Activity
88.36.135.138	32	srm	None	2021-01-29 00:00:00	2021-04-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=138,IT)
88.44.33.166	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	IT Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
88.47.188.51	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	IT TO-S-2020-0298 Malicious Email Activity
88.5.237.10	32	wmp	None	2021-04-16 00:00:00	2021-07-16 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=10,ES)
88.57.72.14	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	IT TO-S-2020-0493 Malware Activity
88.58.46.118	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	IT TO-S-2020-0493 Malware Activity
88.59.246.115	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=115,IT)
88.60.106.99	24	KH	None	2021-09-04 00:00:00	2021-12-03 00:00:00	None	Drupal Core CVE-2018-7600 Form Rendering Post_render RCE - FE IPS (IP=99,IT)
88.61.0.93	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	IT Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
88.77.165.250	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	DE TO-S-2020-0298 Malicious Email Activity
88.80.147.102	24	EE	None	2021-09-27 00:00:00	2021-12-26 00:00:00	None	HIVE Case #6251 IOC_Stealbit_2.0 (IP=102,BG)
88.80.148.137	24	RB	None	2020-11-25 00:00:00	2021-02-25 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt - Sourcefire (IP=137,BG)
88.80.148.38	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	BG TO-S-2020-0298 Malicious Web Application Activity
88.80.63.99	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	RU TO-S-2020-0331 Malicious Web Application Activity
88.81.237.146	24	RR	None	2021-03-23 00:00:00	2021-06-21 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) -SourceFire (IP=146,UK)
88.83.53.165	24	GM	None	2020-10-08 00:00:00	2021-01-08 00:00:00	None	Generic URI Injection wget Attempt - FE CMS/IPS alerts (IP=165,SE)
88.85.176.162	32	jkc	None	2020-06-26 00:00:00	2021-06-26 00:00:00	None	Case # 3146 - IOC_ CTO 20-172 malicious callback IP (ip=162,RU)
88.85.66.229	32	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	NL TO-S-2020-0315 Malware Activity
88.95.11.181	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	NO TO-S-2020-0459 Malware Activity
88.99.10.235	32	dbc	None	2020-09-01 00:00:00	2021-09-01 00:00:00	None	GB HIVE Case #3744 TO-S-2020-0772 Malicious Activity
88.99.10.236	32	dbc	None	2020-09-01 00:00:00	2021-09-01 00:00:00	None	GB HIVE Case #3744 TO-S-2020-0772 Malicious Activity
88.99.138.91	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	Unaffiliated TO-S-2020-0535 Malicious Email Activity
88.99.167.222	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	DE Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
88.99.167.77	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	DE Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
88.99.167.77	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	DE Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
88.99.177.103	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	DE TO-S-2020-0298 Malware Activity
88.99.189.122	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=122,DE)
88.99.212.84	32	dbc	None	2020-09-23 00:00:00	2021-09-23 00:00:00	None	DE TO-S-2020-0826 Hive Case 3950 Malicious Email Activity
88.99.28.229	32	dbc	None	2020-05-13 00:00:00	2021-05-13 00:00:00	None	Unaffiliated TO-S-2020-0503 Malicious Email Activity
88.99.32.193	24	RR	None	2021-03-08 00:00:00	2021-06-06 00:00:00	None	OS-MOBILE Android WhatsApp malformed GIF double-free remote code execution attempt - SourceFire (IP=193,DE)
88.99.65.110	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=110,DE)
88.99.85.94	32	NAB	None	2021-05-13 00:00:00	2021-11-13 00:00:00	None	HIVE Case #NA FP Security (IP=94,DE)
8802714977.adollarchange.com	---	TLM	None	2021-06-15 00:00:00	2021-09-13 00:00:00	2023-01-19 22:57:32	HIVE Case #5605 TO-S-2021-1338
89.1.79.178	24	GM	None	2021-03-27 00:00:00	2021-06-25 00:00:00	None	SERVER-WEBAPP JBoss JMX console access attempt - Web Attacks (IP=178,DE)
89.102.200.56	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	CZ TO-S-2020-0303 Malicious Email Activity
89.102.22.214	24	CR	None	2021-05-12 00:00:00	2021-08-10 00:00:00	None	SQL injection - Web Attacks (IP=214,CZ)
89.104.64.0	19	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	RU Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
89.105.192.110	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	NL Hive Case 4187 TO-S-2021-0898 Malicious Web Application Activity
89.105.210.194	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	NL TO-S-2020-0303 Malicious Service Distruption Activity
89.106.124.144	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	BG TO-S-2020-0298 Malicious Email Activity
89.107.184.76	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	DE TO-S-2020-0331 Malicious Email Activity
89.107.228.52	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	TR Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
89.109.254.178	32	TLM	None	2021-07-29 00:00:00	2021-10-27 00:00:00	None	HIVE Case #5884 TO-S-2021-1435 (IP=178,RU)
89.110.53.179	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	RU TO-S-2020-0331 Malicious Web Application Activity
89.111.132.0	23	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5629 TO-S-2021-1303 (IP=0,RU)
89.115.102.167	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	PT TO-S-2020-0459 Malware Activity
89.115.102.167	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	PT TO-S-2020-0459 Malware Activity
89.115.196.173	24	SW	None	2021-06-09 00:00:00	2021-09-07 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks(IP=173, PT)
89.120.94.54	24	CR	None	2021-06-29 00:00:00	2021-09-27 00:00:00	None	ESM High Attacker Suspicious Scan Activity (IP=54,RO)
89.133.26.67	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	HU Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
89.135.133.170	24	DT	None	2021-06-29 00:00:00	2021-09-27 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt (1:19559:13) - Source Fire (IP=170,HU)
89.141.244.174	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	ES TO-S-2020-0331 Malicious Web Application Activity
89.148.143.202	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	IT TO-S-2020-0303 Malicious Email Activity
89.148.143.252	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	IT TO-S-2020-0303 Malicious Email Activity
89.154.165.167	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	PT Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
89.154.205.86	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	PT TO-S-2020-0303 Malicious Email Activity
89.161.75.242	32	FT	None	2020-10-08 00:00:00	2021-01-06 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - 6hr web attacks (IP=242,PL)
89.162.11.76	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	NO TO-S-2020-0298 Malicious Email Activity
89.163.132.133	24	RR	None	2021-05-24 00:00:00	2021-08-22 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - SourceFire (IP=133,DE)
89.163.140.58	24	KH	None	2021-08-03 00:00:00	2021-11-01 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt (1:28556:3) - Sourcefire (IP=58,DE)
89.163.142.217	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	DE TO-S-2021-0876 Hive Case 4166 Malware Activity
89.163.146.103	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=103,DE)
89.163.154.91	24	RB	None	2021-05-15 00:00:00	2021-08-13 00:00:00	None	SQL injection - 6hr web attacks (IP=91,DE)
89.163.212.109	32	FT	None	2021-01-02 00:00:00	2021-04-02 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - 6hr Web attacks (IP=109,DE)
89.163.212.109	32	FT	None	2021-01-02 00:00:00	2021-04-02 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - 6hr Web attacks (IP=109,DE)
89.163.227.150	32	dbc	None	2020-06-08 00:00:00	2021-06-08 00:00:00	None	Unafiliated TO-S-2020-0592 Malicious Email Activity
89.163.237.217	32	kmw	None	2020-01-02 00:00:00	2021-01-02 00:00:00	None	DE TO-S-2020-0228 Malicious Email Activity
89.163.239.216	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	DE TO-S-2020-0331 Malware Activity
89.163.249.192	24	KH	None	2021-07-07 00:00:00	2021-10-05 00:00:00	None	SQL injection - 6 hr web attacks (IP=192,DE)
89.163.252.230	24	RB	None	2021-05-15 00:00:00	2021-08-13 00:00:00	None	SQL injection - 6hr web attacks (IP=230,DE)
89.163.255.45	24	RR	None	2021-02-08 00:00:00	2021-05-09 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=45,DE)
89.163.255.45	24	BMP	None	2021-02-08 00:00:00	2021-05-09 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=45,DE)
89.174.14.245	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	PL TO-S-2020-0331 Malicious Web Application Activity
89.174.167.150	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	PL Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
89.186.77.189	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	IT TO-S-2020-0298 Malicious Email Activity
89.186.91.200	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	IT TO-S-2021-0876 Hive Case 4166 Malware Activity
89.187.172.242	32	dbc	None	2020-06-08 00:00:00	2021-06-08 00:00:00	None	US TO-S-2020-0592 Malware Activity
89.187.178.171	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	US TO-S-2020-0331 Malware Activity
89.187.180.239	32	dbc	None	2020-06-08 00:00:00	2021-06-08 00:00:00	None	US TO-S-2020-0592 Malware Activity
89.187.185.165	32	BMP	None	2020-11-17 00:00:00	2021-02-17 00:00:00	None	SERVER-WEBAPP Cisco ASA directory traversal attempt - 6hr Web Attacks (IP=165,US)
89.187.222.129	32	BMP	None	2021-04-21 00:00:00	2021-07-20 00:00:00	None	IP block request / self report - TT# 21C01042 IP=129,LB
89.19.17.186	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	TR TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
89.190.156.33	32	wmp	None	2021-03-09 00:00:00	2021-06-09 00:00:00	None	ArcSight ESM High Attacker (IP=33,NL)
89.190.232.45	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	RU TO-S-2020-0303 Malicious Email Activity
89.191.224.0	21	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	RU Hive Case 4237 TO-S-2021-0910 Malware Activity
89.203.250.101	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	CZ Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
89.207.13.38	24	RB	None	2021-03-29 00:00:00	2021-06-27 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - 6hr web attacks (IP=38,TR)
89.210.246.108	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	GR TO-S-2020-0298 Malicious Email Activity
89.210.27.2	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	GR TO-S-2020-0331 Malicious Web Application Activity
89.211.218.8	24	EE	None	2021-04-20 00:00:00	2021-07-19 00:00:00	None	rConfig SQL Injection Vulnerability - Web Attack (IP=8,QA)
89.211.237.161	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	QA TO-S-2020-0493 Malware Activity
89.212.9.88	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=88,SI)
89.218.73.74	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	KZ TO-S-2020-0298 Malicious Email Activity
89.219.22.0	24	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	KZ TO-S-2020-0750 Malicious Email Activity
89.22.110.18	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	DE TO-S-2020-0750 Malicious Email Activity
89.221.208.0	20	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	CZ TO-S-2020-0535 Malware Activity
89.223.125.0	24	dbc	None	2020-09-17 00:00:00	2021-09-17 00:00:00	None	RU TO-S-2020-0805 Malicious Web Application Activity
89.223.27.56	24	RW	None	2021-04-19 00:00:00	2021-07-19 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web attacks (IP=56,RU)
89.223.27.56	24	RW	None	2021-04-19 00:00:00	2021-07-19 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Sourcefire (IP=56,RU)
89.234.157.254	32	tpr	None	2015-03-17 05:00:00	2021-06-10 00:00:00	None	corpslocks/TOR (ip=254, FR) | updated by jky with reason FR TO-S-2017-0361 Foreign CNE actors | updated by RW Block was inactive. Reactivated on 20210310 with reason HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00663 (IP=254
89.236.112.100	32	RW	None	2021-03-10 00:00:00	2021-06-10 00:00:00	None	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00664 (IP=100,FL)
89.237.192.247	24	EE	None	2021-01-13 00:00:00	2021-04-13 00:00:00	None	FTP Login Failed - 6 HR Failed Logon (IP=247,KG)
89.238.138.244	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	GB TO-S-2020-0459 Malware Activity
89.238.167.46	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	GB TO-S-2020-0459 Malware Activity
89.238.178.206	24	EE	None	2021-01-09 00:00:00	2021-04-09 00:00:00	None	SERVER-WEBAPP Mantis Bug Tracker password reset attempt (1:43693:2) - SourceFire (IP=206,ES)
89.238.178.35	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	ES TO-S-2020-0298 Malicious Email Activity
89.238.186.246	32	dbc	None	2020-06-10 00:00:00	2021-06-10 00:00:00	None	CZ TO-S-2020-0601 Malicious Email Activity
89.238.186.91	32	dbc	None	2020-06-10 00:00:00	2021-06-10 00:00:00	None	CZ TO-S-2020-0601 Malicious Email Activity
89.238.188.98	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	GB TO-S-2020-0459 Malware Activity
89.238.191.198	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	GB TO-S-2021-1007 Malware Activity
89.238.207.5	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	Unaffiliated TO-S-2020-0535 Malicious Email Activity
89.239.25.66	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	CZ TO-S-2020-0331 Malicious Web Application Activity
89.241.251.30	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	GB TO-S-2020-0331 Malicious Web Application Activity
89.242.11.86	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	GB Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
89.242.254.139	24	RR	None	2021-04-26 00:00:00	2021-07-25 00:00:00	None	FTP Login Failed - Web Attacks (IP=139,GB)
89.242.4.72	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	GB TO-S-2020-0298 Malicious Email Activity
89.243.13.176	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	GB TO-S-2020-0331 Malicious Web Application Activity
89.248.165.13	24	DT	None	2021-03-25 00:00:00	2021-06-23 00:00:00	None	TCP: SYN Host Sweep (IP=13,SC)
89.248.165.163	32	wmp	None	2021-03-09 00:00:00	2021-06-09 00:00:00	None	ArcSight ESM High Attacker (IP=163,GB)
89.248.165.7	32	wmp	None	2021-02-09 00:00:00	2021-05-09 00:00:00	None	Imperva Suspicious Scan Activity (IP=7,NL)
89.248.167.131	24	BMP	None	2021-08-07 00:00:00	2021-11-05 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire (IP=131,NL)
89.248.170.31	24	RR	None	2021-01-19 00:00:00	2021-04-19 00:00:00	None	SERVER-WEBAPP Axis Communications IP camera SSI command injection attempt Web Attacks (IP=31,NL)
89.248.172.123	32	dbc	None	2020-09-01 00:00:00	2021-09-01 00:00:00	None	NL HIVE Case #3744 TO-S-2020-0772 Malicious Activity
89.248.172.16	32	tpr	None	2014-02-03 06:00:00	2021-08-09 00:00:00	None	DNS probes, any searches, DOS 774 | updated by GLM with reason PROTOCOL-DNS named version attempt (IP=16,SC) | updated by FT Block was inactive. Reactivated on 20200920 with reason HTTP: Microsoft Windows HTTP.sys Remote Code Execution | updated by
89.248.172.16	32	FT	None	2020-09-20 00:00:00	2021-08-09 00:00:00	None	DNS probes, any searches, DOS 774 | updated by GLM with reason PROTOCOL-DNS named version attempt (IP=16,SC) | updated by FT Block was inactive. Reactivated on 20200920 with reason HTTP: Microsoft Windows HTTP.sys Remote Code Execution | updated by
89.248.172.16	32	srm	None	2021-05-11 00:00:00	2021-08-09 00:00:00	None	DNS probes, any searches, DOS 774 | updated by GLM with reason PROTOCOL-DNS named version attempt (IP=16,SC) | updated by FT Block was inactive. Reactivated on 20200920 with reason HTTP: Microsoft Windows HTTP.sys Remote Code Execution | updated by
89.248.172.16	24	ZH	None	2021-06-01 00:00:00	2021-08-30 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire Report (IP=16,NL)
89.248.172.85	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	NL Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
89.248.172.90	24	RB	None	2021-06-12 00:00:00	2021-09-10 00:00:00	None	FOX-SRT - IOC - XServer/Agent - Possible XServer Start SOCKS5 Proxy mode - Sourcefire (IP=90,NL)
89.248.172.90	24	RB	None	2021-06-12 00:00:00	2021-09-10 00:00:00	None	FOX-SRT - IOC - XServer/Agent - Possible XServer Start SOCKS5 Proxy mode - Sourcefire (IP=90,NL) FOX-SRT - IOC - XServer/Agent - Possible XServer Start SOCKS5 Proxy mode - Sourcefire (IP=90,NL)
89.248.172.90	24	RB	None	2021-06-12 00:00:00	2021-09-10 00:00:00	None	FOX-SRT - IOC - XServer/Agent - Possible XServer Start SOCKS5 Proxy mode - Sourcefire (IP=90,NL)
89.248.250.44	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	CZ TO-S-2021-0876 Hive Case 4166 Malware Activity
89.248.61.200	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	GB TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
89.248.96.102	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	ES TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
89.25.212.160	32	BMP	None	2021-08-08 00:00:00	2021-11-06 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6hr Failed Logons (IP=44,PL)
89.252.131.237	32	RB	None	2021-02-05 00:00:00	2021-05-05 00:00:00	None	FireEye IPS Nuclei Vulnerability Scanner (IP=237,TR)
89.252.160.34	32	dbc	None	2020-03-24 00:00:00	2021-03-24 00:00:00	None	TR TO-S-2020-0369 Malicious Email Activity
89.252.184.2	32	NAB	None	2020-10-30 00:00:00	2021-01-28 00:00:00	None	HIVE Case #4238 COLS-NA-TIP-20-0344 (IP=2,TR)
89.253.237.169	24	DT	None	2021-04-04 00:00:00	2021-07-03 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841)- 6hr Web Attacks (IP=169,RU)
89.255.62.105	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	NL Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
89.27.175.195	24	RB	None	2021-04-07 00:00:00	2021-07-06 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - Sourcefire (IP=195,BR)
89.28.48.88	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	MD TO-S-2021-0876 Hive Case 4166 Malicious Web Application Activity
89.29.221.111	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	ES TO-S-2020-0459 Malware Activity
89.29.221.111	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	ES TO-S-2020-0459 Malware Activity
89.3.215.27	24	DT	None	2021-01-28 00:00:00	2021-04-28 00:00:00	None	SSH User Authentication Brute Force Attempt - 6hr Failed Logons (IP=27,CN)
89.30.96.190	24	GM	None	2021-03-27 00:00:00	2021-06-25 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=190,FR)
89.31.57.5	32	tpr	None	2015-03-17 05:00:00	2021-06-07 00:00:00	None	corpslocks/TOR (ip=5, IT) | updated by jky with reason TO-S-2017-0381 GRIZZLY STEPPE indicators from JAR 16-20296A | updated by GM Block was inactive. Reactivated on 20210309 with reason HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability -
89.31.76.40	32	wmp	None	2020-09-22 00:00:00	2021-11-03 00:00:00	None	HIVE Case #3941 TO-S-2020-0821 COLS-NA-TIP-20-0298 (IP=40,IT) | updated by dbc Block expiration extended with reason IT Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
89.34.111.11	32	NAB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HIVE Case #5136 TO-S-21-1197 TO-S-21-1197.01 (IP=11,DE)
89.34.24.0	22	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	RO TO-S-2020-0331 Malware Activity
89.39.107.199	32	wmp	None	2021-01-19 00:00:00	2021-04-19 00:00:00	None	Suspicious Scan Activity (IP=199,NL)
89.39.246.25	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	HIVE Case #Firepower Firepower (IP=25,RO)
89.39.3.12	32	srm	None	2021-01-29 00:00:00	2021-04-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=12,RO)
89.39.83.123	24	GM	None	2021-03-27 00:00:00	2021-06-25 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=123,RO)
89.40.10.127	24	BB	None	2021-06-15 00:00:00	2021-09-12 00:00:00	None	Possible Cross-site Scripting Attack - FE IPS (IP=127,LT)
89.43.66.170	24	RR	None	2021-09-17 00:00:00	2021-12-20 00:00:00	None	Attempted Access - Inbound Brute Force - TT# 21C01880 (IP=170,TR)
89.44.9.43	24	WR	None	2021-06-23 00:00:00	2021-09-21 00:00:00	None	FOX-SRT - IOC - XServer/Agent - Possible XServer Start SOCKS5 Proxy mode (ProxyTransmit) (1:21002457:1) - Sourcefire Report (IP=43,FR)
89.45.46.116	32	wmp	None	2021-04-12 00:00:00	2021-07-12 00:00:00	None	McAfee IDS Suspicious Scan Activity (IP=116,NO)
89.45.46.116	24	RW	None	2021-04-11 00:00:00	2021-07-11 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt - Sourcefire (IP=116,NR)
89.47.167.147	24	AR	None	2021-06-26 00:00:00	2021-09-24 00:00:00	None	SQL injection - 6HR Web Attack (IP=147,LT)
89.56.176.183	24	RR	None	2020-12-23 00:00:00	2021-04-04 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - Web Attacks (IP=183,DE) | updated by RW Block expiration extended with reason HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - Web Attacks (
89.67.133.55	32	srm	None	2021-04-27 00:00:00	2021-07-26 00:00:00	None	Firepower Suspicious Scan Activity (IP=55,PL)
89.68.68.249	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	PL TO-S-2020-0298 Malicious Email Activity
89.97.171.162	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=162,IT)
8oggle.com	---	TLM	None	2021-06-15 00:00:00	2021-09-13 00:00:00	2023-01-19 22:57:26	HIVE Case #5605 TO-S-2021-1338
9.85.145.153	32	dbc	None	2020-06-10 00:00:00	2021-06-10 00:00:00	None	Unaffiliated TO-S-2020-0601 Malicious Email Activity
90.100.54.121	24	CR	None	2021-05-04 00:00:00	2021-08-04 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt_Sourcefire (IP=121,FR)
90.101.155.86	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	FR TO-S-2020-0459 Malware Activity
90.119.163.50	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	FR TO-S-2020-0459 Malware Activity
90.150.90.231	32	srm	None	2021-01-29 00:00:00	2021-04-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=231,RU)
90.154.70.0	23	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	RU TO-S-2020-0298 Malicious Email Activity
90.157.164.175	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=175,SI)
90.158.18.141	24	RR	None	2021-06-07 00:00:00	2021-09-05 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=141,TR)
90.160.63.10	24	RR	None	2021-02-27 00:00:00	2021-05-28 00:00:00	None	SERVER-WEBAPP JBoss JMX console access attempt - Web Attacks (IP=10,ES)
90.178.144.225	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	CZ Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
90.178.251.192	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	CZ TO-S-2020-0331 Malicious Web Application Activity
90.186.122.81	32	NAB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HIVE Case #5136 TO-S-21-1197 TO-S-21-1197.01 (IP=81,DE)
90.204.79.152	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	GB TO-S-2020-0298 Malicious Email Activity
90.213.192.224	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	GB Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
90.219.146.225	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	GB TO-S-2020-0298 Malicious Email Activity
90.220.196.169	24	EE	None	2021-02-07 00:00:00	2021-05-07 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt (1:28556:3) - SourceFire (IP=169,GB)
90.221.64.141	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	GB TO-S-2020-0298 Malicious Email Activity
90.222.105.91	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	GB TO-S-2020-0331 Malicious Web Application Activity
90.232.186.45	24	GM	None	2021-02-19 00:00:00	2021-05-19 00:00:00	None	SERVER-WEBAPP Ruby on Rails render file directory traversal attempt - Web Attacks (IP=45,SE)
90.35.14.194	24	DT	None	2020-11-07 00:00:00	2021-02-07 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - 6hr Web Attacks (IP=194,FR)
90.45.88.174	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	FR TO-S-2020-0459 Malware Activity
90.46.193.223	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	FR TO-S-2020-0459 Malware Activity
90.50.188.152	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	FR TO-S-2020-0303 Malicious Email Activity
90.51.111.223	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	FR TO-S-2020-0298 Malicious Email Activity
90.55.153.236	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	FR TO-S-2020-0459 Malware Activity
90.56.197.116	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	FR TO-S-2020-0298 Malicious Email Activity
90.63.143.92	24	RT	None	2021-09-14 00:00:00	2021-12-13 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt - 6HR WebAttack (IP=92,FR)
90.77.251.4	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	ES TO-S-2020-0331 Malicious Web Application Activity
90.84.184.72	24	GM	None	2021-03-09 00:00:00	2021-06-07 00:00:00	None	SERVER-WEBAPP LifeRay arbitrary Java object deserialization attempt - Web Attacks (IP=72,FR)
90.92.34.32	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	FR TO-S-2020-0459 Malware Activity
91.100.103.207	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	DK TO-S-2020-0331 Malicious Web Application Activity
91.102.165.66	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=66,TR)
91.103.219.220	32	wmp	None	2020-09-03 00:00:00	2021-11-03 00:00:00	None	HIVE Case #3770 TO-S-2020-0779 COLS-NA-TIP-20-0280 (IP=220,GB) | updated by dbc Block expiration extended with reason GB Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
91.103.219.222	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	GB TO-S-2020-0459 Malware Activity
91.103.77.202	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=202,RU)
91.105.184.133	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	RU Hive Case 4187 TO-S-2021-0898 Malicious Web Application Activity
91.106.193.120	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	SE TO-S-2020-0298 Malicious Email Activity
91.109.176.3	24	RR	None	2021-07-02 00:00:00	2021-09-30 00:00:00	None	SERVER-WEBAPP JBoss web console access attempt - SourceFire (IP=3,FR)
91.109.178.4	24	FT	None	2021-03-01 00:00:00	2021-06-27 00:00:00	None	SQL HTTP URI blind injection attempt - 6hr web attacks (IP=4,FR) | updated by RB Block expiration extended with reason HTTP: Blind SQL Injection - Timing (IP=4,FR)
91.109.182.10	24	RR	None	2021-03-29 00:00:00	2021-06-27 00:00:00	None	SERVER-OTHER OpenSSL TLSv1.1 heartbeat read overrun attempt -SourceFire (IP=10,FR)
91.109.184.6	24	EE	None	2021-04-15 00:00:00	2021-07-14 00:00:00	None	Self Report/URL string manipulation - TT# 21C01013 (IP=6,FR)
91.109.186.8	32	wmp	None	2021-03-01 00:00:00	2021-06-01 00:00:00	None	FireEye IPS Bash Remote Code Injection (IP=8,FR)
91.109.186.8	24	RR	None	2021-03-02 00:00:00	2021-05-31 00:00:00	None	SQL injection - Web Attacks (IP=8,FR)
91.109.188.8	24	RR	None	2021-03-29 00:00:00	2021-06-27 00:00:00	None	SERVER-WEBAPP JBoss web console access attempt -SourceFire (IP=8,FR)
91.109.190.6	24	EE	None	2021-03-15 00:00:00	2021-06-13 00:00:00	None	SQL injection - Web Attack (IP=6,FR)
91.109.197.189	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	IT TO-S-2020-0303 Malicious Email Activity
91.109.199.116	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	IT TO-S-2020-0303 Malicious Email Activity
91.109.200.0	21	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	RU Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
91.114.246.132	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	AT TO-S-2020-0331 Malicious Web Application Activity
91.116.138.211	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=211,ES)
91.118.154.109	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	AT Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
91.121.108.75	24	BMP	None	2021-04-02 00:00:00	2021-07-01 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=75,FR)
91.121.109.19	24	RW	None	2021-04-02 00:00:00	2021-07-02 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Sourcefire (IP=19,FR)
91.121.80.78	24	BMP	None	2021-05-29 00:00:00	2021-08-27 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr Web Attacks (IP=78,FR)
91.121.94.121	32	CW	None	2019-09-06 00:00:00	2021-02-05 00:00:00	None	Unauthorized Access Attempt-TT# 19C03141 (IP=21,FR) | updated by GM with reason TO-S-2020-0202//Sharkseer 19-2527 - 20C01163 (IP=121,US) | updated by dbc Block was inactive. Reactivated on 20200205 with reason FR TO-S-2020-0202 Sharkseer 19-2527 Malici
91.122.52.0	24	GL	None	2020-09-11 00:00:00	2021-12-10 00:00:00	None	HIVE Case #3859 CTR-20-1145 (IP=63,RU)
91.124.126.133	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=133,UA)
91.124.163.26	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=26,UA)
91.124.26.96	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	GB TO-S-2020-0303 Malicious Email Activity
91.126.192.185	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	ES TO-S-2020-0303 Malicious Email Activity
91.126.237.160	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	ES TO-S-2020-0493 Malware Activity
91.126.66.76	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=76,ES)
91.132.137.228	32	RW	None	2021-03-10 00:00:00	2021-06-10 00:00:00	None	SQL injection - 6hr web attacks (IP=228,US)
91.132.197.14	32	srm	None	2021-05-05 00:00:00	2021-08-03 00:00:00	None	Firepower Suspicious Scan Activity (IP=14,RU)
91.132.58.29	32	wmp	None	2021-05-27 00:00:00	2021-08-27 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=29,AU)
91.132.58.66	32	wmp	None	2021-06-14 00:00:00	2021-09-14 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=66,AU)
91.132.58.74	32	wmp	None	2021-06-29 00:00:00	2021-09-29 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=74,AU)
91.135.106.0	23	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	IL TO-S-2020-0303 Malicious Email Activity
91.136.144.39	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	DE TO-S-2020-0298 Malicious Email Activity
91.138.194.156	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	GR TO-S-2020-0459 Malware Activity
91.140.115.193	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	GR TO-S-2020-0331 Malicious Web Application Activity
91.140.24.207	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	GR TO-S-2020-0331 Malicious Web Application Activity
91.142.215.86	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	ES TO-S-2020-0459 Malware Activity
91.142.220.126	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	ES TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
91.142.220.126	32	NAB	None	2020-11-12 00:00:00	2021-02-10 00:00:00	None	HIVE Case #4301 COLS-NA-TIP-20-3049 (IP=126,ES)
91.144.249.132	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	DK Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
91.145.237.255	32	srm	None	2021-01-29 00:00:00	2021-04-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=255,UA)
91.147.207.18	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	HU TO-S-2020-0331 Malicious Web Application Activity
91.148.141.35	32	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5629 TO-S-2021-1303 (IP=35,BG)
91.148.177.146	24	WR	None	2021-06-27 00:00:00	2021-09-25 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (1:42857:3) - SourceFire (IP=146,BG)
91.149.225.131	32	GM	None	2021-03-09 00:00:00	2021-06-07 00:00:00	None	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00626 (IP=131,NO)
91.151.159.178	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	DE TO-S-2020-0298 Malicious Email Activity
91.163.206.48	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	FR TO-S-2020-0493 Malware Activity
91.166.234.114	24	DT	None	2021-04-24 00:00:00	2021-07-24 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - 6hr web attacks (IP=114,FR)
91.177.110.6	24	KH	None	2021-09-05 00:00:00	2021-12-04 00:00:00	None	Drupal Core CVE-2018-7600 Form Rendering Post_render RCE - FE IPS (IP=6,BE)
91.183.215.239	24	KH	None	2021-09-05 00:00:00	2021-12-04 00:00:00	None	Drupal Core CVE-2018-7600 Form Rendering Post_render RCE - FE IPS (IP=239,BE)
91.184.33.180	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	DE TO-S-2020-0750 Malicious Email Activity
91.185.50.81	24	BMP	None	2020-12-22 00:00:00	2021-03-22 00:00:00	None	FTP Login Failed - 6hr Failed Logons (IP=81,RU)
91.187.102.114	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	AL TO-S-2020-0298 Malicious Email Activity
91.187.102.28	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	RS TO-S-2020-0303 Malicious Email Activity
91.187.80.0	22	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	AD TO-S-2020-0315 Malicious Email Activity
91.188.105.18	32	srm	None	2021-04-26 00:00:00	2021-07-25 00:00:00	None	Firepower Suspicious Scan Activity (IP=18,PL)
91.188.158.74	24	GM	None	2020-11-05 00:00:00	2021-02-05 00:00:00	None	FTP Login Failed - Failed Logons (IP=74,UZ)
91.188.246.151	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	US TO-S-2020-0493 Malware Activity
91.190.232.0	21	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	RU TO-S-2020-0838 Malware Activity
91.191.209.26	32	wmp	None	2021-06-02 00:00:00	2021-09-02 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=26,BG)
91.192.100.61	24	RW	None	2021-05-08 00:00:00	2021-08-08 00:00:00	None	SSH User Authentication Brute Force Attempt - 6 hr failed logons (IP=61,CH)
91.192.103.10	32	GM	None	2021-03-09 00:00:00	2021-06-07 00:00:00	None	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00648 (IP=10,CH)
91.192.103.11	32	RR	None	2021-03-09 00:00:00	2021-06-07 00:00:00	None	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00605 (IP=11,CH)
91.192.103.16	32	DT	None	2021-03-14 00:00:00	2021-06-14 00:00:00	None	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00683 (IP=16,CH)
91.192.103.34	32	RR	None	2021-03-09 00:00:00	2021-06-07 00:00:00	None	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00603 (IP=34,CH)
91.192.192.157	32	TLM	None	2021-06-10 00:00:00	2021-12-10 00:00:00	None	HIVE CASE #5606 TO-S-2021-1338
91.192.244.0	22	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	RU Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
91.192.43.151	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	DE Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
91.192.43.153	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	DE Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
91.193.129.209	24	RW	None	2021-09-30 00:00:00	2021-12-29 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - Web Attacks (IP=209,UA)
91.193.240.0	22	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	RU TO-S-2020-0303 Malicious Email Activity
91.193.4.28	24	DT	None	2021-03-30 00:00:00	2021-06-28 00:00:00	None	SQL injection - Web Attacks (IP=28,CH)
91.193.75.0	24	dbc	None	2020-09-17 00:00:00	2021-09-17 00:00:00	None	RU TO-S-2020-0805 Malicious Web Application Activity
91.194.2.0	23	dbc	None	2020-06-08 00:00:00	2021-06-08 00:00:00	None	RU TO-S-2020-0592 Malicious Email Activity
91.194.50.0	23	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	UA Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
91.194.90.183	24	GM	None	2021-03-11 00:00:00	2021-06-11 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=183,DE)
91.194.90.183	24	GM	None	2021-03-11 00:00:00	2021-06-11 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=183,DE)
91.194.90.183	24	GM	None	2021-03-11 00:00:00	2021-06-11 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=183,DE)
91.195.240.13	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	DE TO-S-2020-0698 Malicious Email Activity
91.195.254.0	23	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	AM Hive Case 4237 TO-S-2021-0910 Malware Activity
91.195.98.0	23	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	RO TO-S-2020-0303 Malicious Email Activity
91.196.222.82	32	KD	None	2021-08-28 00:00:00	2021-11-26 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt (1:28556:3) - Sourcefire (IP=82,US)
91.197.228.236	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	GB TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
91.197.76.0	22	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	RU TO-S-2020-0303 Malicious Email Activity
91.198.137.0	24	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5637 TO-S-2021-1321 (IP=0,DE)
91.199.118.136	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	DE Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
91.199.118.137	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	DE Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
91.199.194.0	24	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	UA Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
91.199.197.0	24	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	RU TO-S-2020-0303 Malicious Email Activity
91.199.3.217	32	BMP	None	2021-01-26 00:00:00	2021-04-26 00:00:00	None	SQL injection - 6hr Web Attacks (IP=217,US)
91.200.102.213	32	dbc	None	2020-09-17 00:00:00	2021-09-17 00:00:00	None	DE TO-S-2020-0805 Malware Activity
91.200.112.0	22	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	GB TO-S-2020-0303 Malicious Email Activity
91.200.223.114	24	BMP	None	2021-03-27 00:00:00	2021-06-25 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - 6hr Web Attacks (IP=114,UA)
91.200.40.0	24	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	UA TO-S-2020-0750 Malicious Email Activity
91.200.52.0	22	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	UA Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
91.202.14.176	24	KD	None	2021-06-08 00:00:00	2021-09-07 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2)- Web Attacks (IP=176,RU)
91.202.14.176	24	KD	None	2021-06-08 00:00:00	2021-09-07 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability- Web Attacks (IP=176,RU)
91.203.196.0	22	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	RU Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
91.203.68.0	22	dbc	None	2020-04-08 00:00:00	2021-04-08 00:00:00	None	LV TO-S-2020-0419 Malware Activity
91.204.12.0	22	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	UA Hive Case 4237 TO-S-2021-0910 Malware Activity
91.204.14.122	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	US TO-S-2020-0493 Malware Activity
91.205.173.252	24	RR	None	2021-05-30 00:00:00	2021-08-28 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=252,DE)
91.205.173.252	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=252,DE)
91.206.15.85	32	nab	None	2021-01-06 00:00:00	2021-04-06 00:00:00	None	HIVE Case #NA Web Server Port scanning (IP=85,RU)
91.207.158.118	32	dbc	None	2020-09-23 00:00:00	2021-09-23 00:00:00	None	NO TO-S-2020-0826 Hive Case 3950 Malicious Email Activity
91.207.174.66	24	RW	None	2021-02-02 00:00:00	2021-05-02 00:00:00	None	SERVER-WEBAPP JBoss admin-console access - 6hr web attacks (IP=66,JP)
91.207.175.100	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	US TO-S-2020-0493 Malware Activity
91.207.175.154	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
91.207.185.120	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	PL TO-S-2020-0303 Malicious Email Activity
91.207.185.93	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	PL Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
91.207.249.7	32	dbc	None	2020-05-22 00:00:00	2021-05-27 00:00:00	None	Unafilliated TO-S-2020-0559 Malicious Email Activity | updated by dbc Block expiration extended with reason Unafilliated TO-S-2020-0559.01 Malicious Email Activity
91.208.180.0	24	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	CH TO-S-2020-0322 Malware Activity
91.208.4.0	24	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	SA TO-S-2020-0535 Malware Activity
91.208.99.2	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	GB TO-S-2020-0459 Malware Activity
91.209.54.0	24	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	UA TO-S-2020-0298 Malicious Email Activity
91.209.6.111	32	dbc	None	2020-06-08 00:00:00	2021-06-08 00:00:00	None	Unafiliated TO-S-2020-0592 Malicious Email Activity
91.210.168.0	22	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	RU Hive Case 4187 TO-S-2021-0898 Malware Activity
91.211.178.0	24	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	UA Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
91.211.212.0	22	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,UA)
91.211.44.0	22	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	RU Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
91.211.88.0	24	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	GB TO-S-2021-0876 Hive Case 4166 Malware Activity
91.211.91.92	24	RW	None	2021-06-24 00:00:00	2021-09-24 00:00:00	None	Callback IP identified in MAS - Hive Case 5551 (IP=92,UA)
91.212.59.21	24	BMP	None	2021-03-30 00:00:00	2021-06-28 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - 6hr Web Attacks (IP=21,RO)
91.213.59.0	24	TLM	None	2021-06-10 00:00:00	2021-12-10 00:00:00	None	HIVE CASE #5606 TO-S-2021-1338
91.214.111.28	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	NL TO-S-2020-0331 Malicious Email Activity
91.215.120.0	22	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	RU Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
91.215.56.0	22	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	UA Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
91.215.79.23	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=23,RU)
91.216.107.112	32	NAB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HIVE Case #5136 TO-S-21-1197 TO-S-21-1197.01 (IP=112,FR)
91.216.107.151	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	FR TO-S-2020-0459 Malware Activity
91.216.107.155	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	FR TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
91.216.107.155	32	NAB	None	2020-11-12 00:00:00	2021-02-10 00:00:00	None	HIVE Case #4299 COLS-NA-TIP-20-0348 (IP=155,FR)
91.216.248.22	32	wmp	None	2020-06-19 00:00:00	2021-08-24 00:00:00	None	HIVE Case #3038 CTO-20-168 (IP=22,DE) | updated by dbc Block expiration extended with reason DE TO-S-2020-0750 Malicious Email Activity
91.216.91.119	32	dbc	None	2020-09-23 00:00:00	2021-09-23 00:00:00	None	TR TO-S-2020-0826 Hive Case 3950 Malicious Service Distruption Activity
91.217.104.185	32	srm	None	2021-01-29 00:00:00	2021-04-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=185,PL)
91.217.179.0	24	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	GB TO-S-2020-0303 Malicious Email Activity
91.217.62.0	23	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	RU TO-S-2020-0331 Malicious Web Application Activity
91.218.12.0	22	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	GB TO-S-2020-0303 Malicious Email Activity
91.218.203.59	32	RW	None	2021-03-10 00:00:00	2021-06-10 00:00:00	None	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00664 (IP=59,PL)
91.218.208.252	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	PL Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
91.218.228.0	22	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	RU TO-S-2020-0535 Malware Activity
91.218.247.0	24	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	RU Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
91.219.168.0	24	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	UA TO-S-2020-0331 Malicious Web Application Activity
91.219.168.0	22	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	GB TO-S-2021-0876 Hive Case 4166 Malware Activity
91.219.188.0	22	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	RU TO-S-2020-0750 Malicious Email Activity
91.219.209.139	32	NAB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HIVE Case #5136 TO-S-21-1197 TO-S-21-1197.01 (IP=139,PL)
91.219.212.206	32	GM	None	2021-02-20 00:00:00	2021-05-21 00:00:00	None	SERVER-WEBAPP Ruby on Rails render file directory traversal attempt - Sourcefire (IP=206,US)
91.219.237.36	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	Unaffiliated TO-S-2020-0698 Malicious Email Activity
91.219.239.41	24	RB	None	2021-05-15 00:00:00	2021-08-13 00:00:00	None	SQL injection - 6hr web attacks (IP=41,HU)
91.220.203.197	32	NAB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HIVE Case #5136 TO-S-21-1197 TO-S-21-1197.01 (IP=197,US)
91.220.203.86	32	NAB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HIVE Case #5136 TO-S-21-1197 TO-S-21-1197.01 (IP=86,US)
91.221.176.0	23	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	RU TO-S-2020-0303 Malicious Email Activity
91.221.200.0	23	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=0,RU)
91.221.56.0	23	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	RU Hive Case 4237 TO-S-2021-0910 Malware Activity
91.222.236.0	22	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	RU Hive Case 4237 TO-S-2021-0910 Malware Activity
91.222.251.229	32	jkc	None	2020-06-26 00:00:00	2021-06-26 00:00:00	None	Case # 3146 - IOC_ CTO 20-172 malicious callback IP (ip=229,UA)
91.222.76.0	22	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	GB TO-S-2021-0876 Hive Case 4166 Malware Activity
91.223.3.29	24	BMP	None	2021-05-14 00:00:00	2021-08-12 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt (1:28556:3) - SourceFire (IP=29,DE)
91.223.3.82	32	wmp	None	2021-04-26 00:00:00	2021-07-26 00:00:00	None	McAfee IDS Report Suspicious Scan Activity (IP=82,DE)
91.224.152.230	24	FT	None	2021-03-14 00:00:00	2021-06-14 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=230,GB)
91.224.182.0	23	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	RU Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
91.224.22.153	32	dbc	None	2020-05-13 00:00:00	2021-05-13 00:00:00	None	Unaffiliated TO-S-2020-0503 Malicious Email Activity
91.224.234.0	23	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	RU Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
91.224.76.0	23	jkc	None	2021-04-21 00:00:00	2021-10-21 00:00:00	None	Case # 5273 IOC_TO-S-2021-1233 Malicious callback IP
91.225.22.45	24	WR	None	2021-06-26 00:00:00	2021-09-24 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6HR Web Attack (IP=45,RU)
91.226.128.0	22	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	RU TO-S-2020-0303 Malicious Email Activity
91.226.172.0	22	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	RU TO-S-2020-0303 Malicious Email Activity
91.227.190.0	23	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	RU TO-S-2020-0331 Malicious Web Application Activity
91.227.44.0	22	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	RU TO-S-2020-0298 Malicious Email Activity
91.227.6.50	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=50,TR)
91.227.69.108	24	RB	None	2021-04-10 00:00:00	2021-08-22 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr web attacks (IP=108,UA) | updated by BMP Block expiration extended with reason HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=108,UA) | up
91.228.139.2	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	PL TO-S-2020-0303 Malicious Email Activity
91.228.218.0	24	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	GB TO-S-2020-0303 Malicious Reconnaissance Activity
91.229.112.0	24	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,RU)
91.229.196.0	22	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	RU TO-S-2020-0298 Malicious Email Activity
91.229.252.0	22	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	CZ TO-S-2020-0535 Malicious Email Activity
91.230.192.113	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	BG TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
91.230.195.25	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	BG TO-S-2020-0535 Malicious Email Activity
91.231.140.161	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=161,PL)
91.231.43.217	24	RB	None	2021-02-26 00:00:00	2021-05-27 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6hr Failed Logons (IP=217,UA)
91.232.30.254	24	EE	None	2020-12-11 00:00:00	2021-03-11 00:00:00	None	POLICY-OTHER Adobe ColdFusion admin interface access attempt - 6 Hr Web Attacks (IP=254,UP)
91.233.164.0	22	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	RU TO-S-2020-0303 Malicious Email Activity
91.233.187.202	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	PL TO-S-2020-0303 Malicious Email Activity
91.233.239.0	24	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	RU Hive Case 4187 TO-S-2021-0898 Malware Activity
91.234.164.0	22	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	RU TO-S-2020-0298 Malicious Email Activity
91.234.194.177	32	kmw	None	2020-01-02 00:00:00	2021-01-02 00:00:00	None	FR TO-S-2020-0228 Malicious Email Activity
91.234.194.88	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	FR Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
91.234.46.0	24	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	HR TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
91.234.46.205	32	wmp	None	2020-09-15 00:00:00	2021-10-21 00:00:00	None	HIVE Case #3853 TO-S-2020-0804 COLS-NA-TIP-20-0291 (IP=205,HR) | updated by dbc Block expiration extended with reason HR TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
91.234.46.213	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	HR TO-S-2020-0750 Malicious Email Activity
91.234.60.0	22	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,RU)
91.235.128.0	23	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	GB TO-S-2020-0315 Malicious Web Application Activity
91.235.145.226	24	BMP	None	2021-01-19 00:00:00	2021-04-19 00:00:00	None	FTP Login Failed - 6hr Failed Logons (IP=226,RU)
91.236.114.0	24	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	GB TO-S-2020-0303 Malicious Email Activity
91.236.177.162	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	HIVE Case #Firepower Firepower (IP=162,RU)
91.237.161.153	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	PL TO-S-2020-0298 Malicious Email Activity
91.237.71.0	24	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5637 TO-S-2021-1321 (IP=0,PL)
91.237.88.232	32	NAB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HIVE Case #5136 TO-S-21-1197 TO-S-21-1197.01 (IP=232,DE)
91.238.200.0	23	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	RU Hive Case 4187 TO-S-2021-0898 Malware Activity
91.238.24.0	22	TLM	None	2021-06-10 00:00:00	2021-12-10 00:00:00	None	HIVE CASE #5606 TO-S-2021-1338
91.239.130.30	32	wmp	None	2021-04-16 00:00:00	2021-07-16 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=30,DE)
91.239.206.0	23	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	GE Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
91.239.234.18	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	UA Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
91.239.235.0	24	dbc	None	2020-04-08 00:00:00	2021-04-08 00:00:00	None	GB TO-S-2020-0419 Malicious Email Activity
91.239.248.0	22	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	PL TO-S-2020-0331 Malicious Web Application Activity
91.240.124.0	22	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	RU TO-S-2020-0298 Malicious Email Activity
91.240.18.0	24	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	CH TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
91.240.216.42	32	wmp	None	2020-09-15 00:00:00	2021-10-21 00:00:00	None	HIVE Case #3853 TO-S-2020-0804 COLS-NA-TIP-20-0291 (IP=42,SI) | updated by dbc Block expiration extended with reason SI TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
91.241.150.95	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	GB TO-S-2020-0303 Malicious Email Activity
91.241.19.0	24	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	RU TO-S-2020-0322 Malware Activity
91.241.19.187	32	wmp	None	2021-05-21 00:00:00	2021-08-21 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=187,RU)
91.242.83.219	24	WR	None	2021-06-23 00:00:00	2021-09-21 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (1:42857:3) - Sourcefire Report (IP=219,MD)
91.243.117.224	24	EE	None	2021-03-19 00:00:00	2021-06-17 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attack (IP=224,RU)
91.243.229.170	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	RU TO-S-2020-0298 Malicious Email Activity
91.243.89.174	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	US TO-S-2020-0493 Malware Activity
91.244.72.0	21	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	RU TO-S-2020-0298 Malicious Email Activity
91.245.227.152	24	RB	None	2021-03-30 00:00:00	2021-06-28 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Sourcefire (IP=152,RU)
91.52.99.131	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	DE Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
91.58.133.108	24	GM	None	2020-11-29 00:00:00	2021-03-01 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - Web Attacks (IP=108,DE)
91.65.139.131	24	BB	None	2021-09-26 00:00:00	2021-12-25 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - Web Attacks (IP=131,DE)
91.72.192.0	19	TLM	None	2021-06-17 00:00:00	2021-12-17 00:00:00	None	HIVE Case #5644 TO-S-2021-1352 (IP=0,AE)
91.73.160.0	19	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	AE Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
91.76.149.239	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	RU Hive Case 4187 TO-S-2021-0898 Malicious Web Application Activity
91.76.15.222	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	RU TO-S-2020-0535 Malware Activity
91.77.15.10	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	RU TO-S-2020-0298 Malicious Email Activity
91.80.132.45	24	GM	None	2020-11-28 00:00:00	2021-02-28 00:00:00	None	Generic URI Injection wget Attempt - FireEye CMS (IP=45,IT)
91.82.232.249	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	HU Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
91.83.84.99	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	HU TO-S-2020-0303 Malicious Email Activity
91.88.83.76	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	FR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
91.90.224.179	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	US TO-S-2020-0303 Malicious Email Activity
91.92.109.70	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	BG Hive Case 4237 TO-S-2021-0910 Malware Activity
91.92.111.101	32	kmw	None	2020-01-02 00:00:00	2021-01-02 00:00:00	None	BG TO-S-2020-0228 Malicious Email Activity
91.92.114.0	24	jkc	None	2021-04-21 00:00:00	2021-10-21 00:00:00	None	Case # 5273 IOC_TO-S-2021-1233 Malicious callback IP
91.92.121.0	24	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	IR TO-S-2020-0331 Malware Activity
91.92.132.0	22	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,IR)
91.92.144.67	24	EE	None	2021-03-27 00:00:00	2021-06-25 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=67,BG)
91.92.204.0	22	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	IR TO-S-2020-0298 Malicious Email Activity
91.92.64.0	22	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	BG TO-S-2020-0535 Malware Activity
91.92.81.0	24	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	BG TO-S-2020-0331 Malicious Web Application Activity
91.92.85.71	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	BG Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
91.93.66.222	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	TR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
92.108.72.109	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	NL TO-S-2020-0459 Malware Activity
92.11.248.165	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	GB TO-S-2020-0331 Malicious Web Application Activity
92.118.160.0	22	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	LT TO-S-2020-0298 Malicious Email Activity
92.118.160.0	24	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	LT TO-S-2020-0298 Malicious Email Activity
92.118.160.13	24	CR	None	2021-05-11 00:00:00	2021-08-11 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=13,LT)
92.118.160.17	24	CR	None	2021-05-11 00:00:00	2021-08-11 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=17,LT)
92.118.160.25	32	srm	None	2021-05-11 00:00:00	2021-08-09 00:00:00	None	Firepower Suspicious Scan Activity (IP=25,LT)
92.118.160.29	32	srm	None	2021-05-11 00:00:00	2021-08-09 00:00:00	None	Firepower Suspicious Scan Activity (IP=29,LT)
92.118.160.33	24	CR	None	2021-05-11 00:00:00	2021-08-11 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=33,LT)
92.118.160.37	24	CR	None	2021-05-11 00:00:00	2021-08-11 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=37,LT)
92.118.160.41	24	CR	None	2021-05-11 00:00:00	2021-08-11 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=41,LT)
92.118.160.5	24	CR	None	2021-05-11 00:00:00	2021-08-12 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=5,LT) | updated by BMP Block expiration extended with reason INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire (IP=5,LT)
92.118.160.5	24	BMP	None	2021-05-14 00:00:00	2021-08-12 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=5,LT) | updated by BMP Block expiration extended with reason INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire (IP=5,LT)
92.118.160.53	32	srm	None	2021-05-11 00:00:00	2021-08-09 00:00:00	None	Firepower Suspicious Scan Activity (IP=53,LT)
92.118.160.57	24	CR	None	2021-05-11 00:00:00	2021-08-11 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=57,LT)
92.118.160.9	24	CR	None	2021-05-11 00:00:00	2021-08-11 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=9,LT)
92.118.161.13	32	srm	None	2021-05-11 00:00:00	2021-08-09 00:00:00	None	Firepower Suspicious Scan Activity (IP=13,LT)
92.118.161.21	32	srm	None	2021-05-11 00:00:00	2021-08-09 00:00:00	None	Firepower Suspicious Scan Activity (IP=21,LT)
92.118.161.25	32	srm	None	2021-05-11 00:00:00	2021-08-09 00:00:00	None	Firepower Suspicious Scan Activity (IP=25,LT)
92.118.161.29	24	BMP	None	2021-05-14 00:00:00	2021-08-12 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire (IP=29,LT)
92.118.161.33	32	srm	None	2021-05-11 00:00:00	2021-08-09 00:00:00	None	Firepower Suspicious Scan Activity (IP=33,LT)
92.118.161.37	32	srm	None	2021-05-11 00:00:00	2021-08-09 00:00:00	None	Firepower Suspicious Scan Activity (IP=37,LT)
92.118.161.41	32	srm	None	2021-05-11 00:00:00	2021-08-09 00:00:00	None	Firepower Suspicious Scan Activity (IP=41,LT)
92.118.161.5	32	srm	None	2021-05-11 00:00:00	2021-08-09 00:00:00	None	Firepower Suspicious Scan Activity (IP=5,LT)
92.118.161.53	32	srm	None	2021-05-11 00:00:00	2021-08-09 00:00:00	None	Firepower Suspicious Scan Activity (IP=53,LT)
92.118.36.0	22	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	RO TO-S-2020-0331 Malware Activity
92.118.38.37	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	GB TO-S-2020-0298 Malicious Email Activity
92.118.38.53	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	GB TO-S-2020-0298 Malicious Email Activity
92.119.230.69	24	GL	None	2020-10-09 00:00:00	2021-01-07 00:00:00	None	HIVE Case #4099 CTO 2020-282 (IP=69,RU)
92.124.148.142	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=142,RU)
92.124.148.205	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	RU Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
92.126.197.108	24	RR	None	2020-06-03 00:00:00	2021-08-29 00:00:00	None	HTTP: SQL Injection Attempt Detected - Web Attacks (IP=108,RU) | updated by RR Block was inactive. Reactivated on 20210531 with reason HTTP: Detect PHP-CGI Remote code Execution vulnerability - Web Attacks (IP=108,RU)
92.126.211.33	32	FT	None	2020-10-04 00:00:00	2021-01-04 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 21C00025 (IP=33,RU)
92.137.213.53	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	FR TO-S-2020-0459 Malware Activity
92.139.194.232	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	FR TO-S-2020-0459 Malware Activity
92.151.66.147	32	dbc	None	2020-06-04 00:00:00	2021-06-04 00:00:00	None	FR TO-S-2020-0587 Malicious Email Activity
92.157.42.18	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	FR TO-S-2020-0331 Malicious Web Application Activity
92.17.111.124	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	GB TO-S-2020-0298 Malicious Email Activity
92.184.116.56	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	FR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
92.189.247.36	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	ES TO-S-2020-0303 Malicious Email Activity
92.19.243.177	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	GB TO-S-2020-0459 Malware Activity
92.204.137.186	32	TLM	None	2021-07-29 00:00:00	2021-10-27 00:00:00	None	HIVE Case #5884 TO-S-2021-1435 (IP=186,US)
92.204.218.251	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	DE TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
92.204.219.2	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	DE TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
92.204.50.184	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	FR TO-S-2021-1007 Malware Activity
92.204.68.22	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	DE TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
92.205.11.172	32	NAB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HIVE Case #5136 TO-S-21-1197 TO-S-21-1197.01 (IP=172,FR)
92.205.15.114	32	NAB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HIVE Case #5136 TO-S-21-1197 TO-S-21-1197.01 (IP=114,FR)
92.205.4.117	32	NAB	None	2021-04-05 00:00:00	2021-07-04 00:00:00	None	HIVE Case #5201 TO-S-21-1209 (IP=117,FR)
92.217.190.144	24	EE	None	2021-03-27 00:00:00	2021-06-25 00:00:00	None	SERVER-WEBAPP JBoss JMX console access attempt (1:21516:9) - SourceFire (IP=144,DE)
92.222.139.190	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	FR TO-S-2021-1007 Malicious Email Activity
92.222.216.202	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	FR TO-S-2020-0459 Malware Activity
92.222.235.185	32	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5637 TO-S-2021-1321 (IP=185,FR)
92.222.45.214	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	FR TO-S-2020-0493 Malware Activity
92.223.209.68	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=68,IT)
92.223.88.17	24	FT	None	2021-04-24 00:00:00	2021-07-24 00:00:00	None	PROTOCOL-DNS DNS query amplification attempt (1:28556:3) - Sourcefire (IP=17,LU)
92.223.89.193	32	GM	None	2021-01-05 00:00:00	2021-04-05 00:00:00	None	Self Report/ASPNET AJAX - TT # 21C00383 (IP=193,LU)
92.223.89.199	24	UA	None	2021-09-30 00:00:00	2021-12-29 00:00:00	None	Self Report/Cold Fusion Error - TT# 21C02017 (IP=199,LU)
92.226.105.220	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	DE TO-S-2020-0298 Malware Activity
92.235.16.191	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	IE TO-S-2020-0331 Malicious Web Application Activity
92.241.78.114	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	GE TO-S-2020-0298 Malicious Email Activity
92.241.89.114	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	US TO-S-2020-0303 Malicious Email Activity
92.243.19.233	32	NAB	None	2021-01-07 00:00:00	2021-11-25 00:00:00	None	HIVE Case #NA FP Security (IP=233,FR) | updated by NAB Block was inactive. Reactivated on 20210525 with reason HIVE Case #NA FP Security (IP=233,FR)
92.243.28.188	24	RR	None	2021-03-29 00:00:00	2021-06-28 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt -SourceFire (IP=188,FR) | updated by BMP Block expiration extended with reason SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=188,FR)
92.245.176.29	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	IT TO-S-2020-0303 Malicious Email Activity
92.246.128.0	20	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	RU TO-S-2020-0331 Malicious Web Application Activity
92.246.144.0	22	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	IR TO-S-2020-0298 Malicious Email Activity
92.246.76.0	22	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	RU TO-S-2020-0331 Command and Control Exploit
92.246.84.133	32	GM	None	2021-03-09 00:00:00	2021-06-07 00:00:00	None	HTTP: Microsoft SharePoint XSS in Scriptresx.ashx Vulnerability - TT# 21C00654 (IP=133,DE)
92.246.84.210	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	DE Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
92.247.114.98	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	BG Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
92.249.44.72	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	US TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
92.249.45.14	32	dbc	None	2020-03-24 00:00:00	2021-03-24 00:00:00	None	US TO-S-2020-0369 Malicious Email Activity
92.249.45.151	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	DE Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
92.253.104.100	24	RR	None	2021-05-12 00:00:00	2021-08-10 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=100,JO)
92.255.57.161	32	BB	None	2021-09-26 00:00:00	2021-12-25 00:00:00	None	- TT# 21C01957 (IP=161,US)
92.255.57.161	32	BB	None	2021-09-26 00:00:00	2021-12-25 00:00:00	None	- TT# 21C01957 (IP=161,US)
92.255.57.161	32	BB	None	2021-09-26 00:00:00	2021-12-25 00:00:00	None	- TT# 21C01957 (IP=161,US)
92.255.57.161	32	BB	None	2021-09-26 00:00:00	2021-12-25 00:00:00	None	- TT# 21C01957 (IP=161,US)
92.255.57.161	32	BB	None	2021-09-26 00:00:00	2021-12-25 00:00:00	None	- TT# 21C01957 (IP=161,US)
92.255.57.161	32	BB	None	2021-09-26 00:00:00	2021-12-25 00:00:00	None	- TT# 21C01957 (IP=161,US)
92.26.36.110	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	GB TO-S-2020-0303 Malicious Email Activity
92.26.49.149	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	GB TO-S-2020-0303 Malicious Email Activity
92.27.28.87	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	GB TO-S-2020-0303 Malicious Email Activity
92.29.250.236	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	GB TO-S-2020-0303 Malicious Email Activity
92.30.167.175	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	GB TO-S-2020-0331 Malicious Web Application Activity
92.33.207.146	24	RR	None	2021-03-26 00:00:00	2021-09-14 00:00:00	None	SERVER-WEBAPP Oracle Business Intelligence directory traversal attempt (1:49967:2) - SourceFire (IP=146,SW) | updated by KD Block expiration extended with reason SERVER-WEBAPP Java XML deserialization remote code execution attempt (1:44315:3)- Source fi
92.35.118.14	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	SE TO-S-2020-0535 Malware Activity
92.37.142.215	24	BMP	None	2020-11-03 00:00:00	2021-02-03 00:00:00	None	FTP Login Failed - 6hr Failed Logon (IP=215,RU)
92.37.216.0	21	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	RU TO-S-2020-0331 Malicious Web Application Activity
92.38.171.133	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	US Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
92.38.171.186	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	ES TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
92.38.178.141	32	wmp	None	2020-09-22 00:00:00	2021-11-03 00:00:00	None	HIVE Case #3941 TO-S-2020-0821 COLS-NA-TIP-20-0298 (IP=141,JP) | updated by dbc Block expiration extended with reason JP Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
92.38.192.0	20	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	RU TO-S-2020-0750 Malicious Email Activity
92.39.104.0	21	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	RU TO-S-2020-0331 Malicious Web Application Activity
92.39.128.0	21	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	RU TO-S-2020-0331 Command and Control Exploit
92.44.4.196	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	TR TO-S-2020-0298 Malicious Email Activity
92.50.225.230	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	RU Hive Case 4187 TO-S-2021-0898 Malware Activity
92.51.72.0	21	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	GE Hive Case 4187 TO-S-2021-0898 Malware Activity
92.52.254.99	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	HU Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
92.54.237.196	32	srm	None	2021-01-29 00:00:00	2021-04-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=196,GE)
92.54.237.74	32	srm	None	2021-01-29 00:00:00	2021-04-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=74,GE)
92.57.56.0	21	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	ES TO-S-2020-0331 Malicious Web Application Activity
92.58.218.36	32	wmp	None	2020-08-20 00:00:00	2021-10-08 00:00:00	None	HIVE Case #3601 COLS-NA-TIP-20-0260 (IP=36,ES) | updated by dbc Block expiration extended with reason HIVE Case #4064 TO-S-2020-0859 (IP=36,ES)
92.60.224.0	20	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	RS TO-S-2020-0459 Malware Activity
92.61.37.0	24	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	LT Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
92.61.91.138	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	CZ TO-S-2020-0303 Malicious Email Activity
92.62.69.0	24	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	KG TO-S-2020-0331 Malicious Web Application Activity
92.63.172.10	32	wmp	None	2020-08-20 00:00:00	2021-10-08 00:00:00	None	HIVE Case #3601 COLS-NA-TIP-20-0260 (IP=10,NL) | updated by dbc Block expiration extended with reason HIVE Case #4064 TO-S-2020-0859 (IP=10,NL)
92.63.197.59	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=59,RU)
92.63.98.30	32	NAB	None	2020-10-30 00:00:00	2021-01-28 00:00:00	None	HIVE Case #4238 COLS-NA-TIP-20-0344 (IP=30,RU)
92.65.99.218	24	BMP	None	2021-02-24 00:00:00	2021-06-24 00:00:00	None	CitrixNetScalerGateway - Hive Case 4971 (IP=218,NL)
92.7.247.74	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	GB TO-S-2020-0298 Malicious Email Activity
92.75.176.234	24	FT	None	2021-03-30 00:00:00	2021-06-28 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=234,DE)
92.8.180.218	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	GB TO-S-2020-0303 Malicious Email Activity
92.84.53.184	24	Rw	None	2021-05-10 00:00:00	2021-08-10 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - 6 hr failed logons (IP=184,RO)
92.87.29.204	24	FT	None	2021-04-10 00:00:00	2021-07-09 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr web attacks (IP=204,RO)
9266622710.adollarchange.com	---	TLM	None	2021-06-15 00:00:00	2021-09-13 00:00:00	2023-01-19 22:57:32	HIVE Case #5605 TO-S-2021-1338
93.1.119.200	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	FR TO-S-2020-0493 Malware Activity
93.1.197.121	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	FR TO-S-2020-0303 Malicious Email Activity
93.103.43.92	24	KH	None	2021-07-27 00:00:00	2021-10-25 00:00:00	None	Nmap Scanner Traffic Detected - FE IPS (IP=92,SI)
93.104.208.65	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	DE Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
93.104.208.99	24	ZH	None	2021-09-15 00:00:00	2021-12-14 00:00:00	None	HTTP: Apache Struts ConversionErrorInterceptor OGNL Script - TT# 21C01857 (IP=99,DE)
93.105.178.123	24	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=123,PL)
93.105.72.140	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	PL TO-S-2020-0303 Malicious Email Activity
93.112.19.73	24	FT	None	2020-12-31 00:00:00	2021-03-31 00:00:00	None	SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 command injection attempt - 6hr Web attacks (IP=73,SA)
93.112.245.167	24	RR	None	2021-08-20 00:00:00	2021-11-18 00:00:00	None	INDICATOR-OBFUSCATION select concat statement - possible sql injection - SourceFire (IP=167,SA)
93.112.35.95	24	GM	None	2021-03-11 00:00:00	2021-06-11 00:00:00	None	SERVER-WEBAPP LifeRay arbitrary Java object deserialization attempt - Web Attacks (IP=95,SA)
93.112.44.36	24	RR	None	2021-03-29 00:00:00	2021-06-28 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=36,SA) | updated by RB Block expiration extended with reason HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr web attacks (IP=36,SA)
93.113.110.111	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	US TO-S-2020-0303 Malicious Email Activity
93.113.111.100	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	GB TO-S-2020-0493 Malware Activity
93.113.63.58	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	TR TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
93.114.86.226	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	GB TO-S-2020-0493 Malware Activity
93.115.18.213	24	FT	None	2020-08-31 00:00:00	2021-08-14 00:00:00	None	HTTP: SQL Injection Exploit II - 6hr web attacks (IP=213,NL) | updated by RR Block expiration extended with reason SERVER-WEBAPP JBoss JMXInvokerServlet access attempt - SourceFire (IP=213,NL) | updated by RB Block was inactive. Reactivated on 2021051
93.115.19.164	24	KH	None	2021-07-16 00:00:00	2021-10-14 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6 hr web attacks (IP=164,RO)
93.115.19.169	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=169,RO)
93.115.209.0	24	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	OM Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
93.115.28.161	24	EE	None	2021-07-01 00:00:00	2021-09-29 00:00:00	None	HIVE Case #5743 IOC_ Russian GRU Conducting Global Brute Force (IP=161,LT)
93.115.35.138	24	EE	None	2021-02-15 00:00:00	2021-05-15 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6 HR Web Attacks (IP=138,AU)
93.115.79.25	24	GM	None	2020-11-29 00:00:00	2021-03-01 00:00:00	None	HTTP: SQL Injection - Exploit II - Web Attacks (IP=25,TR)
93.115.80.0	21	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	OM Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
93.123.127.91	24	WR	None	2021-06-23 00:00:00	2021-09-21 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (1:42857:3) - Sourcefire Report (IP=91,BG)
93.124.15.87	32	jkc	None	2020-06-26 00:00:00	2021-06-26 00:00:00	None	Case # 3146 - IOC_ CTO 20-172 malicious callback IP (ip=87,RU)
93.124.45.179	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	RU TO-S-2020-0298 Malicious Email Activity
93.124.54.130	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	RU Hive Case 4187 TO-S-2021-0898 Malicious Web Application Activity
93.140.22.156	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	HR TO-S-2020-0303 Malicious Email Activity
93.145.205.130	24	DT	None	2021-09-06 00:00:00	2021-12-05 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt - Web Attacks (IP=130,IT)
93.146.44.167	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	IT TO-S-2020-0459 Malware Activity
93.147.212.206	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	IT TO-S-2021-0876 Hive Case 4166 Malware Activity
93.147.241.181	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	IT Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
93.147.41.190	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	IT TO-S-2020-0303 Malicious Email Activity
93.147.99.158	24	ZH	None	2021-07-15 00:00:00	2021-10-13 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - 6hr Web Attacks (IP=158,IT)
93.150.95.104	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	IT TO-S-2020-0303 Malicious Email Activity
93.153.250.198	24	BMP	None	2021-06-02 00:00:00	2021-08-31 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - 6hr Web Attacks (IP=198,RU)
93.157.181.83	24	UA	None	2021-07-21 00:00:00	2021-10-19 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - Failed Logins (IP=83,KZ)
93.157.248.0	21	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,RU)
93.157.62.192	32	NAB	None	2020-10-30 00:00:00	2021-01-28 00:00:00	None	HIVE Case #4238 COLS-NA-TIP-20-0344 (IP=192,RU)
93.158.66.41	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=41,SE)
93.158.66.42	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=42,SE)
93.158.66.43	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=43,SE)
93.158.66.44	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=44,SE)
93.158.66.45	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=45,SE)
93.158.66.46	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=46,SE)
93.158.66.47	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=47,SE)
93.158.66.48	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=48,SE)
93.159.141.165	32	srm	None	2021-01-29 00:00:00	2021-04-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=165,PL)
93.166.11.32	32	RW	None	2019-10-23 00:00:00	2021-02-14 00:00:00	None	Web scanning IP block - TT# 20C00567 (IP=32,US) | updated by dbc Block was inactive. Reactivated on 20200214 with reason DK TO-S-2020-0298 Malware Activity
93.169.238.153	24	CR	None	2021-06-29 00:00:00	2021-09-27 00:00:00	None	ESM High Attacker Suspicious Scan Activity (IP=153,SA)
93.170.152.201	32	NAB	None	2020-10-30 00:00:00	2021-01-28 00:00:00	None	HIVE Case #4238 COLS-NA-TIP-20-0344 (IP=201,UA)
93.174.95.106	32	srm	None	2021-05-11 00:00:00	2021-08-09 00:00:00	None	Firepower Suspicious Scan Activity (IP=106,GB)
93.174.95.106	24	ZH	None	2021-06-01 00:00:00	2021-08-30 00:00:00	None	HTTP: Microsoft Windows HTTP.sys Remote Code Execution - TT# 20C02453 (IP=106,MA) | updated by ZH Block was inactive. Reactivated on 20210601 with reason INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire Rep
93.174.95.106	24	KF	None	2020-04-07 00:00:00	2021-08-30 00:00:00	None	HTTP: Microsoft Windows HTTP.sys Remote Code Execution - TT# 20C02453 (IP=106,MA) | updated by ZH Block was inactive. Reactivated on 20210601 with reason INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire Rep
93.175.192.0	20	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	UA Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
93.176.183.189	24	EE	None	2021-04-02 00:00:00	2021-07-01 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=189,ES)
93.177.75.180	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	FR TO-S-2020-0331 Malware Activity
93.177.75.218	24	RB	None	2021-01-09 00:00:00	2021-04-09 00:00:00	None	SERVER-WEBAPP JBoss JMX console access attempt - Sourcefire (IP=218,FR)
93.179.120.0	22	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	RU Hive Case 4187 TO-S-2021-0898 Malicious Web Application Activity
93.179.127.37	24	RT	None	2021-06-29 00:00:00	2021-09-27 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire Report (IP=37,CN)
93.182.72.146	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	TR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
93.184.6.22	24	WR	None	2021-06-23 00:00:00	2021-09-21 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt (1:19559:13) - Sourcefire Report (IP=22,PS)
93.185.104.30	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=30,CZ)
93.185.208.0	20	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	UA TO-S-2020-0298 Malicious Email Activity
93.185.96.0	20	TLM	None	2021-06-14 00:00:00	2021-12-14 00:00:00	None	HIVE Case #5590 TO-S-2021-1276 (IP=0,CZ)
93.185.98.121	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	CZ TO-S-2020-0331 Malicious Email Activity
93.186.193.139	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	DE TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
93.186.250.99	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=99,IT)
93.189.40.0	21	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,RU)
93.190.137.24	32	dbc	None	2020-06-08 00:00:00	2021-06-08 00:00:00	None	Unafiliated TO-S-2020-0592 Malicious Email Activity
93.191.156.182	32	NAB	None	2021-04-05 00:00:00	2021-07-04 00:00:00	None	HIVE Case #5201 TO-S-21-1209 (IP=182,DK)
93.197.74.166	32	dbc	None	2020-06-04 00:00:00	2021-06-04 00:00:00	None	DE TO-S-2020-0587 Malicious Email Activity
93.209.34.185	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	DE Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
93.222.85.68	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	DE TO-S-2020-0303 Malicious Email Activity
93.227.147.99	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	DE TO-S-2020-0303 Malicious Email Activity
93.238.228.216	24	SW	None	2021-05-24 00:00:00	2021-08-23 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - Web Attacks (IP=216,DE)
93.254.89.3	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	DE TO-S-2020-0298 Malicious Email Activity
93.33.209.139	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	IT TO-S-2020-0298 Malicious Email Activity
93.34.90.43	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	IT TO-S-2020-0698 Malware Activity
93.38.113.119	24	RR	None	2021-09-22 00:00:00	2021-12-21 00:00:00	None	SERVER-WEBAPP Drupal 8 remote code execution attempt - SourceFire (IP=119,IT)
93.39.235.160	24	RR	None	2020-12-06 00:00:00	2021-03-06 00:00:00	None	SSH User Authentication Brute Force Attempt - Failed Logons (IP=160,IT)
93.41.152.26	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	IT TO-S-2020-0303 Malicious Email Activity
93.41.240.77	24	DT	None	2021-02-23 00:00:00	2021-05-24 00:00:00	None	SERVER-WEBAPP LifeRay arbitrary Java object deserialization attempt - SourceFire (IP=77,IT)
93.43.219.6	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	IT Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
93.43.35.161	24	EE	None	2021-03-15 00:00:00	2021-06-13 00:00:00	None	SERVER-WEBAPP Liferay arbitrary Java object deserialization attempt - Web Attack (IP=161,IT)
93.48.137.242	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	IT TO-S-2020-0303 Malicious Email Activity
93.48.40.10	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	IT TO-S-2020-0303 Malicious Email Activity
93.51.133.3	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	IT TO-S-2020-0303 Malicious Email Activity
93.51.29.92	24	CR	None	2019-01-01 06:00:00	2021-08-20 00:00:00	None	Failed password for invalid user (IP=92,IT) | updated by RB Block was inactive. Reactivated on 20210522 with reason HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - 6hr web attacks (IP=92,IT)
93.51.50.171	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	IT TO-S-2021-0876 Hive Case 4166 Malware Activity
93.54.106.119	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=119,IT)
93.56.26.2	32	dbc	None	2020-05-22 00:00:00	2021-05-27 00:00:00	None	Unafilliated TO-S-2020-0559 Malicious Email Activity | updated by dbc Block expiration extended with reason Unafilliated TO-S-2020-0559.01 Malicious Email Activity
93.61.135.4	24	AR	None	2021-09-08 00:00:00	2021-12-07 00:00:00	None	SERVER-WEBAPP Novell GroupWise Internet Agent content-length integer overflow attempt - Web Attacks (IP=4,IT)
93.63.115.100	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	IT TO-S-2021-0941 Hive Case 4361 Malicious Web Application Activity
93.63.84.182	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	IT Hive Case 4237 TO-S-2021-0910 Malware Activity
93.66.60.179	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	IT Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
93.67.216.230	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	IT TO-S-2020-0298 Malicious Email Activity
93.71.9.21	24	RW	None	2020-10-20 00:00:00	2021-01-20 00:00:00	None	SERVER-WEBAPP Linksys E-series HNAP TheMoon remote code execution attempt - Sourcefire (IP=21,IT)
93.71.94.67	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	IT TO-S-2020-0303 Malicious Email Activity
93.80.55.51	24	EE	None	2020-12-31 00:00:00	2021-03-31 00:00:00	None	SSH User Authentication Brute Force Attempt - 6 HR Failed Logons (IP=51,RU)
93.81.149.203	24	RR	None	2021-07-29 00:00:00	2021-10-27 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - Failed Logons (IP=203,RU)
93.89.20.2	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	HIVE Case #3723 COLS-NA-TIP-20-0275 (IP=2,TR)
93.89.224.101	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	TR TO-S-2020-0535 Malware Activity
93.89.224.214	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	TR TO-S-2021-1007 Malicious Email Activity
93.89.224.5	32	NAB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HIVE Case #5136 TO-S-21-1197 TO-S-21-1197.01 (IP=5,TR)
93.89.66.131	24	RB	None	2021-05-10 00:00:00	2021-08-08 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - Sourcefire (IP=131,TR)
93.90.203.144	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	DE TO-S-2020-0298 Malware Activity
93.90.203.233	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	DE TO-S-2020-0298 Malware Activity
93.90.203.238	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	DE TO-S-2020-0298 Malware Activity
93.90.203.41	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	DE TO-S-2020-0298 Malware Activity
93.92.216.0	21	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	RU TO-S-2020-0331 Malicious Web Application Activity
93.94.152.0	21	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,RU)
93.95.136.0	21	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=0,RU)
93.96.105.43	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	GB TO-S-2020-0493 Malware Activity
93.99.104.103	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	CZ TO-S-2021-0876 Hive Case 4166 Malicious Web Application Activity
93.99.104.106	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	CZ TO-S-2021-1007 Malware Activity
93.99.104.127	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	CZ Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
93.99.104.127	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	CZ Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
93.99.104.137	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	CZ TO-S-2021-1007 Malware Activity
93.99.104.168	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	CZ TO-S-2021-1007 Malware Activity
93.99.104.175	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	CZ TO-S-2021-1007 Malware Activity
93.99.104.176	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	CZ TO-S-2021-1007 Malware Activity
93.99.104.179	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	CZ TO-S-2021-0876 Hive Case 4166 Malicious Web Application Activity
93.99.104.18	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	CZ TO-S-2021-0876 Hive Case 4166 Malicious Web Application Activity
93.99.104.180	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	CZ TO-S-2021-1007 Malicious Web Application Activity
93.99.104.208	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	CZ TO-S-2021-0876 Hive Case 4166 Malicious Web Application Activity
93.99.104.218	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	CZ TO-S-2021-0876 Hive Case 4166 Malicious Web Application Activity
93.99.49.50	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	CZ TO-S-2020-0331 Malicious Web Application Activity
94.100.0.0	20	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	LV TO-S-2021-1007 Malware Activity
94.100.28.214	24	EE	None	2021-08-18 00:00:00	2021-11-15 00:00:00	None	HIVE Case #5918 IOC_LOKIBOT (IP=214,NL)
94.100.32.0	20	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	IT TO-S-2020-0331 Malicious Web Application Activity
94.102.210.58	32	dbc	None	2020-09-01 00:00:00	2021-09-01 00:00:00	None	JP HIVE Case #3744 TO-S-2020-0772 Malicious Email Activity
94.102.220.23	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	DE Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
94.102.224.0	20	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	ME Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
94.102.49.193	24	ZH	None	2021-06-18 00:00:00	2021-09-16 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - Sourcefire Rpt (IP=193,UK)
94.102.50.145	32	NAB	None	2020-10-30 00:00:00	2021-01-28 00:00:00	None	HIVE Case #4238 COLS-NA-TIP-20-0344 (IP=145,NL)
94.102.51.38	32	NAB	None	2021-07-02 00:00:00	2021-09-30 00:00:00	None	HIVE Case #NA FP Security (IP=38,NL)
94.103.82.249	24	EBT	None	2020-04-21 00:00:00	2021-04-21 00:00:00	None	HIVE Case# 2609 COVID-19_IOCs (IP=249,NL)
94.110.36.63	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	BE Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
94.112.188.50	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	CZ TO-S-2021-1007 Malware Activity
94.120.173.110	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=110,TR)
94.122.221.92	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	US TO-S-2020-0303 Malicious Email Activity
94.124.155.186	24	GM	None	2021-02-14 00:00:00	2021-05-14 00:00:00	None	OS-OTHER Bash CGI environment variable injection attempt - Web Attacks (IP=186,FR)
94.124.239.55	24	SW	None	2021-08-01 00:00:00	2021-10-30 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=55, FR)
94.124.93.172	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	NL TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
94.126.169.101	32	dbc	None	2020-01-08 00:00:00	2021-01-08 00:00:00	None	PT TO-S-2020-0236 Malicious Email Activity
94.126.169.122	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	PT TO-S-2020-0750 Malicious Email Activity
94.126.169.141	32	dbc	None	2020-06-08 00:00:00	2021-06-08 00:00:00	None	Unafiliated TO-S-2020-0592 Malicious Email Activity
94.126.169.39	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	PT Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
94.126.40.154	32	dbc	None	2020-01-08 00:00:00	2021-01-08 00:00:00	None	GB TO-S-2020-0236 Malicious Email Activity
94.129.73.177	24	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=177,KW)
94.13.73.41	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	GB TO-S-2020-0493 Malware Activity
94.130.224.254	32	NAB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HIVE Case #5136 TO-S-21-1197 TO-S-21-1197.01 (IP=254,DE)
94.130.246.164	32	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	DE TO-S-2020-0315 Malicious Email Activity
94.130.71.197	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	DE Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
94.134.125.28	24	BMP	None	2021-08-13 00:00:00	2021-11-11 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=28,DE)
94.136.149.188	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	SK TO-S-2020-0331 Malicious Web Application Activity
94.136.69.199	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=199,SE)
94.136.69.228	32	srm	None	2021-01-29 00:00:00	2021-04-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=228,SE)
94.138.130.0	24	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	RU Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
94.138.132.0	24	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=0,RU)
94.138.202.230	32	wmp	None	2020-09-16 00:00:00	2021-10-21 00:00:00	None	HIVE Case #3909 COLS-NA-TIP-20-0296 (IP=230,TR) | updated by dbc Block expiration extended with reason TR TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
94.138.202.232	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	TR Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
94.138.203.100	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=100,TR)
94.138.203.170	32	wmp	None	2020-08-26 00:00:00	2021-10-21 00:00:00	None	HIVE Case #3650 COLS-NA-TIP-20-0271 (IP=170,TR) | updated by dbc Block expiration extended with reason TR TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
94.138.217.202	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	TR Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
94.138.218.118	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	TR TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
94.139.73.174	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	NO TO-S-2020-0493 Malware Activity
94.140.112.0	21	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	LV TO-S-2020-0331 Malware Activity
94.141.152.250	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	PL TO-S-2020-0298 Malicious Email Activity
94.141.241.0	24	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	KZ Hive Case 4187 TO-S-2021-0898 Malware Activity
94.141.64.0	19	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5637 TO-S-2021-1321 (IP=0,UZ)
94.142.13.0	21	jkc	None	2021-04-21 00:00:00	2021-10-21 00:00:00	None	Case # 5273 IOC_TO-S-2021-1233 Malicious callback IP
94.154.129.167	24	RB	None	2021-04-01 00:00:00	2021-06-30 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=167,SC)
94.154.17.170	32	srm	None	2021-01-29 00:00:00	2021-04-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=170,PL)
94.154.26.126	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	PL Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
94.154.80.0	21	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	RU Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
94.158.144.0	20	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	GB TO-S-2020-0303 Malicious Email Activity
94.158.22.179	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	FR Hive Case 4237 TO-S-2021-0910 Malware Activity
94.158.244.43	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
94.158.32.0	20	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	UA TO-S-2020-0331 Malware Activity
94.16.117.236	24	GED	None	2020-12-07 00:00:00	2021-03-07 00:00:00	None	HIVE Case #NA FP CIO Policy (IP=236,DE)
94.173.185.223	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	GB TO-S-2020-0298 Malicious Email Activity
94.177.184.106	24	RB	None	2021-05-14 00:00:00	2021-08-12 00:00:00	None	SERVER-WEBAPP Liferay arbitrary Java object deserialization attempt - 6hr web attacks (IP=106,IT)
94.177.245.174	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	DE Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
94.177.32.0	20	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	RO TO-S-2020-0298 Malicious Email Activity
94.177.48.0	21	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	RO TO-S-2020-0331 Malicious Web Application Activity
94.177.80.0	21	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	RO TO-S-2020-0331 Malicious Web Application Activity
94.187.1.63	24	BMP	None	2020-12-06 00:00:00	2021-03-06 00:00:00	None	SERVER-WEBAPP HTTP SQL Injection Attempt - 6hr Web Attacks (IP=63,LB)
94.187.3.205	24	RW	None	2021-07-23 00:00:00	2021-10-21 00:00:00	None	Adobe ColdFusion Administrator Access Restriction - Web Attacks (IP=205,LB)
94.189.142.87	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	RS TO-S-2020-0331 Malicious Web Application Activity
94.190.180.196	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	BG Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
94.191.10.49	24	EE	None	2021-03-27 00:00:00	2021-06-25 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=49,CN)
94.191.137.83	24	RB	None	2021-05-16 00:00:00	2021-08-14 00:00:00	None	SQL injection - 6hr web attacks (IP=83,SE)
94.191.152.8	24	RR	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	SQL use of sleep function in HTTP header - likely SQL injection attempt (1:38993:9) - SourceFire (IP=8,SW)
94.191.153.37	24	BMP	None	2021-03-27 00:00:00	2021-06-25 00:00:00	None	HTTP: Blind SQL Injection - Timing - 6hr Web Attacks (IP=37,SE)
94.191.154.42	24	KH	None	2021-07-09 00:00:00	2021-10-07 00:00:00	None	High Attacker Suspicious Scan Activity - ArcSight ESM (IP=42,SE)
94.191.64.0	20	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	CN TO-S-2020-0331 Malicious Web Application Activity
94.191.80.0	20	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,CN)
94.191.81.150	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	CN TO-S-2020-0298 Malicious Email Activity
94.198.232.0	21	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	RU TO-S-2020-0298 Malicious Email Activity
94.198.243.109	24	RW	None	2021-03-10 00:00:00	2021-06-10 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=109,RU)
94.199.178.186	32	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	HU TO-S-2020-0838 Malicious Email Activity
94.2.140.175	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	GB Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
94.2.247.247	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	GB Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
94.2.33.60	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	GB TO-S-2020-0331 Malicious Web Application Activity
94.20.64.0	24	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,AZ)
94.208.19.77	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	NL TO-S-2020-0459 Malware Activity
94.210.192.117	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	NL TO-S-2020-0459 Malware Activity
94.212.128.86	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	NL TO-S-2020-0459 Malware Activity
94.212.229.94	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	NL TO-S-2020-0459 Malware Activity
94.212.229.94	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	NL TO-S-2020-0459 Malware Activity
94.212.72.210	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	NL TO-S-2020-0298 Malicious Email Activity
94.228.207.1	32	jkc	None	2020-06-26 00:00:00	2021-06-26 00:00:00	None	Case # 3146 - IOC_ CTO 20-172 malicious callback IP (ip=1,RU)
94.229.173.106	32	wmp	None	2020-07-30 00:00:00	2021-09-23 00:00:00	None	HIVE Case #3433 COLS-NA-TIP-20-0238 (IP=106,GB) | updated by dbc Block expiration extended with reason GB TO-S-2020-0826 Hive Case 3950 Malicious Email Activity
94.229.173.107	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	GB Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
94.229.72.117	32	GL	None	2020-10-30 00:00:00	2021-01-28 00:00:00	None	HIVE Case #4236 COLSNATIP200339 (IP=117,GB)
94.229.72.118	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	GB TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
94.229.72.121	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	GB TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
94.229.72.121	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	GB TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
94.229.72.121	32	jkc	None	2020-12-11 00:00:00	2021-12-11 00:00:00	None	GB TO-S-2021-0989 Hive Case # 4493 Malicious Email Activity
94.229.72.122	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	GB Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
94.23.0.54	32	kmw	None	2020-01-02 00:00:00	2021-01-02 00:00:00	None	FR TO-S-2020-0228 Malicious Web Application Activity
94.23.1.135	24	FT	None	2021-04-20 00:00:00	2021-07-19 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=135,FR)
94.23.110.137	32	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5629 TO-S-2021-1303 (IP=137,FR)
94.23.110.137	32	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5629 TO-S-2021-1303 (IP=137,FR)
94.23.12.33	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	FR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
94.23.13.194	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	FR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
94.23.145.156	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	NL TO-S-2020-0331 Malicious Web Application Activity
94.23.146.204	32	NAB	None	2021-04-05 00:00:00	2021-07-04 00:00:00	None	HIVE Case #5201 TO-S-21-1209 (IP=204,NL)
94.23.162.163	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	DE Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
94.23.162.163	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	DE Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
94.23.193.215	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	FR TO-S-2020-0331 Malicious Web Application Activity
94.23.196.177	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	FR TO-S-2020-0298 Malicious Email Activity
94.23.196.95	24	BMP	None	2021-04-17 00:00:00	2021-07-17 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=95,FR)
94.23.199.162	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	FR TO-S-2020-0459 Malware Activity
94.23.205.115	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	FR TO-S-2020-0459 Malware Activity
94.23.205.115	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	FR TO-S-2020-0459 Malware Activity
94.23.208.174	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	FR TO-S-2020-0331 Malware Activity
94.23.5.152	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	FR Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
94.23.5.152	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	FR Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
94.23.61.181	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	FR Hive Case 4237 TO-S-2021-0910 Malware Activity
94.23.65.134	24	RW	None	2021-04-18 00:00:00	2021-07-18 00:00:00	None	SERVER-WEBAPP Liferay arbitrary Java object deserialization attempt - Sourcefire (IP=134,IT)
94.23.95.8	32	TLM	None	2021-07-29 00:00:00	2021-10-27 00:00:00	None	HIVE Case #5884 TO-S-2021-1435 (IP=8,PL)
94.230.192.0	20	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	UA Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
94.232.153.171	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	PL TO-S-2020-0298 Malicious Email Activity
94.232.38.249	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	PL TO-S-2020-0298 Malicious Email Activity
94.232.42.169	32	wmp	None	2021-06-02 00:00:00	2021-09-02 00:00:00	None	ArcSight ESM High Attacker Suspicious Scan Activity (IP=169,RU)
94.232.47.160	24	BMP	None	2021-01-25 00:00:00	2021-04-25 00:00:00	None	RDP - HANDSHAKE [Tunneled MSTS] - FireEye IPS (IP=160,RU)
94.234.44.39	24	RT	None	2021-07-09 00:00:00	2021-10-07 00:00:00	None	SQL injection - 6 HR WebAttack (IP=39,SE)
94.237.64.0	20	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	FI Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
94.237.80.63	24	EE	None	2021-01-13 00:00:00	2021-04-13 00:00:00	None	SERVER-WEBAPP F5 BIG-IP Traffic Management User Interface remote code execution attempt (1:54484:2) - SOURCEFIRE (IP=63,DE)
94.237.90.171	32	dbc	None	2020-01-08 00:00:00	2021-01-08 00:00:00	None	DE TO-S-2020-0236 Malicious Email Activity
94.239.81.158	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	FR TO-S-2020-0459 Malware Activity
94.242.150.23	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	RU TO-S-2020-0331 Command and Control Exploit
94.242.62.112	32	jkc	None	2020-06-26 00:00:00	2021-06-26 00:00:00	None	Case # 3146 - IOC_ CTO 20-172 malicious callback IP (ip=112,RU)
94.243.10.83	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	RU TO-S-2020-0298 Malicious Email Activity
94.244.113.217	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	LT TO-S-2020-0298 Malicious Email Activity
94.244.140.95	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	UA Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
94.244.150.14	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	UA Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
94.244.65.45	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	LT Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
94.245.176.0	20	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	RU TO-S-2020-0331 Malicious Web Application Activity
94.245.60.230	24	RW	None	2020-10-17 00:00:00	2021-01-17 00:00:00	None	Authentication Failed - 6hr Failed Logon (IP=230,SE)
94.249.236.188	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	DE TO-S-2020-0331 Malware Activity
94.249.28.73	32	srm	None	2021-05-11 00:00:00	2021-08-09 00:00:00	None	Firepower Suspicious Scan Activity (IP=73,JO)
94.29.124.175	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	RU Hive Case 4237 TO-S-2021-0910 Malware Activity
94.29.124.175	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	RU Hive Case 4237 TO-S-2021-0910 Malware Activity
94.29.126.157	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	RU Hive Case 4187 TO-S-2021-0898 Malware Activity
94.3.113.51	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	GB Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
94.40.28.109	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	PL TO-S-2020-0303 Malicious Email Activity
94.42.176.125	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	PL TO-S-2020-0298 Malicious Email Activity
94.43.10.212	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=212,GE)
94.43.101.202	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=202,GE)
94.43.139.153	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=153,GE)
94.45.208.19	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	RU TO-S-2020-0303 Malicious Email Activity
94.45.64.0	19	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=0,UA)
94.46.13.234	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	PT TO-S-2021-1007 Malicious Email Activity
94.46.166.92	32	TLM	None	2021-07-29 00:00:00	2021-10-27 00:00:00	None	HIVE Case #5884 TO-S-2021-1435 (IP=92,PT)
94.46.179.70	24	RR	None	2021-01-07 00:00:00	2021-04-07 00:00:00	None	File /etc/passwd Access Attempt Detect - IPS Events (IP=70,NL)
94.46.2.221	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	TR TO-S-2020-0750 Malicious Email Activity
94.47.22.235	24	KH	None	2021-09-04 00:00:00	2021-12-03 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - Failed Logons (IP=235,SY)
94.51.57.16	32	jkc	None	2020-06-26 00:00:00	2021-06-26 00:00:00	None	Case # 3146 - IOC_ CTO 20-172 malicious callback IP (ip=16,RU)
94.52.160.98	24	WR	None	2021-06-27 00:00:00	2021-09-25 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - 6hr Web Attacks (IP=98,RO)
94.55.167.107	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	TR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
94.59.160.0	19	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	AE Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
94.62.199.222	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	PT Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
94.66.189.20	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	GR TO-S-2020-0303 Malicious Email Activity
94.67.89.169	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	GR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
94.69.46.21	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	GR Hive Case 4237 TO-S-2021-0910 Malware Activity
94.69.65.218	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	GR TO-S-2020-0298 Malicious Email Activity
94.70.165.96	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	GR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
94.73.144.194	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	TR TO-S-2020-0303 Malicious Web Application Activity
94.73.145.113	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	TR Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
94.73.148.128	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=128,TR)
94.75.231.82	32	wmp	None	2021-01-27 00:00:00	2021-04-27 00:00:00	None	Suspicious Scan Activity (IP=82,NL)
94.75.98.91	24	FT	None	2021-01-30 00:00:00	2021-04-30 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - 6hr Web Attacks (IP=91,PL)
94.77.225.243	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	SA TO-S-2020-0493 Malware Activity
94.8.99.234	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	GB TO-S-2020-0493 Malware Activity
94.81.7.43	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	IT Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
94.89.40.90	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	IT Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
94.97.64.0	21	TLM	None	2021-06-10 00:00:00	2021-12-10 00:00:00	None	HIVE CASE #5606 TO-S-2021-1338
9481302009.adollarchange.com	---	TLM	None	2021-06-15 00:00:00	2021-09-13 00:00:00	2023-01-19 22:57:33	HIVE Case #5605 TO-S-2021-1338
95.0.171.97	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	TR TO-S-2020-0298 Malicious Email Activity
95.0.5.50	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	TR TO-S-2020-0298 Malicious Email Activity
95.0.72.2	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	TR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
95.1.166.32	32	dbc	None	2020-06-10 00:00:00	2021-06-10 00:00:00	None	TR TO-S-2020-0601 Malware Activity
95.10.205.0	24	ZH	None	2021-08-29 00:00:00	2021-11-27 00:00:00	None	ABC SQL union select - possible sql injection attempt (IP=0,TR)
95.10.236.198	24	RB	None	2021-07-29 00:00:00	2021-10-27 00:00:00	None	HTTP SQL Injection Attempt - 6hr web attacks (IP=198,TR)
95.102.219.184	24	RW	None	2021-02-19 00:00:00	2021-05-19 00:00:00	None	Malicious IP - Hive Case 4962 (IP=184,SK)
95.104.136.181	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	RU TO-S-2020-0298 Malicious Email Activity
95.107.160.0	24	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	AL TO-S-2020-0331 Malicious Web Application Activity
95.107.181.94	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	AL Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
95.109.6.244	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	SE TO-S-2020-0459 Malware Activity
95.110.194.245	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	IT TO-S-2020-0750 Malicious Service Distruption Activity
95.110.225.173	24	RR	None	2021-05-19 00:00:00	2021-08-17 00:00:00	None	SSH2 Failed Login Attempt - Web Attacks (IP=173,IT)
95.110.233.213	24	GM	None	2021-03-29 00:00:00	2021-06-29 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - Web Attacks (IP=213,IT)
95.111.238.190	24	DT	None	2021-06-22 00:00:00	2021-09-22 00:00:00	None	SQL injection - Web Attacks (IP=190,DE)
95.125.22.207	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	ES TO-S-2020-0298 Malicious Email Activity
95.128.161.133	32	jkc	None	2020-06-26 00:00:00	2021-06-26 00:00:00	None	Case # 3146 - IOC_ CTO 20-172 malicious callback IP (ip=133,RU)
95.128.42.147	32	dbc	None	2020-06-08 00:00:00	2021-06-08 00:00:00	None	FR TO-S-2020-0592 Malicious Email Activity
95.128.73.213	32	dbc	None	2020-06-10 00:00:00	2021-06-10 00:00:00	None	Unaffiliated TO-S-2020-0601 Malicious Email Activity
95.129.178.223	24	WR	None	2021-05-21 00:00:00	2021-08-20 00:00:00	None	FTP Login Failed - failed logons (IP=223,RU)
95.13.235.187	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	TR TO-S-2020-0303 Malicious Email Activity
95.130.174.158	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	TR Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
95.131.238.50	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=50,MT)
95.131.238.61	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	MT TO-S-2020-0698 Malware Activity
95.133.158.20	32	srm	None	2021-04-17 00:00:00	2021-07-14 00:00:00	None	Firepower Suspicious Scan Activity (IP=20,UA)
95.135.153.114	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firep0wer Suspicious Scan Activity (IP=114,UA)
95.135.158.12	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=12,UA)
95.136.108.34	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	PT TO-S-2020-0698 Malware Activity
95.136.97.135	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	PT Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
95.137.147.30	24	RR	None	2021-07-23 00:00:00	2021-10-21 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Automated Block (IP=30,GE)
95.137.152.12	24	RR	None	2021-07-27 00:00:00	2021-10-25 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Automated Block (IP=12,GE)
95.137.214.55	24	BB	None	2021-07-30 00:00:00	2021-10-28 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - ABC Report (IP=55,GE)
95.137.248.205	24	RR	None	2021-07-23 00:00:00	2021-10-21 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Automated Block (IP=205,GE)
95.137.251.173	24	RR	None	2021-07-16 00:00:00	2021-10-14 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt (IP=173,GE)
95.14.75.214	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	TR TO-S-2020-0298 Malicious Email Activity
95.141.140.0	24	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=0,KZ)
95.141.36.112	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	IT TO-S-2020-0459 Malware Activity
95.141.36.180	24	EE	None	2021-07-01 00:00:00	2021-09-29 00:00:00	None	HIVE Case #5743 IOC_ Russian GRU Conducting Global Brute Force (IP=180,IT)
95.142.112.28	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	DE TO-S-2021-1007 Malware Activity
95.142.121.24	24	WR	None	2021-06-23 00:00:00	2021-09-21 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt (1:19559:13) - Sourcefire Report (IP=24,PS)
95.142.121.30	32	dbc	None	2020-06-10 00:00:00	2021-06-10 00:00:00	None	US TO-S-2020-0601 Malicious Reconnaissance Activity
95.142.32.0	21	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	RU TO-S-2020-0535 Malicious Email Activity
95.142.44.0	24	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	RU TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
95.142.44.213	32	dbc	None	2020-05-13 00:00:00	2021-05-13 00:00:00	None	Unaffiliated TO-S-2020-0503 Malicious Email Activity
95.142.80.0	20	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	US TO-S-2020-0303 Malicious Email Activity
95.143.207.15	32	NAB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HIVE Case #5136 TO-S-21-1197 TO-S-21-1197.01 (IP=15,SE)
95.143.218.78	32	jkc	None	2020-06-26 00:00:00	2021-06-26 00:00:00	None	Case # 3146 - IOC_ CTO 20-172 malicious callback IP (ip=78,RU)
95.153.32.132	32	dbc	None	2020-06-10 00:00:00	2021-06-10 00:00:00	None	EE TO-S-2020-0601 Malicious Email Activity
95.154.197.67	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	GB TO-S-2020-0750 Malicious Email Activity
95.154.72.0	21	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	RU Hive Case 4187 TO-S-2021-0898 Malware Activity
95.156.113.49	24	BMP	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=49,RU)
95.156.252.0	22	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	IR TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
95.156.90.122	24	RR	None	2021-04-07 00:00:00	2021-07-06 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt (1:19559:13) - SourceFire (IP=122,RU)
95.158.30.195	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	GB TO-S-2020-0303 Malicious Email Activity
95.158.63.201	32	kmw	None	2020-01-02 00:00:00	2021-01-02 00:00:00	None	UA TO-S-2020-0228 Malicious Web Application Activity
95.161.150.22	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	RU TO-S-2020-0331 Malicious Web Application Activity
95.161.228.0	22	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	RU Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
95.165.87.94	32	jkc	None	2020-06-26 00:00:00	2021-06-26 00:00:00	None	Case # 3146 - IOC_ CTO 20-172 malicious callback IP (ip=94,RU)
95.168.183.112	32	dbc	None	2020-03-24 00:00:00	2021-03-24 00:00:00	None	GB TO-S-2020-0369 Malicious Email Activity
95.168.191.31	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	GB TO-S-2020-0750 Malicious Email Activity
95.168.98.177	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	HR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
95.169.181.68	32	dbc	None	2020-09-17 00:00:00	2021-09-17 00:00:00	None	DE TO-S-2020-0805 Malicious Email Activity
95.169.31.171	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	US TO-S-2020-0493 Malware Activity
95.17.198.199	24	DT	None	2021-06-24 00:00:00	2021-09-22 00:00:00	None	SERVER-WEBAPP GPON Router authentication bypass and command injection attempt - Web Attacks (IP=199,ES)
95.170.113.229	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	RU TO-S-2020-0303 Malicious Email Activity
95.170.113.242	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	RU TO-S-2020-0298 Malicious Email Activity
95.170.255.203	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	SK TO-S-2020-0303 Malicious Email Activity
95.171.134.37	24	KH	None	2021-09-05 00:00:00	2021-12-04 00:00:00	None	Drupal Core CVE-2018-7600 Form Rendering Post_render RCE - FE IPS (IP=37,FR)
95.172.18.26	32	dbc	None	2020-06-08 00:00:00	2021-06-08 00:00:00	None	Unafiliated TO-S-2020-0592 Malicious Email Activity
95.173.161.167	32	NAB	None	2020-10-30 00:00:00	2021-01-28 00:00:00	None	HIVE Case #4238 COLS-NA-TIP-20-0344 (IP=167,TR)
95.173.240.229	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	TR TO-S-2020-0331 Malicious Web Application Activity
95.174.107.52	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	RU TO-S-2020-0303 Malicious Email Activity
95.174.167.42	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	FR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
95.174.66.181	24	DT	None	2021-08-25 00:00:00	2021-11-23 00:00:00	None	Adobe ColdFusion Administrator Access Restriction - Web Attacks (IP=181,NO)
95.174.99.0	24	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	RU Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
95.178.215.244	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	HR TO-S-2020-0331 Malicious Web Application Activity
95.179.128.0	20	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5637 TO-S-2021-1321 (IP=0,NL)
95.179.128.174	24	CR	None	2021-05-18 00:00:00	2021-08-30 00:00:00	None	Cisco ASA/Firepower CVE-2020-3452 Read-Only Path Traversal - IPS Events (IP=174,NL) | updated by RR Block expiration extended with reason Adobe ColdFusion Administrator Access Restriction - Web Attacks (IP=174,NL) | updated by RW Block expiration exten
95.179.145.105	24	BMP	None	2021-09-03 00:00:00	2021-12-02 00:00:00	None	SERVER-OTHER OpenSSL TLSv1.1 heartbeat read overrun attempt (1:30524:5) - SourceFire (IP=105,NL)
95.179.163.186	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	DE TO-S-2020-0750 Malware Activity
95.179.169.29	32	dbc	None	2020-03-24 00:00:00	2021-03-24 00:00:00	None	DE TO-S-2020-0369 Malware Activity
95.179.223.243	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	FR TO-S-2021-1007 Malicious Web Application Activity
95.179.229.244	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	GB TO-S-2021-0876 Hive Case 4166 Malware Activity
95.179.252.217	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	NL Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
95.18.206.124	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	ES TO-S-2020-0303 Malicious Email Activity
95.180.176.0	20	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	MK Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
95.181.152.0	24	NAB	None	2021-04-05 00:00:00	2021-07-04 00:00:00	None	HIVE Case #5201 TO-S-21-1209 (IP=0,RU)
95.181.157.0	24	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	RU TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
95.181.164.0	24	NAB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HIVE Case #5136 TO-S-21-1197 TO-S-21-1197.01 (IP=0,RU)
95.181.172.95	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	RU Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
95.181.176.0	21	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	RU Hive Case 4237 TO-S-2021-0910 Malware Activity
95.181.236.11	32	RT	None	2021-09-20 00:00:00	2021-12-19 00:00:00	None	OpenVAS Scanning Activity - FireEye IPS (11,US)
95.181.240.0	21	TLM	None	2021-06-16 00:00:00	2021-12-16 00:00:00	None	HIVE Case #5629 TO-S-2021-1303 (IP=0,RU)
95.181.252.0	22	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	RU TO-S-2020-0331 Malicious Web Application Activity
95.188.87.175	24	AR	None	2021-07-19 00:00:00	2021-10-17 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - 6 Hr Web Attack (IP=175,RU)
95.211.123.77	32	NAB	None	2021-05-11 00:00:00	2021-11-11 00:00:00	None	HIVE Case #NA FP Security (IP=77,NL)
95.211.189.20	32	GED	None	2020-12-04 00:00:00	2021-03-04 00:00:00	None	HIVE Case #NA FP CIO Policy (IP=20,NL)
95.211.219.67	32	NAB	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	HIVE Case #NA FP Security (IP=67,NL)
95.211.95.232	24	EE	None	2021-04-20 00:00:00	2021-12-28 00:00:00	None	HIVE Case #6266 IOC_CVE-2021-22005 (IP=232,NL) | updated by EE Block was inactive. Reactivated on 20210929 with reason HIVE Case #6266 IOC_CVE-2021-22005 (IP=232,NL) HIVE Case #6266 IOC_CVE-2021-22005 (IP=232,NL)
95.211.95.232	24	EE	None	2021-04-20 00:00:00	2021-12-28 00:00:00	None	HIVE Case #6266 IOC_CVE-2021-22005 (IP=232,NL) | updated by EE Block was inactive. Reactivated on 20210929 with reason HIVE Case #6266 IOC_CVE-2021-22005 (IP=232,NL) HIVE Case #6266 IOC_CVE-2021-22005 (IP=232,NL)
95.211.95.232	24	EE	None	2021-04-20 00:00:00	2021-12-28 00:00:00	None	HIVE Case #6266 IOC_CVE-2021-22005 (IP=232,NL) | updated by EE Block was inactive. Reactivated on 20210929 with reason HIVE Case #6266 IOC_CVE-2021-22005 (IP=232,NL) HIVE Case #6266 IOC_CVE-2021-22005 (IP=232,NL)
95.211.95.232	24	EE	None	2021-09-29 00:00:00	2021-12-28 00:00:00	None	HIVE Case #6266 IOC_CVE-2021-22005 (IP=232,NL) | updated by EE Block was inactive. Reactivated on 20210929 with reason HIVE Case #6266 IOC_CVE-2021-22005 (IP=232,NL) HIVE Case #6266 IOC_CVE-2021-22005 (IP=232,NL)
95.211.95.232	24	EE	None	2021-09-29 00:00:00	2021-12-28 00:00:00	None	HIVE Case #6266 IOC_CVE-2021-22005 (IP=232,NL)
95.213.144.152	24	DT	None	2021-03-13 00:00:00	2021-06-13 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=152,RU)
95.214.11.39	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	Unaffiliated TO-S-2020-0535 Malicious Email Activity
95.214.113.16	32	BMP	None	2021-01-04 00:00:00	2021-04-04 00:00:00	None	HTTP: Detect PHP-CGI Remote code Execution vulnerability - 6hr Web Attacks (IP=16,US)
95.214.235.160	24	RB	None	2021-05-15 00:00:00	2021-08-13 00:00:00	None	SQL injection - 6hr web attacks (IP=160,UA)
95.214.52.219	32	BB	None	2021-09-07 00:00:00	2021-12-06 00:00:00	None	Known Attack Tool User Agent V2 - TT# 21C01769 (IP= 219, US)
95.214.52.33	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=33,PL)
95.214.52.64	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	Firepower Suspicious Scan Activity (IP=64,PL)
95.214.54.166	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=166,PL)
95.215.16.0	22	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	SE TO-S-2020-0535 Malware Activity
95.215.225.11	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	GB TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
95.215.44.0	22	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	LV TO-S-2021-0876 Hive Case 4166 Malware Activity
95.216.161.60	24	CR	None	2021-07-12 00:00:00	2021-10-12 00:00:00	None	Bot Networks - Inbound (IP=60,FL)
95.216.26.57	32	wmp	None	2020-07-29 00:00:00	2021-09-28 00:00:00	None	HIVE Case #3421 COLS-NA-TIP-20-0234 (IP=57,FI) | updated by NAB Block was inactive. Reactivated on 20210630 with reason HIVE Case #NA FP Security (IP=57,FI) HIVE Case #NA FP Security (IP=57,FI)
95.216.26.57	32	NAB	None	2021-06-30 00:00:00	2021-09-28 00:00:00	None	HIVE Case #3421 COLS-NA-TIP-20-0234 (IP=57,FI) | updated by NAB Block was inactive. Reactivated on 20210630 with reason HIVE Case #NA FP Security (IP=57,FI) HIVE Case #NA FP Security (IP=57,FI)
95.216.26.57	32	wmp	None	2020-08-25 00:00:00	2021-09-28 00:00:00	None	HIVE Case #3421 COLS-NA-TIP-20-0234 (IP=57,FI) | updated by NAB Block was inactive. Reactivated on 20210630 with reason HIVE Case #NA FP Security (IP=57,FI) HIVE Case #NA FP Security (IP=57,FI)
95.217.250.107	24	BMP	None	2021-06-16 00:00:00	2021-09-14 00:00:00	None	SQL injection - 6hr Web Attacks (IP=107,FI)
95.217.7.78	32	srm	None	2021-02-05 00:00:00	2021-05-06 00:00:00	None	HIVE Case #Firepower Firepower (IP=78,FI)
95.217.79.199	24	KH	None	2021-07-12 00:00:00	2021-10-10 00:00:00	None	SQL injection - 6 hr Web Attacks (IP=199,FI)
95.223.116.162	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	DE TO-S-2020-0331 Malware Activity
95.226.149.56	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	IT TO-S-2020-0331 Malicious Web Application Activity
95.230.90.17	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	IT TO-S-2020-0331 Malicious Web Application Activity
95.234.100.48	24	AR	None	2021-07-18 00:00:00	2021-10-16 00:00:00	None	OS-OTHER Bash CGI environment variable injection attempt (1:31978:5) - SourceFire (IP=48,IT)
95.234.13.104	24	GM	None	2020-10-16 00:00:00	2021-01-16 00:00:00	None	SERVER-WEBAPP Zyxel NAS devices command injection attempt - Sourcefire (IP=104,IT)
95.234.184.217	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	IT Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
95.235.28.40	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	IT TO-S-2020-0303 Malicious Email Activity
95.236.141.147	24	KH	None	2021-09-05 00:00:00	2021-12-04 00:00:00	None	Drupal Core CVE-2018-7600 Form Rendering Post_render RCE - FE IPS (IP=147,IT)
95.238.40.183	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	IT Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
95.239.79.156	32	dbc	None	2020-07-29 00:00:00	2021-07-29 00:00:00	None	IT TO-S-2020-0698 Malicious Email Activity
95.241.143.38	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	IT TO-S-2020-0331 Malicious Web Application Activity
95.242.183.140	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	IT TO-S-2020-0331 Malicious Web Application Activity
95.244.184.202	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	IT TO-S-2020-0459 Malware Activity
95.245.72.100	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	IT TO-S-2020-0331 Malicious Web Application Activity
95.246.41.56	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	IT TO-S-2020-0331 Malicious Web Application Activity
95.250.118.111	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	IT TO-S-2020-0303 Malicious Email Activity
95.255.93.189	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	IT Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
95.32.161.48	32	srm	None	2021-04-26 00:00:00	2021-07-25 00:00:00	None	Firepower Suspicious Scan Activity (IP=48,RU)
95.32.163.9	32	srm	None	2021-05-19 00:00:00	2021-08-17 00:00:00	None	Firepower Suspicious Scan Activity (IP=9,RU)
95.32.192.0	19	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	RU TO-S-2021-1007 Malicious Web Application Activity
95.32.35.159	32	srm	None	2021-04-27 00:00:00	2021-07-26 00:00:00	None	Firepower Suspicious Scan Activity (IP=159,RU)
95.32.70.23	32	srm	None	2021-05-19 00:00:00	2021-08-17 00:00:00	None	Firepower Suspicious Scan Activity (IP=23,RU)
95.33.107.225	24	BMP	None	2020-10-06 00:00:00	2021-01-06 00:00:00	None	HTTP: WordPress Portable phpMyAdmin Plugin Authentication Bypass Vulnerability - 6hr Web Attacks (IP=225,DE)
95.42.217.99	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	BG TO-S-2020-0298 Malicious Email Activity
95.42.79.4	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	BG TO-S-2020-0298 Malicious Email Activity
95.43.96.0	20	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	BG TO-S-2020-0331 Malicious Web Application Activity
95.58.224.0	19	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	KZ Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
95.58.64.0	19	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=0,KZ)
95.58.91.82	24	RB	None	2021-03-24 00:00:00	2021-06-22 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - 6hr web attacks (IP=82 KZ)
95.59.207.66	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	KZ TO-S-2021-0949 Hive Case 4363 Malicious Email Activity
95.6.22.0	24	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	TR TO-S-2020-0331 Malicious Web Application Activity
95.6.28.138	32	srm	None	2021-01-29 00:00:00	2021-04-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=138,TR)
95.6.30.106	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	TR TO-S-2020-0303 Malicious Email Activity
95.6.31.178	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	TR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
95.6.35.136	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	TR TO-S-2020-0303 Malicious Email Activity
95.6.4.106	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	TR TO-S-2020-0298 Malicious Email Activity
95.6.52.31	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	TR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
95.6.72.163	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	TR TO-S-2020-0298 Malicious Email Activity
95.61.104.118	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	ES TO-S-2020-0303 Malicious Email Activity
95.66.196.63	32	srm	None	2021-03-31 00:00:00	2021-06-29 00:00:00	None	Firepower Suspicious Scan Activity (IP=63,RU)
95.67.36.114	24	BMP	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt (1:45749:2) - SourceFire (IP=114,UA)
95.69.240.0	21	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	UA TO-S-2020-0331 Malicious Web Application Activity
95.70.140.244	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	TR TO-S-2020-0303 Malicious Email Activity
95.70.151.187	24	BB	None	2021-07-26 00:00:00	2021-10-24 00:00:00	None	INDICATOR-SCAN SSH brute force login attempt - Failed Logon (IP=187,TR)
95.70.158.212	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	TR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
95.70.220.250	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=250,TR)
95.70.221.85	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	TR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
95.70.240.201	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	TR TO-S-2020-0303 Malicious Email Activity
95.70.248.198	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	TR TO-S-2020-0298 Malicious Email Activity
95.71.246.2	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	RU Hive Case 4237 TO-S-2021-0910 Malware Activity
95.85.107.192	24	RB	None	2020-11-16 00:00:00	2021-02-14 00:00:00	None	FTP Login Failed - 6hr failed logon (IP=192,TM)
95.85.144.0	21	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	RS TO-S-2021-0876 Hive Case 4166 Malware Activity
95.85.163.99	24	DT	None	2021-06-21 00:00:00	2021-09-19 00:00:00	None	SERVER-WEBAPP MVPower DVR Shell arbitrary command execution attempt - Web Attacks (IP=99,RS)
95.85.176.0	22	NAB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HIVE Case #5136 TO-S-21-1197 TO-S-21-1197.01 (IP=0,RS)
95.85.240.202	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	CZ TO-S-2020-0331 Malicious Web Application Activity
95.85.84.6	24	RR	None	2021-06-06 00:00:00	2021-09-04 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability - 6hr web attacks (IP=6,RU) | updated by RR Block expiration extended with reason HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=6,RU) HTTP: PHPUnit Remote Code Exec
95.85.84.6	24	RR	None	2021-05-24 00:00:00	2021-09-04 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability - 6hr web attacks (IP=6,RU) | updated by RR Block expiration extended with reason HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=6,RU) HTTP: PHPUnit Remote Code Exec
95.85.84.6	24	RB	None	2021-05-10 00:00:00	2021-09-04 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability - 6hr web attacks (IP=6,RU) | updated by RR Block expiration extended with reason HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - Web Attacks (IP=6,RU) HTTP: PHPUnit Remote Code Exec
95.86.192.0	19	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	RU Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
95.86.56.30	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	MK TO-S-2020-0298 Malicious Email Activity
95.9.106.208	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	TR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
95.9.125.195	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	TR TO-S-2020-0331 Malicious Web Application Activity
95.9.176.131	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	TR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
95.9.180.0	24	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	TR TO-S-2021-0876 Hive Case 4166 Malware Activity
95.9.191.170	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	TR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
95.9.201.199	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=199,TR)
95.9.207.130	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	TR TO-S-2020-0298 Malicious Email Activity
95.9.225.179	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	TR TO-S-2020-0303 Malicious Email Activity
95.9.245.47	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	TR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
95.9.55.11	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	TR Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
95.9.97.90	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	TR TO-S-2020-0331 Malicious Web Application Activity
95.94.107.96	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	PT TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
95octane.com	---	GED	None	2020-12-18 00:00:00	2021-03-18 00:00:00	2023-01-19 22:49:38	HIVE Case #NA FP Security
96.125.160.50	32	dbc	None	2020-06-08 00:00:00	2021-06-08 00:00:00	None	US TO-S-2020-0592 Malware Activity
96.125.162.36	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
96.125.164.239	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=239,US)
96.125.174.147	32	jkc	None	2021-04-21 00:00:00	2021-10-21 00:00:00	None	Case # 5273 IOC_TO-S-2021-1233 Malicious callback IP
96.125.179.141	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
96.126.100.24	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
96.126.101.158	32	RW	None	2021-04-19 00:00:00	2021-07-19 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt - Sourcefire (IP=158,US)
96.126.104.132	32	BMP	None	2021-05-25 00:00:00	2021-08-26 00:00:00	None	SERVER-APACHE Apache Struts freemarker tag OGNL expression injection attempt (1:44328:3) - SourceFire (IP=132,US) | updated by RR Block expiration extended with reason SQL injection - Web Attacks (IP=132,US)
96.126.108.212	32	KH	None	2021-08-17 00:00:00	2021-11-15 00:00:00	None	HTTP: Apache Struts2 XML Deserialization Remote Code Execution (CVE-2017-9805) - IR# 21C01567 (IP=212,US)
96.126.108.232	32	DT	None	2021-08-16 00:00:00	2021-11-14 00:00:00	None	HTTP: Apache Struts2 Remote Command Execution Vulnerability - TT# 21C01560 (IP=232,US)
96.126.108.250	32	DT	None	2021-08-16 00:00:00	2021-11-14 00:00:00	None	HTTP: Apache Struts2 Remote Command Execution Vulnerability - TT# 21C01559 (IP=250,US)
96.126.108.30	32	BB	None	2021-08-23 00:00:00	2021-11-21 00:00:00	None	SERVER-APACHE Apache Struts2 blacklisted method redirect - SourceFire (IP=30,US)
96.126.108.64	32	RR	None	2021-07-23 00:00:00	2021-10-22 00:00:00	None	POLICY-OTHER Adobe ColdFusion admin interface access attempt - Web Attacks (IP=64,US) | updated by BB Block expiration extended with reason Adobe ColdFusion Administrator Access Restriction - Web Attacks (IP=64,US)
96.126.116.217	32	NAB	None	2021-01-08 00:00:00	2021-04-08 00:00:00	None	HIVE Case #NA FP Security (IP=217,US)
96.127.101.187	32	UA	None	2021-06-22 00:00:00	2021-09-22 00:00:00	None	APP-DETECT SSH server detected on non-standard port (IP=187,US)
96.127.137.202	32	GM	None	2020-11-21 00:00:00	2021-02-21 00:00:00	None	SSLv2 Client Hello Request Detected - FireEye CMS (IP=202,US)
96.127.158.234	32	RB	None	2017-12-30 06:00:00	2021-01-31 00:00:00	None	ET SCAN Potential SSH Scan (IP=234,US) | updated by GM Block was inactive. Reactivated on 20201031 with reason SSLv2 Client Hello Request Detected - FireEye CMS (IP=234,US)
96.127.90.9	32	UA	None	2021-06-22 00:00:00	2021-09-22 00:00:00	None	APP-DETECT SSH server detected on non-standard port (IP=9,US)
96.2.141.78	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=78,US)
96.23.131.147	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	CA TO-S-2020-0303 Malicious Email Activity
96.245.219.7	32	dbc	None	2020-02-14 00:00:00	2021-02-14 00:00:00	None	US TO-S-2020-0298 Malicious Email Activity
96.250.208.70	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=70,US)
96.27.124.162	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
96.27.172.202	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=202,US)
96.29.131.233	32	dbc	None	2020-06-08 00:00:00	2021-06-08 00:00:00	None	US TO-S-2020-0592 Malware Activity
96.30.11.220	32	dbc	None	2020-09-29 00:00:00	2021-09-29 00:00:00	None	US TO-S-2020-0838 Malicious Email Activity
96.30.11.60	32	dbc	None	2020-09-01 00:00:00	2021-09-01 00:00:00	None	US HIVE Case #3744 TO-S-2020-0772 Malicious Email Activity
96.30.192.141	32	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	US TO-S-2020-0315 Malware Activity
96.31.72.43	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
96.40.83.64	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=64,US)
96.43.111.123	32	GLM	None	2021-04-05 00:00:00	2021-07-04 00:00:00	None	HTTP: ThinkPHP CMS Getshell Vulnerability - Web Attacks (IP=123,US)
96.43.82.79	32	NAB	None	2021-04-05 00:00:00	2021-07-04 00:00:00	None	HIVE Case #5201 TO-S-21-1209 (IP=79,US)
96.44.130.194	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
96.44.134.156	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	US TO-S-2020-0493 Malware Activity
96.44.140.110	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
96.44.186.212	32	dbc	None	2020-02-20 00:00:00	2021-02-20 00:00:00	None	HU TO-S-2020-0303 Malicious Email Activity
96.45.11.197	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	CA Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
96.45.83.55	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	US TO-S-2020-0535 Malware Activity
96.46.21.103	24	EE	None	2020-11-17 00:00:00	2021-02-15 00:00:00	None	SSH Login Failed - 6hr failed logon (IP=103,PT)
96.47.227.14	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	US TO-S-2020-0535 Malicious Email Activity
96.47.230.67	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=67,US)
96.66.253.177	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=177,US)
96.67.224.11	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	Unaffiliated TO-S-2020-0535 Malware Activity
96.69.158.193	32	dbc	None	2020-10-08 00:00:00	2021-10-08 00:00:00	None	HIVE Case #4064 TO-S-2020-0859 (IP=193,US)
96.71.81.12	32	dbc	None	2020-05-21 00:00:00	2021-05-21 00:00:00	None	Unaffiliated TO-S-2020-0535 Malware Activity
96.77.19.17	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=17,US)
96.77.199.81	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=81,US)
96.8.116.43	32	NAB	None	2021-03-26 00:00:00	2021-06-24 00:00:00	None	HIVE Case #5136 TO-S-21-1197 TO-S-21-1197.01 (IP=43,US)
96.8.78.34	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	US Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
96.82.85.125	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=125,US)
96.84.36.89	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=89,US)
96.85.223.110	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=110,US)
96.9.210.37	24	RR	None	2020-12-18 00:00:00	2021-03-18 00:00:00	None	SERVER-WEBAPP Ulterius web server directory traversal attempt - SourceFire (IP=37,SG)
96.9.86.0	24	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	KH Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
96.90.186.49	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=49,US)
96.93.144.249	32	RW	None	2020-10-17 00:00:00	2021-01-17 00:00:00	None	Authentication Failed - 6hr Failed Logon (IP=249,US)
96.95.125.180	32	BMP	None	2020-10-01 00:00:00	2021-01-01 00:00:00	None	HTTP: vBulletin Pre-Auth Remote Code Execution Vulnerability (CVE-2019-16759) - TT# 21C04031 (IP=180,US)
97.105.6.100	32	RW	None	2021-02-18 00:00:00	2021-05-18 00:00:00	None	SSH User Authentication Brute Force Attempt - 6 hr failed logons (IP=100,US)
97.107.130.53	32	BB	None	2021-08-23 00:00:00	2021-11-21 00:00:00	None	SERVER-APACHE Apache Struts2 blacklisted method redirect - SourceFire (IP=53,US)
97.107.130.65	32	BB	None	2021-08-23 00:00:00	2021-11-21 00:00:00	None	SERVER-APACHE Apache Struts2 blacklisted method redirect - SourceFire (IP=65,US)
97.107.132.164	32	EE	None	2021-04-08 00:00:00	2021-07-07 00:00:00	None	SQL injection - Web Attack (IP=164,US)
97.107.132.238	32	NAB	None	2021-04-05 00:00:00	2021-07-04 00:00:00	None	HIVE Case #5201 TO-S-21-1209 (IP=238,US)
97.107.134.12	32	BB	None	2021-08-23 00:00:00	2021-11-21 00:00:00	None	SERVER-APACHE Apache Struts2 blacklisted method redirect - SourceFire (IP=12,US)
97.107.134.124	32	EE	None	2021-01-08 00:00:00	2021-04-08 00:00:00	None	INDICATOR-SCAN DNS version.bind string information disclosure attempt (1:42785:4) - SourceFire (IP=124,US)
97.107.136.50	32	BMP	None	2021-03-23 00:00:00	2021-06-21 00:00:00	None	HTTP: PHPUnit Remote Code Execution Vulnerability (CVE-2017-9841) - 6hr Web Attacks (IP=50,US)
97.107.136.63	32	ZH	None	2021-07-24 00:00:00	2021-10-22 00:00:00	None	POLICY-OTHER Adobe ColdFusion admin interface access attempt - 6hr Web Attacks (IP=63,US)
97.107.141.166	32	RW	None	2020-10-20 00:00:00	2021-01-20 00:00:00	None	SERVER-OTHER limited RSA ciphersuite list - possible Bleichenbacher SSL attack attempt - Sourcefire (IP=166,US)
97.113.81.119	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=119,US)
97.68.55.50	32	DT	None	2020-11-24 00:00:00	2021-02-24 00:00:00	None	SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt - SourceFire (IP=50,US)
97.73.244.183	32	WR	None	2021-06-26 00:00:00	2021-09-24 00:00:00	None	SERVER-OTHER Cisco IOS invalid IKE fragment length memory corruption or exhaustion attempt (3:37675:4) - SourceFire (IP=183,US)
97.74.236.78	32	FT	None	2020-08-06 00:00:00	2021-10-08 00:00:00	None	SQL 1 = 1 - possible sql injection attempt - Web Attacks (IP=78,US) | updated by dbc Block expiration extended with reason HIVE Case #4064 TO-S-2020-0859 (IP=78,US)
97.74.24.41	32	dbc	None	2020-02-24 00:00:00	2021-02-24 00:00:00	None	US TO-S-2020-0322 Malware Activity
97.77.95.230	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=230,US)
97.79.236.49	32	dbc	None	2020-04-23 00:00:00	2021-04-23 00:00:00	None	US TO-S-2020-0459 Malware Activity
97.79.236.50	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
97.80.214.183	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=183,US)
97.82.79.83	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malware Activity
97.84.35.67	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=67,US)
97.84.35.70	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=70,US)
97.84.72.37	32	BMP	None	2021-03-18 00:00:00	2021-06-16 00:00:00	None	SSH User Authentication Brute Force Attempt - 6hr Failed Logons (IP=37,US)
97.93.96.88	32	JKC	None	2021-09-22 00:00:00	2021-12-21 00:00:00	None	HIVE Case #NA AC hunter Excessive TCP attacks (IP=88,US)
97.98.102.104	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=104,US)
9718596570.budgethomeimprovementtips.com	---	TLM	None	2021-06-15 00:00:00	2021-09-13 00:00:00	2023-01-19 22:57:26	HIVE Case #5605 TO-S-2021-1338
9759463140.adollarchange.com	---	TLM	None	2021-06-15 00:00:00	2021-09-13 00:00:00	2023-01-19 22:57:33	HIVE Case #5605 TO-S-2021-1338
98.0.233.62	32	UA	None	2021-08-09 00:00:00	2021-11-07 00:00:00	None	SERVER-WEBAPP PHPUnit PHP remote code execution attempt - 6hr Web Attacks (IP=62,US)
98.100.31.242	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=242,US)
98.109.204.230	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malware Activity
98.124.161.29	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=29,US)
98.124.204.16	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	US Hive Case 4187 TO-S-2021-0898 Malicious Email Activity
98.128.176.49	32	dbc	None	2020-03-04 00:00:00	2021-03-04 00:00:00	None	SE TO-S-2020-0331 Malicious Web Application Activity
98.129.229.50	32	dbc	None	2020-11-19 00:00:00	2021-11-19 00:00:00	None	US TO-S-2021-0941 Hive Case 4361 Malicious Email Activity
98.142.102.130	32	dbc	None	2020-11-03 00:00:00	2021-11-03 00:00:00	None	US Hive Case 4237 TO-S-2021-0910 Malicious Email Activity
98.142.105.106	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=106,US)
98.142.221.42	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
98.142.221.58	32	dbc	None	2020-10-21 00:00:00	2021-10-21 00:00:00	None	US TO-S-2021-0876 Hive Case 4166 Malicious Email Activity
98.142.235.170	32	kmw	None	2020-01-02 00:00:00	2021-01-02 00:00:00	None	US TO-S-2020-0228 Malicious Email Activity
98.142.96.74	32	NAB	None	2021-04-30 00:00:00	2021-10-30 00:00:00	None	HIVE Case #5320 TO-S-21-1247 (IP=74,US)
98.143.104.196	32	dbc	None	2020-08-24 00:00:00	2021-08-24 00:00:00	None	CA TO-S-2020-0750 Malicious Service Distruption Activity
98.143.145.172	32	dbc	None	2020-12-18 00:00:00	2021-12-18 00:00:00	None	US TO-S-2021-1007 Malicious Email Activity
98.143.180.34	32	dbc	None	2020-05-07 00:00:00	2021-05-07 00:00:00	None	US TO-S-2020-0493 Malware Activity
98.151.14.240	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=240,US)
98.155.17.66	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=66,US)
98.173.234.193	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=193,US)
98.174.175.233	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=233,US)
98.174.201.9	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=9,US)
98.175.54.235	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=235,US)
98.176.196.89	32	EE	None	2021-07-14 00:00:00	2021-10-12 00:00:00	None	HIVE Case #5791 IOC_SolarWinds-Serv-U (IP=89,US)
98.178.234.24	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=24,US)
98.191.52.114	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=114,US)
98.210.61.49	32	BMP	None	2020-12-31 00:00:00	2021-03-31 00:00:00	None	SSH User Authentication Brute Force Attempt - 6hr Failed Logons (IP=49,US)
98.221.64.50	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=50,US)
98.225.115.5	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=5,US)
98.240.48.26	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=26,US)
98.247.136.198	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=198,US)
99.108.36.224	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=224,US)
99.159.64.150	32	RR	None	2019-10-25 00:00:00	2021-08-25 00:00:00	None	APP-DETECT failed FTP login attempt - Failed Logons (IP=150,US) | updated by RT Block was inactive. Reactivated on 20210525 with reason FTP Login Failed - 6hr Failed Logons FTP Login Failed - 6hr Failed Logons | updated by RT Block expiration extended
99.159.64.150	32	RT	None	2021-05-25 00:00:00	2021-08-25 00:00:00	None	APP-DETECT failed FTP login attempt - Failed Logons (IP=150,US) | updated by RT Block was inactive. Reactivated on 20210525 with reason FTP Login Failed - 6hr Failed Logons FTP Login Failed - 6hr Failed Logons | updated by RT Block expiration extended
99.159.64.150	32	RT	None	2021-05-26 00:00:00	2021-08-25 00:00:00	None	APP-DETECT failed FTP login attempt - Failed Logons (IP=150,US) | updated by RT Block was inactive. Reactivated on 20210525 with reason FTP Login Failed - 6hr Failed Logons FTP Login Failed - 6hr Failed Logons | updated by RT Block expiration extended
99.159.64.150	32	RT	None	2021-05-26 00:00:00	2021-08-25 00:00:00	None	APP-DETECT failed FTP login attempt - Failed Logons (IP=150,US) | updated by RT Block was inactive. Reactivated on 20210525 with reason FTP Login Failed - 6hr Failed Logons FTP Login Failed - 6hr Failed Logons | updated by RT Block expiration extended
99.192.140.125	32	GED	None	2020-12-04 00:00:00	2021-03-04 00:00:00	None	HIVE Case #NA FP CIO Policy (IP=125,US)
99.197.168.26	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=26,US)
99.231.115.179	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	CA Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
99.252.112.99	32	dbc	None	2020-10-29 00:00:00	2021-10-29 00:00:00	None	CA Hive Case 4187 TO-S-2021-0898 Malicious Reconnaissance Activity
99.65.106.41	32	GLM	None	2021-04-03 00:00:00	2021-07-02 00:00:00	None	Web (HTTP) Attacks (IP=41,US)
99.84.245.92	32	JKC	None	2021-06-08 00:00:00	2021-06-08 00:00:00	None	Malicious IP Hive Case 2977 TIPPER 20-0172 (ip=92, US)
99.90.7.171	32	JKC	None	2021-09-22 00:00:00	2021-12-21 00:00:00	None	HIVE Case #NA AC hunter Excessive TCP attacks (IP=171,US)